summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make more of libssl's record layer state internal.jsing2018-10-248-88/+86
| | | | | | | | | | In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
* Remove a GOST data symbol that should not be exported.jsing2018-10-241-1/+0
|
* Remove a bunch of ancient and highly crufty ASN.1 related code fromjsing2018-10-249-1633/+22
| | | | | | libcrypto (the "new" stuff replaced this back around 2000 or so...). ok tb@
* Remove stack related macros that should have been nuked whenjsing2018-10-241-333/+1
| | | | {CMS,KRB5,SRP} were removed.
* Avoid calling memcpy with a length <= 0. Reported due to a GCC 7.3.0tb2018-10-201-5/+6
| | | | | | | compiler warning by Pavel Kraynyukhov. A similar fix was made in OpenSSL commit 369e93398b68b8a328e6c1d766222b. ok inoguchi
* With the fixed length checks in aes_wrap.c 1.11, we can remove the uglytb2018-10-201-11/+3
| | | | length checks here.
* RFC 3394 section 2 states that we need at least two 64 bit blockstb2018-10-201-6/+6
| | | | | | | | | | | | | | for wrapping and, accordingly, three 64 bit blocks for unwrapping. That is: we need at least 16 bytes for wrapping and 24 bytes for unwrapping. This also matches the lower bounds that OpenSSL have in their CRYPTO_128_{un,}wrap() functions. In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(), this results in a segfault since then inlen -= 8 underflows. Found while playing with the Wycheproof keywrap test vectors. ok bcook
* Run Wycheproof testvectors for AES Key Wrap without padding (RFC 3394)tb2018-10-191-4/+144
| | | | | | against libcrypto. Currently contains caller-side length checks that should really be done in the library. This will be fixed after an upcoming commit to libcrypto.
* truncate long comments in audit summarytb2018-10-191-2/+7
|
* simplify BN_bin2bn() calls; no need to pre-declare the variable.tb2018-10-181-11/+6
|
* Avoid a bad out of bounds access that caused intermittent crashes.tb2018-10-181-2/+2
|
* whitespace cleanup and other minor things from gofmttb2018-10-071-44/+39
|
* make sure all CStrings are freedtb2018-10-061-3/+7
|
* plug a memory leaktb2018-10-061-1/+2
|
* wrap a few more overlong linestb2018-10-061-14/+36
|
* wrap some overlong fmt.Printfstb2018-10-061-53/+106
|
* It's slightly simpler to get the ECDH public key as an EC_POINT by usingtb2018-10-061-16/+15
| | | | | EC_KEY_set_public_key_affine_coordinates() and EC_KEY_get0_public_key() than using EC_POINT_set_affine_coordinates_GFp() directly.
* free EC_POINT and EC_GROUPtb2018-10-061-1/+4
|
* Run Wycheproof ECDH Web Crypto test vectors against libcrypto.tb2018-10-061-6/+155
|
* merge runECDSAWebCryptoTest() into runECDSATest()tb2018-10-061-53/+31
|
* factor ECDSA signature extraction into its own functiontb2018-10-061-24/+35
|
* make allocate/use/defer dances more consistent in ECDSA sig extractiontb2018-10-061-9/+8
|
* Run Wycheproof ECDSA Web Crypto test vectors against libcrypto.tb2018-10-051-7/+166
|
* Better refer to RFC 8422 which obsoletes RFC 4492.tb2018-10-041-2/+2
|
* While we don't explicitly support curve secp256r1, we can run 1250 teststb2018-10-041-11/+2
| | | | against its ANSI equivalent prime256v1 (compare RFC 4492, Appendix A).
* Plug TLS context leak in nc(1) server and client mode. Movebluhm2018-10-041-12/+10
| | | | | tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
* As per POSIX, when str{,r}chr is comparing it should convert c to a char.martijn2018-10-014-8/+10
| | | | | | | | | | The C implementation of str{,r}chr are not linked to the build, because assembly implementations are used, but change to code for easier reference. At least the i386 and amd64 are checked and seem to do the correct thing. Found thanks to the csh any/strchr change. minor pointers and OK millert@
* in ECDH, gather statistics where it makes more sensetb2018-09-301-8/+5
|
* bump for LibreSSL 2.8.2bcook2018-09-301-3/+3
|
* -T applies to ip6 too, apparently;jmc2018-09-251-4/+4
| | | | from nan xiao
* bump for LibreSSL 2.8.1libressl-v2.8.1bcook2018-09-231-3/+3
|
* Add a comment on the acceptable RSASSA cases.tb2018-09-221-2/+3
|
* gather statistics in checkAead{Open,Seal}() as well.tb2018-09-221-1/+7
|
* remove some unneeded checkstb2018-09-221-15/+5
|
* gather and print some statistics on the acceptable cases we need totb2018-09-221-8/+60
| | | | look into
* more flags printingtb2018-09-221-23/+23
|
* improve logic involving acceptableAudittb2018-09-221-5/+5
|
* Swap order of "action" and "wt.Flags" in a few fmt.Printfs.tb2018-09-221-17/+17
|
* Introduce a couple of convenience targets to help with auditing thetb2018-09-222-5/+41
| | | | acceptable cases.
* Print the flags field in INFO: and FAIL: messages. It's helpful intb2018-09-211-17/+17
| | | | identifying the important failures while auditing.
* fix order of arguments in fmt.Printf()tb2018-09-181-2/+2
|
* Simplify initialization of asn1_cb; use correct spelling of NULL.tb2018-09-171-4/+2
|
* Move tally mark printing out of the main benchmark loop; ok tb@cheloha2018-09-171-14/+21
|
* add missing default case to switchtb2018-09-161-1/+3
|
* EVP_aead_chacha20_poly1305() can't actually fail.tb2018-09-161-4/+1
|
* Rename *AesCcmOrGcm* into the slightly less ugly *AesAead*.tb2018-09-161-9/+9
|
* another typo. time to sleeptb2018-09-151-2/+2
|
* typostb2018-09-151-3/+3
|
* add a brief comment on the acceptable AES CCM and AES GCM casestb2018-09-151-2/+8
|
* Also exercise EVP_aead_aes_128_gcm() and EVP_aead_aes_256_gcm().tb2018-09-151-6/+26
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 20:15:05 +0000