| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The hex decoding is only done from the JSON files provided by the
wycheproof-testvectors package. Failure is always fatal. So there
is no need for repeated error checks, and we can use an ergonomic
wrapper.
Also rework the calculation of the message digest from input data
this had a similar deficit.
All in all this shaves off about 10% of the code and removes a lot
of tedious repetition.
|
| | |
|
| | |
|
| |
|
|
| |
This simplifies and unifies a lot of error messages.
|
| |
|
|
|
|
| |
After previous refactoring, rsa_all_set_pss_padding() is the last remaining
caller of the weirdly named and ugly rsa_all_set_pss_padding(). This can be
handled in a few simple lines now that this mess has slightly cleaner code.
|
| | |
|
| |
|
|
|
| |
Check and assign the EVP_PKEY_CTX and move the extraction of the algorithm
identifier from the signer info a few lines down.
|
| |
|
|
|
|
|
|
|
|
| |
The current convoluted mess can be handled with two calls to the new
rsa_alg_set_pss_padding() helper. Not that this would be obvious at
all.
This fixes two more leaks in case of X509_ALGOR_set0() failure.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This sets the AlgorithmIdentifier's algorithm to id-RSASSA-PSS with
appropriate RSASSA-PSS parameters. This pulls a chunk of code out of
rsa_cms_sign() and rewrites it with proper error checking, thereby
fixing a long-standing leak.
This helper can also be used in rsa_item_sign(), but that part is a
bit special, and will therefore be commmitted separately.
ok jsing
|
| |
|
|
|
|
|
|
| |
This removes a few duplicated and unchecked X509_ALGOR_set0() calls and
factors them into a helper function that sets the AlgorithmIdentifier on
the recipient info or signer info to rsaEncryption with null parameters.
ok jsing
|
| |
|
|
|
|
|
|
| |
The determination of the test group type and the JSON unmarshalling can be
done before the closure without performance impact. This is more readable
and eliminates the need of a temporary variable again.
Suggested by jsing
|
| |
|
|
|
| |
This factors another ugly switch into a helper function. This should
probably become a map eventually, but for now keep things straightforward.
|
| |
|
|
|
| |
This allows us to use a simpler way of running the individual test groups
and gets rid of an ugly mostly copy-pasted switch inside a closure.
|
| |
|
|
|
| |
These used the wycheproofTestGroupAead type but an upcoming change requires
to change this. Introduce the aliases now to make the next diff cleaner.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Due to Go's idiosyncratic semantics of for loops, tests would only run
some of the test groups in the JSON file because by the time the closure
is called, the array index could be changed. For example, on fast 8 core
machines, the CMAC tests would run the last test group with key size 320
eight times rather than each of the eight test groups once.
Make a copy of the pointer before passing it to the closure to avoid this
issue.
Simpler version of my initial fix from jsing
|
| | |
|
| |
|
|
| |
not real problems)
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT
rather than a nid. This means that almost all callers call OBJ_obj2nid()
and they often do this inline without error checking so that the resulting
X509_ALGOR object is corrupted and may lead to incorrect encodings.
Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid
instead of an ASN1_OBJECT and performs proper error checking. This will be
used to convert callers of X509_ALGOR_set0() in the library.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
| |
little sense here since there are multiple possible errnos that could
be returned. On OpenBSD this returns EISDIR and not EBUSY.
OK mbuhl@ millert@
|
| |
|
|
|
| |
the directory and so checking against getgid() makes no sense.
OK mbuhl@ millert@
|
| |
|
|
|
| |
closed.
OK mbuhl@ millert@
|
| |
|
|
|
|
| |
Until OpenSSL 3.1 has replaced OpenSSL 3.0 on most architectures, run
both tests. Installed packages of OpenSSL 3.0 will update automatically
to 3.1, so regress runners should not need to do anything.
|
| |
|
|
|
| |
Otherwise, the prototypes for timespec_get() and aligned_alloc()
are not visible. OK guenther@
|
| |
|
|
|
|
|
|
| |
If the topmost cert is invalid, this should result in a validation failure.
Do the same dance as elsewhere permitting the verify callback to intercept
the error but ensuring that we throw an error.
ok jsing
|
| |
|
|
| |
on why this occasionally fails.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Once we remove X509_ALGOR_set_md() we can link this test statically and use
X509_ALGOR_set_evp_md() but for now make sure the documented workaround for
this garbage API works.
|
| |
|
|
|
|
|
|
|
|
|
| |
This streamlines the code to use safer idioms, do proper error checking
and be slightly less convoluted. Sprinkle a few references to RFC 8017
and explain better what we are doing and why. Clarify ownership and use
more consistent style.
This removes the last internal use of X509_ALGOR_set_md().
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
OpenSSL has the 20 in the long and short names, so add aliases to the
existing names to make things work. In particular, EVP_get_cipherbyname()
will now return EVP_chacha20() for both 'ChaCha20' and 'chacha20'.
Found by Facundo Tuesca when trying to add LibreSSL support for ChaCha20 in
https://github.com/pyca/cryptography/pull/9209
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
the 0x0 call sites for leak reports. Also display more info on
detected write of free chunks: print the info about where the chunk
was allocated, and for the preceding chunk as well.
ok asou@
|
| | |
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
| |
This matches what other pages use. Also rewrite the definition of the
modular inverse to be less ugly.
|
| | |
|
