aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove heartbeats completelyRichard Levitte2016-11-1512-102/+3
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
* Simplify PKCS#12 PBE algorithm.Dr. Stephen Henson2016-11-151-34/+12
| | | | | | | Simplify PKCS#12 PBE algorithm by working out Ij + B + 1 directly instead of using BIGNUMs. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add a warning stipulating how things should be coded in ossl_init_baseRichard Levitte2016-11-151-0/+7
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1922)
* Stop init loopsRichard Levitte2016-11-151-1/+1
| | | | | | | | | | | | | | | | | Under certain circumstances, the libcrypto init code would loop, causing a deadlock. This would typically happen if something in ossl_init_base() caused an OpenSSL error, and the error stack routines would recurse into the init code before the flag that ossl_init_base() had been run was checked. This change makes sure ossl_init_base isn't run once more of the base is initiated. Thanks to Dmitry Kostjuchenko for the idea. Fixes Github issue #1899 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1922)
* Configurations/10-main.conf: remove obsolete flag from solaris-x86-gcc.Andy Polyakov2016-11-151-9/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Configurations/10-main.conf: document GCC for Solaris config constraint.Andy Polyakov2016-11-151-0/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Allow CA.pl script user to pass extra arguments to openssl commandmarko asplund2016-11-142-40/+84
| | | | | | | Useful e.g. to fully script CA commands Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1797)
* dsa/dsa_gen: add error message for seed_len < 0Sebastian Andrzej Siewior2016-11-143-2/+7
| | | | | | | | | | | prio openssl 1.1.0 seed_len < q was accepted and the seed argument was then ignored. Now DSA_generate_parameters_ex() returns an error in such a case but no error string. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1657)
* Revert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows"Matt Caswell2016-11-141-1/+1
| | | | | | | | | | | | | This reverts commit 349d1cfddcfa33d352240582a3803f2eba39d9a0. The proposed fix is incorrect. It marks the "run_once" code as having finished before it has. The intended semantics of run_once is that no threads should proceed until the code has run exactly once. With this change the "second" thread will think the run_once code has already been run and will continue, even though it is still in progress. This could result in a crash or other incorrect behaviour. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove heartbeat supportRichard Levitte2016-11-1316-775/+6
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
* Fixed deadlock in CRYPTO_THREAD_run_once for WindowsDK2016-11-131-1/+1
| | | | | | | | | | | Fixed deadlock in CRYPTO_THREAD_run_once() if call to init() is causing a recursive call to CRYPTO_THREAD_run_once() again that is causing a hot deadloop inside do { } while (result == ONCE_ININIT); section. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1913)
* Solution proposal for issue #1647.Matthias Kraft2016-11-121-1/+4
| | | | | | | | | | Avoid a memory alignment issue. Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com> CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1650)
* Update s_client and s_server documentation about some missing argumentsEasySec2016-11-124-4/+44
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1837)
* Replace the 'SSL' broken link with SSL_CTX_set_security_level which seems ↵EasySec2016-11-121-0/+1
| | | | | | | not being referenced from elsewhere Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1898)
* EVP docs: chacha20, chacha20-poly1305enkore2016-11-121-1/+13
| | | | | | | | CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1909)
* Update fuzz corporaKurt Roeckx2016-11-123895-654/+374
| | | | | | | | New minimal fuzz corpora set Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #1910
* Cast to an unsigned type before negatingKurt Roeckx2016-11-121-1/+1
| | | | | | | | | | | | | llvm's ubsan reported: runtime error: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Found using libfuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1908
* sha/asm/sha512-armv8.pl: add NEON version of SHA256.Andy Polyakov2016-11-111-4/+313
| | | | | | This provides up to 30% better performance on some of recent processors. Reviewed-by: Richard Levitte <levitte@openssl.org>
* sha/keccak1600.c: add some optimized implementations.Andy Polyakov2016-11-111-5/+585
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* chacha/asm/chacha-x86.pl: improve [backward] portability.Andy Polyakov2016-11-111-1/+8
| | | | | | | | | | | | | In order to minimize dependency on assembler version a number of post-SSE2 instructions are encoded manually. But in order to simplify the procedure only register operands are considered. Non-register operands are passed down to assembler. Module in question uses pshufb with memory operands, and old [GNU] assembler can't handle it. Fortunately in this case it's possible skip just the problematic segment without skipping SSSE3 support altogether. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* PPC assembler pack: add some PPC970/G5 performance data.Andy Polyakov2016-11-112-2/+4
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix typo in util/process_docs.plRichard Levitte2016-11-111-1/+1
| | | | | | The links weren't properly terminated with a " Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1901)
* Fix referenses in section 7 manualsRichard Levitte2016-11-116-10/+10
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900)
* Fix referenses in section 1 manualsRichard Levitte2016-11-116-8/+9
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900)
* Fix referenses in section 3 manualsRichard Levitte2016-11-11215-256/+254
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900)
* Add util/check-doc-links.pl, to be used to check referenses in manualsRichard Levitte2016-11-111-0/+99
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900)
* Fix the effect of no-dso in crypto/init.cRichard Levitte2016-11-111-2/+2
| | | | | | | | When configured no-dso, there are no DSO_{whatever} macros defined. Therefore, before checking those, you have to check if OPENSSL_NO_DSO is defined. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1902)
* Small fixups of util/process_docs.plRichard Levitte2016-11-101-2/+2
| | | | | | | | | | | - the pod path hadn't been changed with the directory layout change - apparently, pod2html doesn't add ".html" at the end of links, making them useless, so we need to fix that With thanks for the report to Michel <michel.sales@free.fr> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1896)
* Fix test_sslcorrupt when using TLSv1.3Matt Caswell2016-11-101-0/+26
| | | | | | | | | The test loops through all the ciphers, attempting to test each one in turn. However version negotiation happens before cipher selection, so with TLSv1.3 switched on if we use a non-TLSv1.3 compatible cipher suite we get "no share cipher". Reviewed-by: Rich Salz <rsalz@openssl.org>
* Revert "Move algorithm specific ppccap code from crypto/ppccap.c"Richard Levitte2016-11-107-186/+116
| | | | | | | | | Now that we can link specifically with static libraries, the immediate need to split ppccap.c (and eventually other *cap.c files) is no more. This reverts commit e3fb4d3d52e188b83ccb8506aa2f16cb686f4d6c. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Rename the Elliptic Curves extension to supported_groupsMatt Caswell2016-11-1015-160/+209
| | | | | | | | | | This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is because TLS1.3 has renamed the extension, and it can now include DH groups too. We still only support curves, but this rename should pave the way for a future extension for DH groups. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Link internal tests with static OpenSSL libraries when neededRichard Levitte2016-11-102-74/+36
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1889)
* Document how to force linking with static librariesRichard Levitte2016-11-102-5/+29
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1889)
* Building: make it possible to force linking with static OpenSSL libsRichard Levitte2016-11-105-20/+47
| | | | | | | | | Very simply, support having the .a extension to denote depending on static libraries. Note that this is not supported on native Windows when building shared libraries, as there is not static library then, just an import library with the same name. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1889)
* Fix no-ct in test/ct_test.cRichard Levitte2016-11-101-0/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1890)
* descrip.mms.tmpl: Simplify fiddling of logical names record and statemRichard Levitte2016-11-101-6/+2
| | | | | | | Instead of enumerating exactly those files in test/ that include ../ssl/ssl_locl.h, assume they all do. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1891)
* Update CHANGES and NEWSMatt Caswell2016-11-102-0/+49
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix the no-tls optionMatt Caswell2016-11-102-1/+5
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix no-cms (CVE-2016-7053)Richard Levitte2016-11-101-5/+10
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* test/evptests.txt: add negative tests for AEAD ciphers.Andy Polyakov2016-11-102-1/+60
| | | | | | | This is done by taking one vector, "corrupting" last bit of the tag value and verifying that decrypt fails. Reviewed-by: Emilia Käsper <emilia@openssl.org>
* test: add TLS application data corruption test.Andy Polyakov2016-11-104-1/+307
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* add test for CVE-2016-7053Dr. Stephen Henson2016-11-102-1/+9
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Don't set choice selector on parse failure.Dr. Stephen Henson2016-11-101-7/+7
| | | | | | | | | | | | Don't set choice selector on parse failure: this can pass unexpected values to the choice callback. Instead free up partial structure directly. CVE-2016-7053 Thanks to Tyler Nighswander of ForAllSecure for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
* chacha20/poly1305: make sure to clear the buffer at correct positionRichard Levitte2016-11-101-1/+1
| | | | | | | | | | | The offset to the memory to clear was incorrect, causing a heap buffer overflow. CVE-2016-7054 Thanks to Robert Święcki for reporting this Reviewed-by: Rich Salz <rsalz@openssl.org>
* aes/asm/aesp8-ppc.pl: improve [backward] portability.Andy Polyakov2016-11-101-1/+1
| | | | | | | | Some of stone-age assembler can't cope with r0 in address. It's actually sensible thing to do, because r0 is shunted to 0 in address arithmetic and by refusing r0 assembler effectively makes you understand that. Reviewed-by: Rich Salz <rsalz@openssl.org>
* bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).Andy Polyakov2016-11-101-3/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* test/bntest.c: regression test for CVE-2016-7055.Andy Polyakov2016-11-101-0/+26
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix the evp_test Ctrl keyword processingRichard Levitte2016-11-101-4/+12
| | | | | | | Skip the test if the value after ":" is a disabled algorithm, rather than failing it Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix no-dso (shlibloadtest)Richard Levitte2016-11-101-4/+3
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Address some supported_versions review commentsMatt Caswell2016-11-095-7/+21
| | | | | | | Added some TODOs, refactored a couple of things and added a SSL_IS_TLS13() macro. Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-23 04:18:26 +0000