aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* More doc nitsRich Salz2016-06-0664-64/+68
| | | | | | | Update script to look for period or POD markup in NAME section, and fix them. Reviewed-by: Andy Polyakov <appro@openssl.org>
* NOTES.WIN: use secure urlsViktor Szakats2016-06-061-3/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1175)
* tests: fix the shutting up of the shellRichard Levitte2016-06-061-4/+6
| | | | | | | | If we're going to redirect STDERR and STDOUT, it's better to do it by the book. This fix is a straight copy of examples in the perlfunc manual. Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix the directory target generationRichard Levitte2016-06-061-2/+14
| | | | | | | | | | | | | | The directories for the final products were never registered, it was plain luck that intermediary files were in the same place and registered the directory anyway. Also, scripts are generated directly from source (binaries go through intermadiary object files), so we need to explicitely make sure to avoid registering the source directory unless it's an in source build. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Deprecate the flags that switch off constant timeMatt Caswell2016-06-0613-264/+160
| | | | | | | | | The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch off the constant time implementation for RSA, DSA and DH have been made no-ops and deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Simplify dsa_ossl.cMatt Caswell2016-06-061-41/+20
| | | | | | | | | The dsa_ossl.c file defined a couple of multi-line macros, but then only used each one once. The macros just serve to complicate the code and make it more difficult to understand what is really going on. Hence they are removed. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix DSA, preserve BN_FLG_CONSTTIMECesar Pereida2016-06-061-4/+5
| | | | | | | | | | | | | Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. CVE-2016-2178 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* s390x assembly pack: improve portability.Andy Polyakov2016-06-062-4/+4
| | | | | | | | | | Some of the instructions used in latest additions are extension ones. There is no real reason to limit ourselves to specific processors, so [re-]adhere to base instruction set. RT#4548 Reviewed-by: Rich Salz <rsalz@openssl.org>
* tests: Shut the shell up unless verboseRichard Levitte2016-06-062-1/+17
| | | | | | | In rare cases, the shell we run test programs in may have complaints. Shut those up unless testing verbosely. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Remove extra include's in synopsis.Rich Salz2016-06-0521-33/+24
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Configure: complete the changed fuzz option checksRichard Levitte2016-06-051-1/+2
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org>
* Silence misleading test_abort stderr outputViktor Dukhovni2016-06-051-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Constify X509V3_EXT_*_conf*FdaSilvaYY2016-06-042-44/+44
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
* Constify ASN1_generate_nconfFdaSilvaYY2016-06-043-3/+3
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
* Constify ASN1_generate_v3FdaSilvaYY2016-06-043-5/+5
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
* Constify s2i_ASN1_IA5STRINGFdaSilvaYY2016-06-042-5/+4
| | | | | | | | Return directly NULL after ASN1_STRING_set, as it already has set an error code. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
* Constify s2i_ASN1_INTEGERFdaSilvaYY2016-06-043-4/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
* Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509FdaSilvaYY2016-06-042-4/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
* Clean away the last unixmake vestigesRichard Levitte2016-06-041-39/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix re-used function codeRich Salz2016-06-041-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Ignore buildtest artifacts.Rich Salz2016-06-041-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add developer targets for each subdirectory we have something to build inRichard Levitte2016-06-043-2/+115
| | | | | | | | | | | | | | | | | | | Previous build scheme allowed building just the stuff in one subdirectory, like this: make -C crypto/aes Because the unified only has a top-level Makefile, this is not possible with it. This change adds a replacement where each directory we have something to build in becomes a target in its own right, allowing building something like this: make crypto/aes The exception is the directory test, because we already have such a target. Reviewed-by: Stephen Henson <steve@openssl.org>
* Specifiy size of arraysKurt Roeckx2016-06-043-4/+4
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1139
* Check for overflows in EOC.Dr. Stephen Henson2016-06-042-8/+15
| | | | | | RT#4474 (partial) Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add support for fuzzing with AFLKurt Roeckx2016-06-0413-38/+136
| | | | | | Reviewed-by: Ben Laurie <ben@links.org> MR: #2740
* RT3895: Remove fprintf's from SSL library.Rich Salz2016-06-043-5/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* More utils cleanup.Rich Salz2016-06-046-208/+32
| | | | | | | | Remove some unused files. Rename doc-nit-check to be consistent. Add check for multiple #include in synopsis. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make 25-test_gen.t and 25-test_req.t into oneRichard Levitte2016-06-042-55/+30
| | | | | | | | | | Since one generates files that the other depends on, there's no real reason to keep them separate. Since they were both different aspects of 'openssl req', the merge ends up in 25-test_req.t. This also makes cleanup easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Have some more test recipes clean up after themselvesRichard Levitte2016-06-043-3/+43
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Windows build: Remove .manifest files in test/ as wellRichard Levitte2016-06-041-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Change inclusion of sys/types.h to stdlib.h in include/openssl/ebcdic.hRichard Levitte2016-06-041-1/+1
| | | | | | Needed to get size_t on Windows Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add inclusion of stdlib.h in include/openssl/mdc2.hRichard Levitte2016-06-041-0/+1
| | | | | | Needed to get size_t Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add inclusion of openssl/x509.h in include/openssl/tls1.hRichard Levitte2016-06-041-0/+1
| | | | | | Needed to get the needed declarations for STACK_OF(X509) Reviewed-by: Rich Salz <rsalz@openssl.org>
* Generate simple build test filesRichard Levitte2016-06-042-1/+54
| | | | | | | | | | Generate small test programs to check that external programs can be built with our stuff at a very basic level. For now, they check that each of our header files can be included individually without compile failure. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix documentation error in x509 app certopt flagMatt Caswell2016-06-031-2/+2
| | | | | | | | | | | | | | | | | According to the x509 man page in the section discussing -certopt it says that the ca_default option is the same as that used by the ca utility and (amongst other things) has the effect of suppressing printing of the signature - but in fact it doesn't. This error seems to have been present since the documentation was written back in 2001. It never had this effect. The default config file sets the certopt value to ca_default. The ca utility takes that and THEN adds additional options to suppress printing of the signature. So the ca utility DOES suppress printing of the signature - but it is not as a result of using the ca_default option. GitHub Issue #247 Reviewed-by: Rich Salz <rsalz@openssl.org>
* BIO_printf() can fail to print the last characterMatt Caswell2016-06-031-3/+9
| | | | | | | | | | | If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: Rich Salz <rsalz@openssl.org>
* cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errorsJonas Maebe2016-06-031-6/+13
| | | | | | | | | zapparams modification based on tip from Matt Caswell RT#3198 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Handle a memory allocation failure in ssl3_init_finished_mac()Matt Caswell2016-06-037-9/+30
| | | | | | | | | The ssl3_init_finished_mac() function can fail, in which case we need to propagate the error up through the stack. RT#3198 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Update INSTALL instructionsMatt Caswell2016-06-031-23/+191
| | | | | | | Fill out the INSTALL instructions with more information on Configure arguments, environment variables and Makefile targets. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Added define for STATUS_SUCCESSMat2016-06-031-5/+8
| | | | | | | Use STATUS_SUCCESS instead of 0. Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
* Adds casts for 64-bitMat2016-06-031-3/+3
| | | | | | | Adds missing casts for 64-bit. Removed zero initialization of hProvider. hProvider is an "out" parameter of CryptAcquireContextW. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
* Define USE_BCRYPTMat2016-06-031-5/+7
| | | | | | | Define USE_BCRYPT Removed _WIN32_WINNT define Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
* Use BCryptGenRandom on Windows 7 or higherMat2016-06-031-7/+19
| | | | | | | | | | | When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI. This change brings the following benefits: - Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll - CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded. - Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
* Add a paragraph on documentation to CONTRIBUTINGMatt Caswell2016-06-031-0/+4
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Further update CONTRIBUTINGMatt Caswell2016-06-031-2/+2
| | | | | | | Tweak to the wording on merge commits. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Tweaks to NOTES.PERLMatt Caswell2016-06-031-4/+5
| | | | | | | Fix some typos and other minor amendments to NOTES.PERL. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Update NOTES.WINMatt Caswell2016-06-031-1/+1
| | | | | | | Make the recommendation for MSYS perl in an MSYS environment more forceful. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Update CONTRIBUTINGMatt Caswell2016-06-031-9/+12
| | | | | | | Fix typos and clarify a few things in the CONTRIBUTING file. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Bring the README file up to dateMatt Caswell2016-06-031-18/+16
| | | | | | | The README file was a little out of date so needed a refresh Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix threading issue that at best will leak memoryPauli2016-06-031-0/+3
| | | | | | | | The problem is the checking in policy_cache_set, there is a race condition between the null check and obtaining the lock. The fix is in policy_cache_new to detect if the creation has happened already. Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-24 08:04:13 +0000