- Apr 18, 2017
-
-
Robbie Harwood authored
Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2022)
-
Robbie Harwood authored
Reviewed-by:
-
Robbie Harwood authored
Reviewed-by:
-
Robbie Harwood authored
Reviewed-by:
-
Thiago Arrais authored
Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3132)
-
- Apr 17, 2017
-
-
Andy Polyakov authored
Trouble was that integer negation wasn't producing *formally* correct result in platform-neutral sense. Formally correct thing to do is -(int64_t)u, but this triggers undefined behaviour for one value that would still be representable in ASN.1. The trigger was masked with (int64_t)(0-u), but this is formally inappropriate for values other than the problematic one. [Also reorder branches to favour most-likely paths and harmonize asn1_string_set_int64 with asn1_get_int64].] Reviewed-by:
-
Rich Salz authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3229)
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to an unsupported algorithm/curve (e.g. if binary EC support is disabled). Before this commit the issue arise for example if binary EC keys are added in evptests.txt, and the test is run when EC is enabled but EC2m is disabled. E.g. adding these lines to evptests.txt would reproduce the issue: ~~~ PrivateKey=KAS-ECC-CDH_K-163_C0 -----BEGIN PRIVATE KEY----- MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA Z7icPpo= -----END PRIVATE KEY----- PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC -----BEGIN PUBLIC KEY----- MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe 53YiHHK4SzR844PzgGe4nD6a -----END PUBLIC KEY----- PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC -----BEGIN PUBLIC KEY----- MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM JRuNoCHLrCgfEj969PrFs9u4 -----END PUBLIC KEY----- Derive=KAS-ECC-CDH_K-163_C0 PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC Ctrl=ecdh_cofactor_mode:1 SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc ~~~ Reviewed-by:
-
- Apr 16, 2017
-
-
Kurt Roeckx authored
This adds a way to use the last byte of the buffer to change the behavior of the server. The last byte is used so that the existing corpus can be reused either without changing it, or just adding a single byte, and that it can still be used by other projects. Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
- Apr 14, 2017
-
-
Nicola Tuveri authored
When compiling without EC support the test fails abruptly reading some keys. Some keys merged in commit db04055 start with ------BEGIN EC PRIVATE KEY----- this format is not supported without EC support. This commit reformat those keys with the generic format. After this change the test simply skips the unsupported EC keys when EC is disabled, without parsing errors. Reviewed-by:
-
Nicola Tuveri authored
All tests from ecdhtest.c have been ported to evptests.txt Reviewed-by:
-
Nicola Tuveri authored
move NIST SP800-56A co-factor ECDH KATs from ecdhtest.c to evptests.txt Reviewed-by:
-
Rich Salz authored
verify_extra_test still failing :( Reviewed-by:
-
Todd Short authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
i.e. reduce amount of branches and favour likely ones. Reviewed-by:
-
Andy Polyakov authored
If $_ is not private, it can wipe caller's one, which proved to be problematic... Reviewed-by:
-
- Apr 13, 2017
-
-
Pauli authored
Add test case that checks some of them. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Richard Levitte authored
Fixes #3191 Reviewed-by:
-
Richard Levitte authored
Fixes #3191 Reviewed-by:
-
Richard Levitte authored
Also, when "allocating" or "deallocating" an embedded item, never call prim_new() or prim_free(). Call prim_clear() instead. Fixes #3191 Reviewed-by:
-
- Apr 12, 2017
-
-
Richard Levitte authored
[extended tests] Reviewed-by:
-
Todd Short authored
RT3877: Add X509 OCSP error codes and messages Add additional OCSP error codes for X509 verify usage RT3867: Support Multiple CA certs in ocsp app Add the ability to read multiple CA certs from a single file in the ocsp app. Update some missing X509 errors in documentation. Reviewed-by:
-
Richard Levitte authored
The check for this was done by checking if $TRAVIS_EVENT_TYPE is "pull_request". The trouble is that when new data is pushed to an already existing pull request, the event type is "push". Better then to go with another documented variable, $TRAVIS_PULL_REQUEST, which is "false" in non-PR builds. Ref: https://docs.travis-ci.com/user/environment-variables/#Default-Environment-Variables Reviewed-by:
-
Rob Percival authored
This resulted in the SCT timestamp check always failing, because the timestamp appeared to be in the future. Reviewed-by:
-
Rob Percival authored
The only SSL tests prior to this tested using certificates with no embedded Signed Certificate Timestamps (SCTs), which meant they couldn't confirm whether Certificate Transparency checks in "strict" mode were working. These tests reveal a bug in the validation of SCT timestamps, which is fixed by the next commit. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
To new test framework Reviewed-by:
-
Richard Levitte authored
95-test_external_boringssl.t had a specialised run() variant to prefix the command output so it wouldn't disturb Test::Harness. This functionality if now moved to the run() command, using the added option 'prefix' that can be set to the string to prefix the output with. Reviewed-by:
-
Nicola Tuveri authored
Reviewed-by:
-
Nicola Tuveri authored
Reviewed-by:
-
