summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/recallocarray.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-11-16Fix DTLS. Because the DTLS code is strange. I am really coming around tobeck1-3/+5
joel's line of thinking about it
2018-11-16Unbreak legacy ciphers for prior to 1.1 by setting having a legacybeck4-10/+22
sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@
2018-11-15Port OpenSSL commit 99540ec79491f59ed8b46b4edf130e17dc907f52 -- mitigationtb1-4/+4
for a timing vullnerability in ECDSA signature generation (CVE-2018-0735). Note that the blinding that we introduced back in June for ECDSA and DSA should mitigate this and related issues. This simply adds an additional layer of protection. discussed with jsing
2018-11-14Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@,mestre1-2/+2
instead of 'uint16_t' Found with llvm's static analyzer, noticed that it was also already reported in Coverity CID 155890 and to ensure this was correct also inspected OpenSSL's equivalent code. OK tb@ and jsing@
2018-11-14didn't found -> didn't find.tb1-2/+2
From Edgar Pettijohn III
2018-11-14In TLS1.2 we use evp_sha1 if we fall back this far, not evp_md5_sha1 as in 1.1beck1-2/+2
Makes connections to outlook.office365.com work
2018-11-13Temporary workaround for breakage seen in www.videolan.org with curve mismatchbeck1-3/+4
2018-11-13Just err if we can't create secretsbeck1-2/+2
2018-11-13NULL out mdctx to prevent possible double free introduced in version 1.4beck1-1/+2
Spotted by maestre@, ok tb@
2018-11-13Fix pkey_ok to be less strange, and add cuve checks required for the EC onesbeck1-9/+26
ok tb@
2018-11-12Missing initialization for pub_key. CID 184303.tb1-2/+2
ok bcook
2018-11-12Rework the sm3 regress based on a suggestion by jsing. Zap the weirdtb1-30/+36
hex_encode() function and use byte arrays instead of strings to store the expected values. Snatch and tweak hexdump() from beck's key_schedule test to pretty-print data in case of failure.
2018-11-11Add check function to verify that pkey is usable with a sigalg.beck4-7/+24
Include check for appropriate RSA key size when used with PSS. ok tb@
2018-11-11Add back a few missing compatibility stubsbcook2-4/+37
ok beck@
2018-11-11quiet warning on other compilersbcook1-3/+3
ok beck@
2018-11-11Fix a race in libssl interop regress. The success messages frombluhm3-6/+9
the server child could be delayed. In this case wait a second and check again.
2018-11-11Hook up sm3 regress tests.tb1-1/+2
2018-11-11Add sm3 regress tests.tb2-0/+101
2018-11-11Add sm3 to the 'openssl dgst' command.tb1-1/+5
ok beck inoguchi
2018-11-11Add EVP_sm3() to OpenSSL_add_all_digests_internal().tb1-1/+4
ok beck inoguchi
2018-11-11bump minors after symbol addition.tb3-3/+3
2018-11-11Add SSL_set1_host(), a thin wrapper around X509_VERIFY_PARAM_set1_host().tb3-2/+10
Used by unbound's DNS over TLS implementation to do server name verification. ok jsing
2018-11-11Add Ribose Inc's implementation of the SM3 hashing function withtb8-3/+437
tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
2018-11-11Nuke trailing whitespacebeck1-6/+6
2018-11-11Add automatic threading initialization for libcrypto.bcook8-561/+141
This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
2018-11-11Free the server tls transcript in case session reuse did not work.bluhm1-3/+4
Regression found by Perl module p5-IO-Socket-SSL tests. with beck@ tb@
2018-11-11include crypto.h from the correct path, remove unused variablebcook1-5/+2
2018-11-11Add support for RSA PSS algorithims being used in sigalgs.beck2-2/+29
lightly tested, but will need sanity checks and regress test changes before being added to any sigalgs list for real ok jsing@ tb@
2018-11-11Convert signatures and verifcation to use the EVP_DigestXXX apibeck3-45/+93
to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
2018-11-11Reorganize libssl interop tests. Move netcat tests into separatebluhm9-148/+197
directory. Keep all log files for easier debugging. Name regress target names consistently.
2018-11-10Remove dead codebeck2-16/+2
ok jsing@
2018-11-10Spelingbeck1-2/+2
2018-11-10Regress client and server can do session reuse now. Test this withbluhm6-129/+220
all combinations of LibreSSL, OpenSSL 1.0.2, and OpenSSL 1.1. It is currently disabled for TLS 1.3 as this needs more setup.
2018-11-10Tweak and improve the TLSv1.3 state machine.jsing1-24/+46
- Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
2018-11-10Make sure the interop test happen last (since they take a long time)beck2-8/+9
2018-11-10Clean up and free objects at the completion of the regress test.jsing1-1/+13
From Ben L <bobsayshilol at live dot co dot uk>.
2018-11-10fix a leak reported by Ben L (bobsayshilol () live ! co ! uk)tb1-1/+3
2018-11-10Fix a leak reported by Ben L bobsayshilol () live ! co ! uk.tb1-1/+3
2018-11-10fix a leak pointed out by Ben L (bobsayshi () live ! co ! uk)tb1-4/+8
2018-11-10Avoid a double allocation and memory leak.jsing1-4/+2
Reported by Ben L <bobsayshilol at live dot co dot uk>
2018-11-10Stop keeping track of sigalgs by guessing it from digest and pkey,beck8-92/+102
just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
2018-11-10More regress all the way to exporter_masterbeck1-4/+44
2018-11-10Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.tb1-30/+28
ok jsing
2018-11-10Fix last of the empty hash nonsensebeck2-32/+6
ok jsing@
2018-11-09Update key schedule regress to match API changes.jsing1-21/+12
2018-11-09Fix the TLSv1.3 key schedule implementation.jsing2-66/+95
When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@
2018-11-09Use "send" and "recv" consistently instead of mixing them with "read"tb1-98/+108
and "write". Use self-documenting C99 initializers. ok bcook, jsing
2018-11-09Initialize priv_key and pub_key on first use instead of at the top.tb1-6/+4
While there, eliminate a flag that was only used once. ok beck jsing mestre
2018-11-09Initialize priv_key and pub_key on first use instead of at the top.tb1-4/+4
ok beck jsing mestre
2018-11-09The Botan library from ports an be configured to use OpenSSL orbluhm2-1/+22
LibreSSL as crypto provider. When we run their regression tests, we are actually testing our library. This is far from perfect. A lot of LibreSSL features have not been implemented as Botan provider. Even if provider openssl is specified, botan-test runs a lot of non-openssl tests. This can be improved later.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 05:37:53 +0000