openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Convert bytestringtest to individual checks and don't short circuit.	doug	2015-06-23	1	-321/+337
\| \| \| \| \| \| \| \| \|	The statements were chained together with OR which makes it more annoying to debug. Also, it was short circuiting all tests as soon as one function failed. Since the functions are independent, they should each run until error. Discussed with miod@ and jsing@
*	Remove unnecessary regress target.	doug	2015-06-23	1	-7/+2
\|
*	Remove obsolete MDC-2DES from libcrypto.	doug	2015-06-20	3	-134/+1
\| \| \| \|	ok deraadt@ jsing@ miod@
*	Add tests for CBS_offset() and CBS_write_bytes().	doug	2015-06-17	1	-2/+70
\| \| \| \|	"no problem" miod@, tweak + ok jsing@
*	Be more strict about BER and DER terminology.	doug	2015-06-16	1	-15/+18
\| \| \| \| \| \| \| \|	bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like encoding with one violation (indefinite form) to strict DER. Rename the functions to reflect this. ok miod@ jsing@
*	Need to operate of CXXFLAGS now.	miod	2015-05-29	1	-3/+3
\|
*	Make this run on strict alignment architectures.	miod	2015-05-08	1	-6/+9
\|
*	Check for invalid leading zeros in CBS_get_asn1_uint64.	doug	2015-04-25	1	-2/+4
\| \| \| \| \| \| \| \| \| \|	ASN.1 integers cannot have all zeros or all ones for the first 9 bits. This rule ensures the numbers are encoded with the smallest number of content octets (see ITU-T Rec X.690 section 8.3.2). Based on BoringSSL commit 5933723b7b592e9914f703d630b596e140c93e16 ok deraadt@ jsing@
*	Now that tls_close() is more robust, consider a failure to be fatal.	jsing	2015-04-15	1	-1/+1
\|
*	fix for regression test for strtol(). it failed (the wrong kind of	phessler	2015-03-15	1	-2/+2
\| \| \| \| \| \| \| \|	fail), on 64-bit systems. tested on 64-bit (amd64) and 32-bit (sparc). OK claudio@ deraadt@
*	Reject DH keys sent by a server if they are considered too small; inspired	miod	2015-03-08	1	-38/+4
\| \| \| \| \|	by a similar BoringSSL change, but raising the limit to 1024 bits. ok jsing@ markus@ guenther@ deraadt@
*	Fix CVE-2014-3570: properly calculate the square of a BIGNUM value.	bcook	2015-02-25	1	-23/+66
\| \| \| \| \| \| \| \| \| \| \|	See https://www.openssl.org/news/secadv_20150108.txt for a more detailed discussion. Original OpenSSL patch here: https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 The regression test is modified a little for KNF. ok miod@
*	Trivial fix for test progress output.	bcook	2015-02-25	1	-4/+7
\| \| \| \|	Remove unneeded dangling else, compound statements on a single line.
*	Update for recent verify related naming changes.	jsing	2015-02-22	2	-28/+28
\|
*	BN_free() has its own NULL check.	jsing	2015-02-19	1	-14/+7
\|
*	KNF.	jsing	2015-02-19	1	-766/+834
\|
*	Add more error checking and free resources in bytestringtest.	doug	2015-02-16	1	-26/+47
\|
*	Fix various memory leaks by not exiting so abruptly from failed tests.	miod	2015-02-15	1	-579/+507
\|
*	Remove ancient gcc workaround on mips.	miod	2015-02-15	1	-3/+2
\|
*	Memory leak. Coverity CID 78865	miod	2015-02-15	1	-2/+3
\|
*	Wrong logic; Coverity CID 78894	miod	2015-02-15	1	-1/+1
\|
*	Do not rely upon malloc(0) not returning NULL. Not all malloc implementations	miod	2015-02-11	1	-6/+10
\| \| \| \| \| \|	have this property. Instead, skip the malloc and memcmp if their size is zero. Per bcook@ request in order to run on AIX
*	Add regress tests for SSL_CIPHER_get_by_value() and SSL_CIPHER_get_by_id().	jsing	2015-02-07	1	-1/+61
\|
*	SIZE_MAX is standard, we should be using it in preference to the	millert	2015-02-06	1	-5/+3
\| \| \| \|	obsolete SIZE_T_MAX. OK miod@ beck@
*	KNF bytestring files.	doug	2015-02-06	1	-582/+596
\| \| \| \| \| \| \| \|	I checked that this doesn't change anything. Compiled with clang using -Wno-pointer-sign -g0 to reduce the differences. Only difference in the asm is due to assert(0) line number changes in bs_cbs.c and bs_cbb.c. miod is ok with the general process.
*	Import BoringSSL's crypto bytestring and crypto bytebuilder APIs.	doug	2015-02-06	3	-1/+671
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	This is imported with as few changes as possible for the initial commit. I removed OPENSSL_EXPORT, replaced OPENSSL_malloc() etc with malloc() and changed a few header includes. BoringSSL has this as part of their public API. We're leaving it internal to libssl for now. Based on BoringSSL's CBB/CBS API as of commit c5cc15b4f5b1d6e9b9112cb8d30205a638aa2c54. input + ok jsing@, miod@
*	Add libssl ciphers regress, which currently only covers	jsing	2015-02-06	3	-1/+130
\| \| \| \|	get_cipher_by_char/put_cipher_by_char.
*	Missing $OpenBSD$'s.	krw	2015-01-20	5	-0/+5
\| \| \| \|	ok deraadt@
*	Move 40MB of .rodata and 40MB of stack to .bss; allows this test to run on	miod	2014-12-15	1	-3/+7
\| \| \| \|	platforms with small MAXTSIZ or MAXSSIZ.
*	unifdef OPENSSL_NO_NEXTPROTONEG	jsing	2014-12-14	1	-12/+0
\|
*	Increase cipher suite test coverage by including all cipher suites that	jsing	2014-12-12	1	-5/+5
\| \| \| \|	use RSA authentication, rather than only those that use RSA key exchange.
*	Add regress for ALPN.	jsing	2014-12-10	2	-1/+180
\| \| \| \|	Based on OpenSSL.
*	fix previous.	daniel	2014-12-10	1	-2/+4
\|
*	t_exhaust is too exhausting	deraadt	2014-12-09	1	-3/+3
\|
*	remove duplicate initialization of .sid_ctx in test	bcook	2014-12-07	1	-3/+1
\|
*	Allow specific libtls hostname validation errors to propagate.	bcook	2014-12-07	1	-3/+7
\| \| \| \| \| \| \| \|	Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). ok jsing@
*	The -ssl2 flag does nothing - remove the flag and any tests that were	jsing	2014-12-06	2	-34/+4
\| \| \| \|	using it.
*	Allow overriding the path to the testssl and openssl binaries.	bcook	2014-12-03	1	-9/+9
\| \| \| \| \| \| \|	This is needed by the portable tree to point directly to the newly-built binaries when running unit tests. discussed with jsing@ and others
*	Fill the buffer with 'z' instead of 'a' since 'a' is part of the	millert	2014-12-03	2	-38/+150
\| \| \| \| \| \| \|	string we are testing. Add tests to verify that we get SIGSEGV when passed a NULL src or dst. It is better to crash than for an implementation to check for NULL and try to recover.
*	Add simple strlcpy regress	millert	2014-12-02	3	-3/+123
\|
*	Add simple strlcat regress	millert	2014-12-02	3	-2/+124
\|
*	Add strnlen to SUBDIRS so we actually run its tests.	millert	2014-12-02	1	-2/+2
\|
*	prefer memcmp to bcmp.	bcook	2014-11-26	1	-2/+2
\| \| \| \|	ok tedu@ miod@ deraadt@
*	GOST regression tests; from Dmitry Eremin-Solenikov	miod	2014-11-18	3	-1/+18
\|
*	GOST tests, not connected to the build yet.	miod	2014-11-09	2	-0/+1464
\|
*	Initial regress for libtls hostname verification.	jsing	2014-11-01	3	-2/+247
\|
*	Update regress for the libressl to libtls rename.	jsing	2014-10-31	4	-0/+288
\|
*	#undef LIBRESSL_INTERNAL for the RAND_pseudo_bytes() test.	jsing	2014-10-22	1	-0/+2
\|
*	Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes() (most	jsing	2014-10-22	4	-21/+15
\| \| \| \|	with unchecked return values).
*	None of these need <openssl/rand.h>	jsing	2014-10-22	5	-5/+0
\|