| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | While we don't explicitly support curve secp256r1, we can run 1250 tests | tb | 2018-10-04 | 1 | -11/+2 |
| | | | | | against its ANSI equivalent prime256v1 (compare RFC 4492, Appendix A). | ||||
| * | Plug TLS context leak in nc(1) server and client mode. Move | bluhm | 2018-10-04 | 1 | -12/+10 |
| | | | | | | tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@ | ||||
| * | As per POSIX, when str{,r}chr is comparing it should convert c to a char. | martijn | 2018-10-01 | 4 | -8/+10 |
| | | | | | | | | | | | The C implementation of str{,r}chr are not linked to the build, because assembly implementations are used, but change to code for easier reference. At least the i386 and amd64 are checked and seem to do the correct thing. Found thanks to the csh any/strchr change. minor pointers and OK millert@ | ||||
| * | in ECDH, gather statistics where it makes more sense | tb | 2018-09-30 | 1 | -8/+5 |
| | | |||||
| * | bump for LibreSSL 2.8.2 | bcook | 2018-09-30 | 1 | -3/+3 |
| | | |||||
| * | -T applies to ip6 too, apparently; | jmc | 2018-09-25 | 1 | -4/+4 |
| | | | | | from nan xiao | ||||
| * | bump for LibreSSL 2.8.1libressl-v2.8.1 | bcook | 2018-09-23 | 1 | -3/+3 |
| | | |||||
| * | Add a comment on the acceptable RSASSA cases. | tb | 2018-09-22 | 1 | -2/+3 |
| | | |||||
| * | gather statistics in checkAead{Open,Seal}() as well. | tb | 2018-09-22 | 1 | -1/+7 |
| | | |||||
| * | remove some unneeded checks | tb | 2018-09-22 | 1 | -15/+5 |
| | | |||||
| * | gather and print some statistics on the acceptable cases we need to | tb | 2018-09-22 | 1 | -8/+60 |
| | | | | | look into | ||||
| * | more flags printing | tb | 2018-09-22 | 1 | -23/+23 |
| | | |||||
| * | improve logic involving acceptableAudit | tb | 2018-09-22 | 1 | -5/+5 |
| | | |||||
| * | Swap order of "action" and "wt.Flags" in a few fmt.Printfs. | tb | 2018-09-22 | 1 | -17/+17 |
| | | |||||
| * | Introduce a couple of convenience targets to help with auditing the | tb | 2018-09-22 | 2 | -5/+41 |
| | | | | | acceptable cases. | ||||
| * | Print the flags field in INFO: and FAIL: messages. It's helpful in | tb | 2018-09-21 | 1 | -17/+17 |
| | | | | | identifying the important failures while auditing. | ||||
| * | fix order of arguments in fmt.Printf() | tb | 2018-09-18 | 1 | -2/+2 |
| | | |||||
| * | Simplify initialization of asn1_cb; use correct spelling of NULL. | tb | 2018-09-17 | 1 | -4/+2 |
| | | |||||
| * | Move tally mark printing out of the main benchmark loop; ok tb@ | cheloha | 2018-09-17 | 1 | -14/+21 |
| | | |||||
| * | add missing default case to switch | tb | 2018-09-16 | 1 | -1/+3 |
| | | |||||
| * | EVP_aead_chacha20_poly1305() can't actually fail. | tb | 2018-09-16 | 1 | -4/+1 |
| | | |||||
| * | Rename *AesCcmOrGcm* into the slightly less ugly *AesAead*. | tb | 2018-09-16 | 1 | -9/+9 |
| | | |||||
| * | another typo. time to sleep | tb | 2018-09-15 | 1 | -2/+2 |
| | | |||||
| * | typos | tb | 2018-09-15 | 1 | -3/+3 |
| | | |||||
| * | add a brief comment on the acceptable AES CCM and AES GCM cases | tb | 2018-09-15 | 1 | -2/+8 |
| | | |||||
| * | Also exercise EVP_aead_aes_128_gcm() and EVP_aead_aes_256_gcm(). | tb | 2018-09-15 | 1 | -6/+26 |
| | | |||||
| * | rename checkChaCha20Poly1305{Open,Seal}() into checkAead{Open,Seal}(). | tb | 2018-09-15 | 1 | -5/+5 |
| | | |||||
| * | Merge AES CCM, AES GCM and ChaCha20 data structures into | tb | 2018-09-15 | 1 | -42/+21 |
| | | | | | single AEAD types. Will be used in upcoming commits. | ||||
| * | Add missing conversion specifier | tb | 2018-09-15 | 1 | -2/+2 |
| | | |||||
| * | Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x | inoguchi | 2018-09-15 | 1 | -16/+40 |
| | | | | | | | | | - add sleep before s_client instead of removing -pause option - change check words for s_client output messages - replace CAfile to CApath for s_time - remove -prexit from s_client - confirm openssl command path is executable | ||||
| * | Add interoperability test mode for regress appstest.sh | inoguchi | 2018-09-14 | 1 | -35/+79 |
| | | | | | | | | - test s_server and s_client between different version by option -i - indicate other version by defining OTHER_OPENSSL environment variable - fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term - s/SKIPPNG/SKIPPING/ | ||||
| * | sync with mozilla-release (one removal, TURKTRUST, more details at | sthen | 2018-09-12 | 1 | -48/+1 |
| | | | | | | | https://bugzilla.mozilla.org/show_bug.cgi?id=1439127) ok danj guenther millert | ||||
| * | tweak previous; | jmc | 2018-09-12 | 2 | -4/+4 |
| | | |||||
| * | crank to follow minor crank in libcrypto; ok tb@ jsing@ | djm | 2018-09-12 | 2 | -2/+2 |
| | | |||||
| * | Add some accessor functions: | djm | 2018-09-12 | 8 | -17/+138 |
| | | | | | | | RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@ | ||||
| * | Remove now unused code for EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE. | jsing | 2018-09-08 | 4 | -77/+28 |
| | | | | | ok inoguchi@ tb@ | ||||
| * | SSL_MAX_DIGEST is no longer needed. | jsing | 2018-09-08 | 2 | -17/+10 |
| | | |||||
| * | ASN1_OBJECTs should be freed with ASN1_OBJECT_free(3), not with free(3). | tb | 2018-09-08 | 1 | -2/+2 |
| | | | | | ok inoguchi, jsing | ||||
| * | Fix indent and adjust line fit to 80 columns. | inoguchi | 2018-09-08 | 1 | -930/+961 |
| | | |||||
| * | indent labels | tb | 2018-09-08 | 2 | -8/+8 |
| | | |||||
| * | missing word & a couple of typos | tb | 2018-09-08 | 1 | -3/+3 |
| | | |||||
| * | Split test blocks into a function. Test contents are not changed. | inoguchi | 2018-09-08 | 1 | -62/+86 |
| | | |||||
| * | Test more ciphers and randomize the order in regress appstest.sh | inoguchi | 2018-09-08 | 1 | -5/+9 |
| | | | | | | | - change test target ciphers - randomize the test ciphers order - display test cipher count | ||||
| * | tests all available TLSv1.2 ciphers | inoguchi | 2018-09-07 | 1 | -11/+14 |
| | | |||||
| * | Declare strings passed to local_listen() as const. This makes it | bluhm | 2018-09-07 | 1 | -3/+3 |
| | | | | | | consistent to remote_connect() and getaddrinfo(3). from Nan Xiao | ||||
| * | Drop SSL_CIPHER_ALGORITHM2_AEAD flag. | jsing | 2018-09-06 | 4 | -31/+25 |
| | | | | | | | | All of our algorithm_mac == SSL_AEAD cipher suites use EVP_AEAD, so we can condition on that rather than having a separate redundant flag. ok tb@ | ||||
| * | Do not close the socket twice in netcat. | bluhm | 2018-09-06 | 1 | -5/+6 |
| | | | | | from Nan Xiao; OK tb@ | ||||
| * | Use the newer/more sensible names for EVP_MD_CTX_* functions. | jsing | 2018-09-05 | 5 | -16/+16 |
| | | | | | | | | | | | EVP_MD_CTX_create -> EVP_MD_CTX_new EVP_MD_CTX_destroy -> EVP_MD_CTX_free This should make the intent more obvious and reduce head scratching during code reviews. Raised by tb@ | ||||
| * | Correctly clear the current cipher state, when changing cipher state. | jsing | 2018-09-05 | 3 | -41/+37 |
| | | | | | | | | | | | | | | | | | | When a renegotiation results in a change of cipher suite, the renegotation would fail if it switched from AEAD to non-AEAD or vice versa. This is due to the fact that the previous EVP_AEAD or EVP_CIPHER state remained, resulting in incorrect logic that caused MAC failures. Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it into separate read/write components, then call these functions from the appropriate places when a ChangeCipherSpec message is being processed. Also, remove the separate ssl_clear_hash_ctx() calls and fold these into the ssl_clear_cipher_{read,write}_state() functions. Issue reported by Bernard Spil, who also tested this diff. ok tb@ | ||||
| * | use timing-safe compares for checking results in signature verification | djm | 2018-09-05 | 4 | -9/+10 |
| | | | | | | | (there are no known attacks, this is just inexpensive prudence) feedback and ok tb@ jsing@ | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |