summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Test EVP_AEAD_CTX_open() at the same time as EVP_AEAD_CTX_seal()tb2018-08-201-5/+23
| | | | Suggested by jsing
* remove two redundant teststb2018-08-201-10/+1
|
* Use sealed instead of out in a couple of places in preparation oftb2018-08-201-12/+13
| | | | testing EVP_AEAD_CTX_open()
* Shuffle the decoding of the hex strings to the top and group all lengthtb2018-08-201-22/+26
| | | | | tests together. Make failure of the length tests non-fatal, as these are failures of test cases, not of the program.
* Run the Wycheproof ChaCha20-Poly1305 test vectors against libcrypto.tb2018-08-201-1/+141
| | | | | | We currently only support nonces of length 12, so skip a few tests. With input from jsing
* Don't leak sktmp in X509_verify_cert().tb2018-08-191-5/+5
| | | | | | CID #118791 ok jsing mestre
* whitespace fixtb2018-08-191-2/+2
|
* Don't leak db on error in RSA_padding_check_PKCS1_OAEP().tb2018-08-191-7/+7
| | | | | | CID #183499. input & ok jsing, ok mestre on first version
* Don't leak a strdup()'ed string on error in do_accept().tb2018-08-191-1/+3
| | | | | | CID #154702. input & ok inoguchi, ok mestre on first version
* Rename and collapse tls12_get_sigandhash_cbb().jsing2018-08-194-39/+28
| | | | | | | | | | Now that all callers of tls12_get_sigandhash() have been converted to CBB, collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a single function. Rename it to tls12_gethashandsig() to be representative of the actual order of the sigalgs parameters, and perform some other clean up. ok inoguchi@ tb@
* Convert ssl3_send_newsession_ticket() to CBB.jsing2018-08-191-55/+64
| | | | | | This removes a memorable BUF_MEM_grow() and associated comment. ok inoguchi@ tb@
* Plug SSL object leaks in doConnection().cheloha2018-08-181-32/+22
| | | | | | | | | | | | | Move SSL_new/SSL_free up into benchmark() to restrict the responsibility for the SSL object to a single scope. Make doConnection() return an int, openssl-style. Some miscellaneous cleanup, too. Discussed with tb, jsing, and jca. Basic idea from jsing, lots of patch input from tb. ok deraadt on an earlier version ok tb jsing
* Convert ssl3_send_client_verify() to CBB.jsing2018-08-171-43/+50
| | | | ok inoguchi@ tb@
* spelling;jmc2018-08-171-2/+2
|
* Make the wording more concise, use the imperative throughout, stateschwarze2018-08-171-108/+126
| | | | | | | more precisely which options require which other options, add many missing incompatibilities, mention the default for -e, and some macro cleanup. OK jmc@ tb@
* Add regress coverage for CBB_add_u32().jsing2018-08-161-3/+4
|
* Provide CBB_add_u32(), as needed for an upcoming conversion.jsing2018-08-162-2/+17
| | | | ok tb@
* Simplify the add signature code/logic in ssl3_send_server_key_exchange().jsing2018-08-161-13/+8
| | | | ok tb@
* Convert ssl3_send_server_key_exchange() to CBB.jsing2018-08-163-47/+71
| | | | ok inoguchi@ tb@
* Convert ssl3_get_server_key_exchange() to CBS.jsing2018-08-161-69/+55
| | | | ok inoguchi@ tb@
* Revert previous, which was wrong as noted by schwarze. Also revert a hunktb2018-08-161-4/+7
| | | | | | from r1.45 and thereby avoid a use-after-free spotted by schwarze. ok schwarze
* Remove unused variable.rob2018-08-161-5/+3
| | | | From Nan at chinadtrace dot org. Thanks!
* Add a comment that explains what the check is doing and why len >= 1.tb2018-08-141-1/+2
| | | | Prompted by a remark by jsing
* The UI_add_{input,verify}_string() functions want a length not includingtb2018-08-141-5/+8
| | | | | | | | | | | | | | the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to a one-byte buffer overrun in all callers of EVP_read_pw_string(). Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C. Fix this by doing some basic sanity checking in EVP_read_pw_string_min(). Cap the len argument at BUFSIZ and ensure that min < len as well as 0 <= min and 1 <= len. The last two checks are important as these numbers may end up in reallocarray(). ok bcook (on previous version), jsing, mestre
* Remove now unused variable, that got left behind from a previous change.jsing2018-08-141-3/+1
|
* Actually check the return values for EVP_Sign* and EVP_Verify*.jsing2018-08-142-15/+23
| | | | ok bcook@ beck@ tb@
* Don't fail by default in the -new case; ok tb jcacheloha2018-08-141-19/+12
|
* Refactor the nearly identical benchmark loops into a single loop.cheloha2018-08-111-139/+108
| | | | | | | | | | Move all of the benchmark code -- loop initialization, the loops, and the report printing -- into a new function, benchmark(). Eliminates lots of duplicate code. Regressions to 1.20 caught by tb@ and inoguchi@. Tweaked by tb@. ok tb@, jsing@
* Simplify server key exchange signature verification.jsing2018-08-101-49/+18
| | | | | | Everything can go through the EVP_Verify* code path. ok inoguchi@ tb@
* Simplify server kex exchange signature generation.jsing2018-08-101-61/+33
| | | | | | Everything can go through the single EVP_Sign* code path. ok inoguchi@ tb@
* Add glue to EVP_md5_sha1() so that it can be used with EVP_Sign* andjsing2018-08-101-1/+12
| | | | | | EVP_Verify*. ok tb@
* Add missing include to X25519 synopsis.jsing2018-08-101-2/+3
|
* In typical swiss-army style, various modes and options causederaadt2018-08-101-1/+24
| | | | | different unveils. Joint work with beck and florian. Let us know if you hit any corner cases.
* Run the wycheproof ECDSA test vectors against libcrypto.jsing2018-08-101-7/+147
| | | | | Skip the ecdsa_webcrypto_test.json vectors for the time being, as these likely need some extra glue.
* Run the X25519 wycheproof test vectors against libcrypto.jsing2018-08-101-13/+82
|
* Rework regress so that it is easier to add additional test types.jsing2018-08-101-35/+59
|
* Use a table rather than a switch when converting strings to NIDs.jsing2018-08-101-14/+13
| | | | This will make it easier to extend.
* typo: macro-generates wrappers -> macro-generated wrapperstb2018-08-081-3/+3
|
* Remove unnecessary NULL check from get_cert_by_subject sincelibressl-v2.8.0bcook2018-08-051-3/+3
| | | | | | sk_BY_DIR_HASH_find already does it, removing ambiguity later in the function. ok tb@
* Fix a memory leak in i2d_RSA_NET on failure of ASN1_STRING_set.bcook2018-08-051-2/+2
| | | | | Found by Coverity. Feedback and ok tb@
* In RSA_padding_add_PKCS1_OAEP, dbmask needs to be freed on failure.bcook2018-08-051-3/+7
| | | | ok tb@
* Fix memory leak in i2b_PVK in error handling.bcook2018-08-051-14/+10
| | | | | | | Simplify parameter checks since this is only called from one place. Found by Coverity, CID 183502. ok beck@
* Document that X509_{NAME,REQ,REQ_INFO}_free() are all NULL safe.tb2018-07-292-4/+19
| | | | From Ross L. Richardson
* Provide a harness that runs test vectors from Project Wycheproof againstjsing2018-07-253-1/+253
| | | | | | | | | | libcrypto. Initially this just covers RSA signatures, but can be extended to cover other cryptographic algorithms. This regress requires the go and wycheproof-testvector packages to be installed, with the regress being skipped otherwise. Discussed with beck@ and tb@
* add c++ symbol annotationsbcook2018-07-241-1/+9
| | | | from Cameron Palmer
* Use the same order in NAME, SYNOPSIS, DESCRIPTION, and RETURN VALUES totb2018-07-241-27/+28
| | | | | | | improve readability and ease of maintenance. Positive feedback jmc Detailed suggestion & ok schwarze
* Document tls_peer_ocsp_result() and use it in place of the non-existenttb2018-07-231-6/+12
| | | | | | | tls_peer_ocsp_result_msg() in the documentation. input & ok jsing Reads fine to jmc and makes sense to schwarze
* Use BN_swap_ct() instead of BN_consttime_swap() intb2018-07-231-5/+10
| | | | | | | | | ec_GF2m_montgomery_point_multiply(). The new BN_swap_ct() API is an improved version of the public BN_consttime_swap() function: it allows error checking, doesn't assert(), and has fewer assumptions on the input. This diff eliminates the last use of BN_consttime_swap() in our tree. ok inoguchi, jsing
* Use a size_t instead of an int for the byte count in BN_swap_ct().tb2018-07-232-8/+11
| | | | | | | | Since bignums use ints for the same purpose, this still uses an int internally after an overflow check. Suggested by and discussed with jsing. ok inoguchi, jsing
* Clean up our disgusting implementations of BN_{,u}{add,sub}(), followingtb2018-07-231-157/+67
| | | | | | | | | changes made in OpenSSL by Davide Galassi and others, so that one can actually follow what is going on. There is no performance impact from this change as the code still does essentially the same thing. There's a ton of work still to be done to make the BN code less terrible. ok jsing, kn
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-20 06:40:48 +0000