openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2018-08-21	fix return value	tb	1	-3/+3

2018-08-21	Remove ChaCha20-Poly1305 from the TODO list	tb	1	-2/+2

2018-08-21	A failure to _seal() should be looked into, so turn this into an	tb	1	-7/+2
	unconditional failure.
2018-08-21	Factor the calls to EVP_AEAD_CTX_open() and EVP_AEAD_CTX_seal() into	tb	1	-48/+76
	their own functions to make it easier to handle failures cleanly. Discussed with jsing
2018-08-21	Merge duplicate benchmark() GET/SSL_shutdown blocks into doConnection().	cheloha	1	-41/+25
	We need to then remove the shadow i from the GET block. While there, move retval's declaration to the beginning of the function. As doConnection() now executes the body of the benchmark's test, rename it to "run_test". Shadow variable spotted by tb@. ok tb@
2018-08-21	typo in argument type, from Mario dot Andres dot Campos at gmail dot com	schwarze	1	-3/+3

2018-08-20	add two missing \n	tb	1	-3/+3

2018-08-20	Test EVP_AEAD_CTX_open() at the same time as EVP_AEAD_CTX_seal()	tb	1	-5/+23
	Suggested by jsing
2018-08-20	remove two redundant tests	tb	1	-10/+1

2018-08-20	Use sealed instead of out in a couple of places in preparation of	tb	1	-12/+13
	testing EVP_AEAD_CTX_open()
2018-08-20	Shuffle the decoding of the hex strings to the top and group all length	tb	1	-22/+26
	tests together. Make failure of the length tests non-fatal, as these are failures of test cases, not of the program.
2018-08-20	Run the Wycheproof ChaCha20-Poly1305 test vectors against libcrypto.	tb	1	-1/+141
	We currently only support nonces of length 12, so skip a few tests. With input from jsing
2018-08-19	Don't leak sktmp in X509_verify_cert().	tb	1	-5/+5
	CID #118791 ok jsing mestre
2018-08-19	whitespace fix	tb	1	-2/+2

2018-08-19	Don't leak db on error in RSA_padding_check_PKCS1_OAEP().	tb	1	-7/+7
	CID #183499. input & ok jsing, ok mestre on first version
2018-08-19	Don't leak a strdup()'ed string on error in do_accept().	tb	1	-1/+3
	CID #154702. input & ok inoguchi, ok mestre on first version
2018-08-19	Rename and collapse tls12_get_sigandhash_cbb().	jsing	4	-39/+28
	Now that all callers of tls12_get_sigandhash() have been converted to CBB, collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a single function. Rename it to tls12_gethashandsig() to be representative of the actual order of the sigalgs parameters, and perform some other clean up. ok inoguchi@ tb@
2018-08-19	Convert ssl3_send_newsession_ticket() to CBB.	jsing	1	-55/+64
	This removes a memorable BUF_MEM_grow() and associated comment. ok inoguchi@ tb@
2018-08-18	Plug SSL object leaks in doConnection().	cheloha	1	-32/+22
	Move SSL_new/SSL_free up into benchmark() to restrict the responsibility for the SSL object to a single scope. Make doConnection() return an int, openssl-style. Some miscellaneous cleanup, too. Discussed with tb, jsing, and jca. Basic idea from jsing, lots of patch input from tb. ok deraadt on an earlier version ok tb jsing
2018-08-17	Convert ssl3_send_client_verify() to CBB.	jsing	1	-43/+50
	ok inoguchi@ tb@
2018-08-17	spelling;	jmc	1	-2/+2

2018-08-17	Make the wording more concise, use the imperative throughout, state	schwarze	1	-108/+126
	more precisely which options require which other options, add many missing incompatibilities, mention the default for -e, and some macro cleanup. OK jmc@ tb@
2018-08-16	Add regress coverage for CBB_add_u32().	jsing	1	-3/+4

2018-08-16	Provide CBB_add_u32(), as needed for an upcoming conversion.	jsing	2	-2/+17
	ok tb@
2018-08-16	Simplify the add signature code/logic in ssl3_send_server_key_exchange().	jsing	1	-13/+8
	ok tb@
2018-08-16	Convert ssl3_send_server_key_exchange() to CBB.	jsing	3	-47/+71
	ok inoguchi@ tb@
2018-08-16	Convert ssl3_get_server_key_exchange() to CBS.	jsing	1	-69/+55
	ok inoguchi@ tb@
2018-08-16	Revert previous, which was wrong as noted by schwarze. Also revert a hunk	tb	1	-4/+7
	from r1.45 and thereby avoid a use-after-free spotted by schwarze. ok schwarze
2018-08-16	Remove unused variable.	rob	1	-5/+3
	From Nan at chinadtrace dot org. Thanks!
2018-08-14	Add a comment that explains what the check is doing and why len >= 1.	tb	1	-1/+2
	Prompted by a remark by jsing
2018-08-14	The UI_add_{input,verify}_string() functions want a length not including	tb	1	-5/+8
	the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to a one-byte buffer overrun in all callers of EVP_read_pw_string(). Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C. Fix this by doing some basic sanity checking in EVP_read_pw_string_min(). Cap the len argument at BUFSIZ and ensure that min < len as well as 0 <= min and 1 <= len. The last two checks are important as these numbers may end up in reallocarray(). ok bcook (on previous version), jsing, mestre
2018-08-14	Remove now unused variable, that got left behind from a previous change.	jsing	1	-3/+1

2018-08-14	Actually check the return values for EVP_Sign* and EVP_Verify*.	jsing	2	-15/+23
	ok bcook@ beck@ tb@
2018-08-14	Don't fail by default in the -new case; ok tb jca	cheloha	1	-19/+12

2018-08-11	Refactor the nearly identical benchmark loops into a single loop.	cheloha	1	-139/+108
	Move all of the benchmark code -- loop initialization, the loops, and the report printing -- into a new function, benchmark(). Eliminates lots of duplicate code. Regressions to 1.20 caught by tb@ and inoguchi@. Tweaked by tb@. ok tb@, jsing@
2018-08-10	Simplify server key exchange signature verification.	jsing	1	-49/+18
	Everything can go through the EVP_Verify* code path. ok inoguchi@ tb@
2018-08-10	Simplify server kex exchange signature generation.	jsing	1	-61/+33
	Everything can go through the single EVP_Sign* code path. ok inoguchi@ tb@
2018-08-10	Add glue to EVP_md5_sha1() so that it can be used with EVP_Sign* and	jsing	1	-1/+12
	EVP_Verify*. ok tb@
2018-08-10	Add missing include to X25519 synopsis.	jsing	1	-2/+3

2018-08-10	In typical swiss-army style, various modes and options cause	deraadt	1	-1/+24
	different unveils. Joint work with beck and florian. Let us know if you hit any corner cases.
2018-08-10	Run the wycheproof ECDSA test vectors against libcrypto.	jsing	1	-7/+147
	Skip the ecdsa_webcrypto_test.json vectors for the time being, as these likely need some extra glue.
2018-08-10	Run the X25519 wycheproof test vectors against libcrypto.	jsing	1	-13/+82

2018-08-10	Rework regress so that it is easier to add additional test types.	jsing	1	-35/+59

2018-08-10	Use a table rather than a switch when converting strings to NIDs.	jsing	1	-14/+13
	This will make it easier to extend.
2018-08-08	typo: macro-generates wrappers -> macro-generated wrappers	tb	1	-3/+3

2018-08-05	Remove unnecessary NULL check from get_cert_by_subject sincelibressl-v2.8.0	bcook	1	-3/+3
	sk_BY_DIR_HASH_find already does it, removing ambiguity later in the function. ok tb@
2018-08-05	Fix a memory leak in i2d_RSA_NET on failure of ASN1_STRING_set.	bcook	1	-2/+2
	Found by Coverity. Feedback and ok tb@
2018-08-05	In RSA_padding_add_PKCS1_OAEP, dbmask needs to be freed on failure.	bcook	1	-3/+7
	ok tb@
2018-08-05	Fix memory leak in i2b_PVK in error handling.	bcook	1	-14/+10
	Simplify parameter checks since this is only called from one place. Found by Coverity, CID 183502. ok beck@
2018-07-29	Document that X509_{NAME,REQ,REQ_INFO}_free() are all NULL safe.	tb	2	-4/+19
	From Ross L. Richardson