| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-01-25 | link in rsa test | Bob Beck | |
| 2017-01-25 | Add rsa test from openssl, since it has a license now | Bob Beck | |
| 2017-01-21 | Make explicit _ct and _nonct versions of bn_mod_exp funcitons that | Bob Beck | |
| matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@ | |||
| 2017-01-18 | unhook ocsp test from the default since it currently requires network access and | Bob Beck | |
| therefore appears to break in bluhm's test setup | |||
| 2016-12-21 | Update libcrypto regress to handle header and non-exported symbol changes. | Joel Sing | |
| 2016-11-05 | Add regress for X25519, converted from BoringSSL. | Joel Sing | |
| 2016-11-05 | Set PROG so that the binary correctly gets recompiled when the libraries | Miod Vallat | |
| it is linked against change. ok beck@ jsing@ | |||
| 2016-11-04 | Move pqueue regress from libcrypto to libssl, since that's where the pqueue | Joel Sing | |
| code now lives. Also unbreak the regress following the symbol hiding changes in libssl. | |||
| 2016-09-03 | import new BN tests from OpenSSL | Brent Cook | |
| New tests that various BIGNUM methods behave correctly on zero/even inputs. from OpenSSL ok beck@ | |||
| 2016-09-02 | Make this regress build again | Bob Beck | |
| 2016-07-07 | add ca cert error check and make the path configurable | Brent Cook | |
| from Kinichiro Inoguchi | |||
| 2016-07-05 | remove extra assignment of s from 1.11, fix regression test | Brent Cook | |
| 2016-07-05 | On systems where we do not have BN_ULLONG defined (most 64-bit systems), | Brent Cook | |
| BN_mod_word() can return incorrect results if the supplied modulus is too big, so we need to fall back to BN_div_word. Now that BN_mod_word may fail, handle errors properly update the man page. Thanks to Brian Smith for pointing out these fixes from BoringSSL: https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89 https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be ok beck@ | |||
| 2016-07-05 | make less awful.. test against cloudflare too | Bob Beck | |
| 2016-07-04 | Add a nasty little ocsp regress test in the hope pedants will make it better. | Bob Beck | |
| 2016-06-30 | Remove flags for disabling constant-time operations. | Brent Cook | |
| This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@ | |||
| 2016-05-30 | Gix misleading indent pointed out by GCC 6.1. | Brent Cook | |
| ok beck@ jsing@ | |||
| 2016-04-28 | Update AEAD regress to match EVP_aead_chacha20_poly1305() changes. | Joel Sing | |
| 2016-04-13 | After opening an AEAD, ensure that the decrypted output matches the | Joel Sing | |
| plaintext for the regress test case. | |||
| 2016-03-13 | check return value for BN_hex2bn in regression tests | Brent Cook | |
| 2015-12-28 | initialize pointer to avoid undefined free on failure | Brent Cook | |
| ok beck@ | |||
| 2015-11-02 | Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539, | Reyk Floeter | |
| "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD construction that is incompatible with the common style that has been already used in TLS with EVP_aead_chacha20_poly1305(). The IETF version also adds a constant (salt) that is prepended to the nonce. OK mikeb@ jsing@ | |||
| 2015-10-30 | print unsigned ints with %u, not %d. Reported by Pascal Cuoq. | Miod Vallat | |
| 2015-10-30 | Add explicit LL suffixes to the numerical constants which do not fit in 32 bits. | Miod Vallat | |
| 2015-10-30 | Pull in <sys/types.h> to get ssize_t or <stdint.h> to get uint32_t, instead of | Miod Vallat | |
| relying upon previously included headers to do this, to enhance portability; from Pascal Cuoq, libressl github pull request #52 | |||
| 2015-10-25 | Missing initializer; spotted by coverity. | Miod Vallat | |
| 2015-10-22 | Extend tests to call ASN1_{GENERALIZED,UTC,}TIME_set_string() with a NULL | Joel Sing | |
| pointer - because, you know, you might want to set a string on a NULL object. The previous implementation apparently allowed this as a way of testing if the string was valid... probably because the *_check() functions are only useable after the string has already been set. | |||
| 2015-10-22 | Fix case where we wanted to test ASN1_TIME_set_string() but were testing | Joel Sing | |
| ASN1_UTCTIME_set_string() twice instead. | |||
| 2015-10-22 | Fix case where we wanted to test ASN1_TIME_set_string() but were testing | Joel Sing | |
| ASN1_UTCTIME_set_string() twice instead. | |||
| 2015-10-19 | Change regress to not believe legacy times are valid | Bob Beck | |
| 2015-10-02 | Add another invalid time, which is currently accepted. | Joel Sing | |
| 2015-09-30 | Fix a bug in the regress, and be much more pedantic about what is allowed | Bob Beck | |
| per RFC 5380 in an X509. RFC 5280 states that all times before 2050 must be specified as a UTCtime, not a Generalized time, and all times after must be a UTC time. By extension this also means the smallest time allowed per RFC 5280 is 500101000000Z and the largest is 99991231235959Z.. | |||
| 2015-09-29 | Add an rfc5280 test suite to test x509_cmp_time. | Bob Beck | |
| Note some of these will yet fail with the current libcrypto as the current X509_cmp_time is not RFC5280 compliant ok jsing@ | |||
| 2015-09-29 | Fix sha2 regression test for libcrypto. | Doug Hogan | |
| By default, "openssl sha" used SHA-0. However, it was possible to use the form "openssl sha -sha256" to run SHA-256 instead. The regression test used this form. Since we removed SHA-0 support, the regress tests should now call "openssl <digest>". ok guenther@, bcook@ | |||
| 2015-09-25 | Add DER encoding/decoding coverage for ASN.1 GENERALIZEDTIME and UTCTIME. | Joel Sing | |
| 2015-09-25 | Add initial regress tests for ASN.1 times. | Joel Sing | |
| 2015-09-14 | Temporarily revive MD4 for MS CHAP support. | Doug Hogan | |
| 2015-09-13 | Remove MD4 support from LibreSSL. | Doug Hogan | |
| MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@ | |||
| 2015-09-13 | Another style(9) grenade. | Joel Sing | |
| 2015-09-13 | Remove SHA-0 support. | Doug Hogan | |
| SHA-0 was withdrawn shortly after publication 20 years ago and replaced with SHA-1. This will require a major crank. ok bcook@, jsing@ | |||
| 2015-09-13 | Remove explicit NULL checks before *_free() calls and tidy some code. | Joel Sing | |
| 2015-09-13 | Use ECDH_size() and do some other clean up. | Joel Sing | |
| 2015-09-13 | remove e_os2.h includes | Brent Cook | |
| ok jsing@ | |||
| 2015-09-13 | Wrap long lines. | Joel Sing | |
| 2015-09-13 | style(9) grenade. | Joel Sing | |
| 2015-09-12 | Cleanup enginetest a bit. | Brent Cook | |
| It was the only thing preventing -Werror from building on some systems due to the unchecked asprintf's. | |||
| 2015-07-18 | remove mysterious, decorative comment blocklets | Brent Cook | |
| 2015-07-18 | Explicitly mark ignored BN_* return vals in tests. | Brent Cook | |
| The tests will fail all the same. Fixes Coverity 78811 21659 21658 21657. Discussed with beck@ | |||
| 2015-07-18 | check sscanf conversion, fixes Coverity 21666 | Brent Cook | |
| ok doug@, miod@, guenther@ | |||
| 2015-06-20 | Remove obsolete MDC-2DES from libcrypto. | Doug Hogan | |
| ok deraadt@ jsing@ miod@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |