| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
use-after-free and double-free issues in calling programs.
The bug was introduced in SSLeay-0.6.0 released on June 21, 1996
and has been present since OpenBSD 2.4.
I found the bug while documenting the function.
The bug could bite in two ways that looked quite different from the
perspective of the calling code:
* If a stack was passed in that already contained some X509_INFO
objects and an error occurred, all the objects passed in would be
freed, but without removing the freed pointers from the stack,
so the calling code would probable continue to access the freed
pointers and eventually free them a second time.
* If the input BIO contained at least two valid PEM objects followed by
at least one PEM object causing an error, at least one freed pointer
would be put onto the stack, even though the function would return NULL
rather than the stack. But the calling code would still have a pointer
to the stack, so it would be likely to access the new bogus pointers
sooner or later.
Fix all this by remembering the size of the input stack on entry
and cutting it back to exactly that size when exiting due to an
error, but no further.
While here, do some related cleanup:
* Garbage collect the automatic variables "error" and "i"
which were only used at one single place each.
* Use NULL rather than 0 for pointers.
I like bugfixes that make the code four lines shorter, reduce the
number of variables by one, reduce the number of brace-blocks by
one, reduce the number if if-statements by one, and reduce the
number of else-clauses by one.
Tweaks and OK tb@.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
LibreSSL as crypto provider. When we run their regression tests,
we are actually testing our library. This is far from perfect. A
lot of LibreSSL features have not been implemented as Botan provider.
Even if provider openssl is specified, botan-test runs a lot of
non-openssl tests. This can be improved later.
|
| |
|
|
| |
line continuations.
|
| |
|
|
|
|
|
|
|
|
| |
libcrypto. Initially this just covers RSA signatures, but can be extended
to cover other cryptographic algorithms.
This regress requires the go and wycheproof-testvector packages to be
installed, with the regress being skipped otherwise.
Discussed with beck@ and tb@
|
| |
|
|
| |
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
| |
in C. Ride previous minor bump
ok tom@ inoguchi@ jsing@
|
| | |
|
| |
|
|
| |
therefore appears to break in bluhm's test setup
|
| | |
|
| |
|
|
|
| |
code now lives. Also unbreak the regress following the symbol hiding
changes in libssl.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
MD4 should have been removed a long time ago. Also, RFC 6150 moved it to
historic in 2011. Rides the major crank from removing SHA-0.
Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@
|
| |
|
|
|
|
|
| |
SHA-0 was withdrawn shortly after publication 20 years ago and replaced
with SHA-1. This will require a major crank.
ok bcook@, jsing@
|
| |
|
|
| |
ok deraadt@ jsing@ miod@
|
| | |
|
| |
|
|
| |
OpenSSL trunk
|
| |
|
|
| |
This currently fails when signing/verifying with a detached signature.
|
| |
|
|
|
| |
BIO_get_port() and fails since the current code believes that "-1" is a
valid port.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
implementation.
ok miod@
|
| | |
|
| | |
|
| |
|
|
| |
from http://csrc.nist.gov/groups/ST/toolkit/examples.html
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
| |
instead of garbage, and add this to the libcrypto regress. Note these tests
are incomplete, as they always use the default IV.
|
| |
|
|
| |
conveniently leaving the benchmark code not compiled in the test.
|
| | |
|
|
|
infrastructure.
The following tests have not been imported, for their code lacks a licence:
asn1, rsa, sha256, sha512, wp.
|
