summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* quiet warning on other compilersbcook2018-11-111-3/+3
| | | | ok beck@
* Fix a race in libssl interop regress. The success messages frombluhm2018-11-113-6/+9
| | | | | the server child could be delayed. In this case wait a second and check again.
* Hook up sm3 regress tests.tb2018-11-111-1/+2
|
* Add sm3 regress tests.tb2018-11-112-0/+101
|
* Add sm3 to the 'openssl dgst' command.tb2018-11-111-1/+5
| | | | ok beck inoguchi
* Add EVP_sm3() to OpenSSL_add_all_digests_internal().tb2018-11-111-1/+4
| | | | ok beck inoguchi
* bump minors after symbol addition.tb2018-11-113-3/+3
|
* Add SSL_set1_host(), a thin wrapper around X509_VERIFY_PARAM_set1_host().tb2018-11-113-2/+10
| | | | | | | Used by unbound's DNS over TLS implementation to do server name verification. ok jsing
* Add Ribose Inc's implementation of the SM3 hashing function withtb2018-11-118-3/+437
| | | | | | | | | tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
* Nuke trailing whitespacebeck2018-11-111-6/+6
|
* Add automatic threading initialization for libcrypto.bcook2018-11-118-561/+141
| | | | | | | | | | | | | | This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
* Free the server tls transcript in case session reuse did not work.bluhm2018-11-111-3/+4
| | | | | Regression found by Perl module p5-IO-Socket-SSL tests. with beck@ tb@
* include crypto.h from the correct path, remove unused variablebcook2018-11-111-5/+2
|
* Add support for RSA PSS algorithims being used in sigalgs.beck2018-11-112-2/+29
| | | | | | lightly tested, but will need sanity checks and regress test changes before being added to any sigalgs list for real ok jsing@ tb@
* Convert signatures and verifcation to use the EVP_DigestXXX apibeck2018-11-113-45/+93
| | | | | | to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
* Reorganize libssl interop tests. Move netcat tests into separatebluhm2018-11-119-148/+197
| | | | | directory. Keep all log files for easier debugging. Name regress target names consistently.
* Remove dead codebeck2018-11-102-16/+2
| | | | ok jsing@
* Spelingbeck2018-11-101-2/+2
|
* Regress client and server can do session reuse now. Test this withbluhm2018-11-106-129/+220
| | | | | all combinations of LibreSSL, OpenSSL 1.0.2, and OpenSSL 1.1. It is currently disabled for TLS 1.3 as this needs more setup.
* Tweak and improve the TLSv1.3 state machine.jsing2018-11-101-24/+46
| | | | | | | | | | | | | | | | - Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
* Make sure the interop test happen last (since they take a long time)beck2018-11-102-8/+9
|
* Clean up and free objects at the completion of the regress test.jsing2018-11-101-1/+13
| | | | From Ben L <bobsayshilol at live dot co dot uk>.
* fix a leak reported by Ben L (bobsayshilol () live ! co ! uk)tb2018-11-101-1/+3
|
* Fix a leak reported by Ben L bobsayshilol () live ! co ! uk.tb2018-11-101-1/+3
|
* fix a leak pointed out by Ben L (bobsayshi () live ! co ! uk)tb2018-11-101-4/+8
|
* Avoid a double allocation and memory leak.jsing2018-11-101-4/+2
| | | | Reported by Ben L <bobsayshilol at live dot co dot uk>
* Stop keeping track of sigalgs by guessing it from digest and pkey,beck2018-11-108-92/+102
| | | | | | just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
* More regress all the way to exporter_masterbeck2018-11-101-4/+44
|
* Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.tb2018-11-101-30/+28
| | | | ok jsing
* Fix last of the empty hash nonsensebeck2018-11-102-32/+6
| | | | ok jsing@
* Update key schedule regress to match API changes.jsing2018-11-091-21/+12
|
* Fix the TLSv1.3 key schedule implementation.jsing2018-11-092-66/+95
| | | | | | | | | | | | When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@
* Use "send" and "recv" consistently instead of mixing them with "read"tb2018-11-091-98/+108
| | | | | | and "write". Use self-documenting C99 initializers. ok bcook, jsing
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-6/+4
| | | | | | While there, eliminate a flag that was only used once. ok beck jsing mestre
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-4/+4
| | | | ok beck jsing mestre
* The Botan library from ports an be configured to use OpenSSL orbluhm2018-11-092-1/+22
| | | | | | | | LibreSSL as crypto provider. When we run their regression tests, we are actually testing our library. This is far from perfect. A lot of LibreSSL features have not been implemented as Botan provider. Even if provider openssl is specified, botan-test runs a lot of non-openssl tests. This can be improved later.
* Avoid dereferencing eckey before checking it for NULL.tb2018-11-091-5/+6
| | | | | | CID 184282 ok beck jsing mestre
* remove the not yet implemented "handshake" subdirectorytb2018-11-091-2/+1
|
* Add subdirectires with SUBDIR += instead of a single assignment withtb2018-11-093-67/+65
| | | | line continuations.
* Remove ethers(5) YP support bits from libc as it makes it difficult tobrynet2018-11-092-70/+8
| | | | | | | | effectively use pledge(2) in some programs. approval from many, thanks! idea by & ok deraadt@
* Ensure we free the handshake transcript upon session resumption.jsing2018-11-091-1/+4
| | | | | | Found the hard way by jmc@ ok tb@
* The cert subdir is testing all combinations of certificate validation.bluhm2018-11-0911-48/+244
| | | | | | Having the three libraries, client and server certificates, missing or invalid CA or certificates, and enforcing peer certificate results in 1944 new test cases.
* Ensure we only choose sigalgs from our prefernce list, not the whole listbeck2018-11-094-10/+19
| | | | ok jsing@
* Add the ability to have a separate priority list for sigalgs.beck2018-11-094-12/+43
| | | | | Add a priority list for tls 1.2 ok jsing@
* Correct defines for writer tests in connect/accept loops.jsing2018-11-091-3/+3
| | | | ok tb@
* Correct function naming for tls13_handshake_advance_state_machine().jsing2018-11-091-4/+2
| | | | ok tb@
* Avoid leak: free existing SRTP connection profiles beforetb2018-11-091-1/+2
| | | | | | setting it. From Ben L <bobsayshilol () live ! co ! uk>.
* Avoid leaking memory that was already allocated in ASN1_item_new().tb2018-11-091-5/+1
| | | | From Ben L <bobsayshilol () live ! co ! uk>
* Fix a buffer overrun in asn1_parse2().tb2018-11-091-4/+7
| | | | | From Ben L bobsayshilol () live ! co ! uk Similar fixes in BoringSSL and OpensSSL.
* In verbose mode netcat reports to stderr when the listen systembluhm2018-11-091-16/+29
| | | | | | call has finished. This allows to write race free scripts as they can check that the server is up and running. OK sthen@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 17:17:46 +0000