aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Add Broadwell performance results.Andy Polyakov2015-01-133-2/+11
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Remove use of BN_init, BN_RECP_CTX_init from bntestDr. Stephen Henson2015-01-131-212/+212
| | | | | | | BN_init and BN_RECP_CTX_init are deprecated and are not exported from shared libraries on some platforms (e.g. Windows) convert bntest to use BN_new and BN_RECP_CTX_new instead. Reviewed-by: Matt Caswell <matt@openssl.org>
* Make output from openssl version -f consistent with previous versionsMatt Caswell2015-01-131-1/+1
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org>
* Fix warning where BIO_FLAGS_UPLINK was being redefined.Matt Caswell2015-01-131-1/+1
| | | | | | This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by: Andy Polyakov <appro@openssl.org>
* Avoid deprecation problems in Visual Studio 13Matt Caswell2015-01-131-59/+2
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org>
* RT3548: Remove unsupported platformsRich Salz2015-01-1219-126/+62
| | | | | | | This last one for this ticket. Removes WIN16. So long, MS_CALLBACK and MS_FAR. We won't miss you. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Allow multiple IDN xn-- indicatorsRich Salz2015-01-121-27/+8
| | | | | | | | Update the X509v3 name parsing to allow multiple xn-- international domain name indicators in a name. Previously, only allowed one at the beginning of a name, which was wrong. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* RT3548: Remove some unsupported platforms.Rich Salz2015-01-129-90/+6
| | | | | | | | | This commit removes NCR, Tandem, Cray. Regenerates TABLE. Removes another missing BEOS fluff. The last platform remaining on this ticket is WIN16. Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT478: Add uninstall make targetRich Salz2015-01-121-0/+2
| | | | | | | | | | | | | | | | | Add INSTALLDIRS variable, list of directories where things get installed. Change install_html_docs to use perl mkdir-p script. Add uninstall, uninstall_sw, uninstall_docs, uninstall_html_docs to Makefile.org. The actions of these targets were figured out by "inverting" the install target. Recurse into subdirs to do uninstall as needed. Added uninstall targets whose actions were similarly figured out by "inverting" the install target. Also remove some 'space before tab' complaints in Makefile.org Reviewed-by: Tim Hudson <tjh@openssl.org>
* make updateMatt Caswell2015-01-121-6/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove redundant DSO_METHOD_beos declaration in dso.h. BEOS support has beenMatt Caswell2015-01-121-3/+0
| | | | | | removed. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make build reproducibleKurt Roeckx2015-01-101-0/+4
| | | | | | It contained a date on when it was build. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix build failure on Windows due to undefined cflags identifierMatt Caswell2015-01-081-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix for CVE-2014-3570 (with minor bn_asm.c revamp).Andy Polyakov2015-01-084-676/+379
| | | | Reviewed-by: Emilia Kasper <emilia@openssl.org>
* Fix irix-cc build.Andy Polyakov2015-01-074-4/+4
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* use correct function nameDr. Stephen Henson2015-01-061-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* RT3662: Allow leading . in nameConstraintsDr. Stephen Henson2015-01-061-1/+1
| | | | | | Change by SteveH from original by John Denker (in the RT) Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix memory leak.Martin Brejcha2015-01-061-2/+10
| | | | | | | | Fix memory leak by freeing up saved_message.data if it is not NULL. PR#3489 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
* Further comment amendments to preserve formatting prior to source reformatMatt Caswell2015-01-0628-40/+75
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Revert "CHANGES: mention "universal" ARM support."Andy Polyakov2015-01-061-1/+1
| | | | | | This reverts commit 4fec91506975f62a2f93be71a46acc7fae7eef45. Reviewed-by: Matt Caswell <matt@openssl.org>
* CHANGES: mention "universal" ARM support.Andy Polyakov2015-01-061-1/+1
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify ASN1_TYPE_cmp add X509_ALGOR_cmp.Dr. Stephen Henson2015-01-054-2/+14
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Fix various certificate fingerprint issues.Dr. Stephen Henson2015-01-054-2/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Remove inconsistency in ARM support.Andy Polyakov2015-01-0413-157/+195
| | | | | | | | | This facilitates "universal" builds, ones that target multiple architectures, e.g. ARMv5 through ARMv7. See commentary in Configure for details. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* ecp_nistz256-x86_64.pl: fix occasional failures.Andy Polyakov2015-01-041-290/+191
| | | | | | RT: 3607 Reviewed-by: Adam Langley <agl@google.com> Reviewed-by: Emilia Kasper <emilia@openssl.org>
* RT2914: NULL check missing in X509_name_canonRich Salz2015-01-041-0/+2
| | | | | | Check for NULL return from X509_NAME_ENTRY_new() Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Add missing include of sys/time.hKurt Roeckx2014-12-311-0/+3
| | | | | | gettimeofday was undefined Reviewed-by: Geoff Thorpe <geoff@openssl.org>
* mark all block comments that need format preserving so thatTim Hudson2014-12-3098-313/+471
| | | | | | | indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* dlfcn: always define _GNU_SOURCEKurt Roeckx2014-12-301-4/+2
| | | | | | | We need this for the freebsd kernel with glibc as used in the Debian kfreebsd ports. There shouldn't be a problem defining this on systems not using glibc. Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3548: Remove unsupported platformsRich Salz2014-12-281-2/+0
| | | | | | | | This commit removes DG-UX. It also flushes out some left-behinds in config. And regenerates TABLE from Configure (hadn't been done in awhile). Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3548: Remove unsupported platforms.Rich Salz2014-12-222-7/+1
| | | | | | This commit removes MPE/iX Reviewed-by: Andy Polyakov <appro@openssl.org>
* RT3548: Remvoe unsupported platformsRich Salz2014-12-214-14/+3
| | | | | | This commit removes SunOS (a sentimental favorite of mine). Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix incorrect OPENSSL_assert() usage.Michael Tuexen2014-12-201-22/+64
| | | | | | | | Return an error code for I/O errors instead of an assertion failure. PR#3470 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
* RT3548: Remove outdated platformsRich Salz2014-12-192-4/+2
| | | | | | This commit removes all mention of NeXT and NextStep. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix a problem if CFLAGS is too long cversion.c fails to compile when configMatt Caswell2014-12-192-18/+4
| | | | | | is run with --strict-warnings. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Made it an error to define OPENSSL_USE_DEPRECATED if OpenSSL has been builtMatt Caswell2014-12-181-1/+1
| | | | | | with OPENSSL_NO_DEPRECATED defined Reviewed-by: Rich Salz <rsalz@openssl.org>
* Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATEDMatt Caswell2014-12-1814-46/+50
| | | | | | Introduce use of DECLARE_DEPRECATED Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove redundant OPENSSL_NO_DEPRECATED suppressionMatt Caswell2014-12-183-18/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Turn on OPENSSL_NO_DEPRECATED by default.Matt Caswell2014-12-181-0/+17
| | | | | | | | | | | | | Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is defined at config stage then OPENSSL_USE_DEPRECATED has no effect - deprecated functions are not available. If OPENSSL_NO_DEPRECATED is not defined at config stage then applications must define OPENSSL_USE_DEPRECATED in order to access deprecated functions. Also introduce compiler warnings for gcc for applications using deprecated functions Reviewed-by: Rich Salz <rsalz@openssl.org>
* Return error when a bit string indicates an invalid amount of bits leftKurt Roeckx2014-12-183-1/+8
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* RT3548: Remove some obsolete platformsRich Salz2014-12-179-407/+5
| | | | | | This commit removes BEOS. Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3544: Restore MWERKS for NetWareRich Salz2014-12-171-1/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Reject invalid constructed encodings.Dr. Stephen Henson2014-12-173-2/+11
| | | | | | | According to X6.90 null, object identifier, boolean, integer and enumerated types can only have primitive encodings: return an error if any of these are received with a constructed encoding. Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Add a comment noting the padding oracle.Emilia Kasper2014-12-171-0/+5
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org>
* Revert "RT3425: constant-time evp_enc"Emilia Kasper2014-12-172-32/+25
| | | | | | | | | | | Causes more problems than it fixes: even though error codes are not part of the stable API, several users rely on the specific error code, and the change breaks them. Conversely, we don't have any concrete use-cases for constant-time behaviour here. This reverts commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Build fixesEmilia Kasper2014-12-174-7/+3
| | | | | | | | Various build fixes, mostly uncovered by clang's unused-const-variable and unused-function errors. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 0e1c318ece3c82e96ae95a34a1badf58198d6b28)
* Clear warnings/errors within KSSL_DEBUG code sectionsRichard Levitte2014-12-171-10/+12
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Clear warnings/errors within BN_CTX_DEBUG code sectionsRichard Levitte2014-12-171-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Check for invalid divisors in BN_div.Emilia Kasper2014-12-171-3/+5
| | | | | | | Invalid zero-padding in the divisor could cause a division by 0. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit a43bcd9e96c5180e5c6c82164ece643c0097485e)
* Add OPENSSL_NO_ECDH guardsMatt Caswell2014-12-161-0/+8
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-12 05:59:53 +0000