Skip to content
  1. Apr 25, 2018
    • Richard Levitte's avatar
      test/recipes/15-test_out_option.t: refine tests · 39e32be1
      Richard Levitte authored
      
      
      Test writing to the null device.  This should be successful.
      
      Also, refactor so the planned number of tests is calculated.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/6033)
      39e32be1
    • Nicola Tuveri's avatar
      [SM2_sign] add minimal EVP_PKEY functionality testing · 22f0c72b
      Nicola Tuveri authored
      
      
      The actual functionality of generating signatures through the `EVP_PKEY`
      API is completely untested.
      Current tests under the `EVP_PKEY` API
      (`test/recipes/30-test_evp_data/evppkey.txt`) only cover `Verify` and
      `Decrypt`, while encryption and signature generation are tested with
      ad-hoc clients (`test/sm2crypttest.c`, `test/sm2signtest.c`) that do not
      call the `EVP_PKEY` interface at all but soon-to-be private functions
      that bypass it (cf. PR#5895 ).
      
      It is my opinion that an ideal solution for the future would consist on
      enhancing the `test/evp_pkey` facility and syntax to allow tests to take
      control of the PRNG to inject known nonces and validate the results of
      `EVP_PKEY` implementations against deterministic known answer tests, but
      it is probably too late to work on this feature in time for next release.
      
      Given that commit b5a85f70d8 highlights some critical bugs in the hook
      between the `EVP_PKEY` interface and SM2 signature generation and that
      these defects escaped testing and code review, I think that at least for
      now it is beneficial to at least add the kind of "bogus" testing
      provided by this patch:
      this is a "fake" test as it does only verify that the SM2 `EVP_PKEY`
      interface is capable of creating a signature without failing, but it
      does not say anything about the generated signature being valid, nor
      does it test the functional correctness of the cryptosystem.
      
      Reviewed-by: default avatarBernd Edlinger <bernd.edlinger@hotmail.de>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/6066)
      22f0c72b
    • Nicola Tuveri's avatar
      [SM2_sign] fix double free and return value · 67cc2bae
      Nicola Tuveri authored
      
      
      Currently, critical bugs prevent using SM2 signatures through the
      `EVP_PKEY` interface: any application that managed to satisfy the
      requirement of forcing SM3 as the message digest – even if this is
      currently not possible transparently through the `EVP_PKEY` interface
      and requires manually forcing the MD selection – would crash with a
      segmentation fault upon calling the `SM2_sign()` function.
      
      This is easily verified using the OpenSSL CLI to execute this critical
      code path under the right conditions:
      `openssl dgst -sm3 -hex -sign sm2.eckey /path/to/file/to/sign`
      
      The issue is caused by a double free at the end of `SM2_sign()` in
      `crypto/sm2/sm2_sign.c` in case of successful signature generation.
      In addition, even if the double free was not causing segfaults,
      the function returns the wrong return value in case of success (it
      would return 0 rather than 1).
      
      This patch fixes both problems.
      
      Reviewed-by: default avatarBernd Edlinger <bernd.edlinger@hotmail.de>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/6066)
      67cc2bae
    • Matt Caswell's avatar
      Fix the MAX_CURVELIST definition · ca50cd91
      Matt Caswell authored
      
      
      The MAX_CURVELIST macro defines the total number of in-built SSL/TLS curves
      that we support. However it has not been updated as new curves are added.
      
      Fixes #5232
      
      Reviewed-by: default avatarBernd Edlinger <bernd.edlinger@hotmail.de>
      (Merged from https://github.com/openssl/openssl/pull/6065)
      ca50cd91
  2. Apr 24, 2018
  3. Apr 23, 2018
  4. Apr 22, 2018
  5. Apr 20, 2018