Skip to content
  1. Mar 23, 2015
  2. Mar 21, 2015
  3. Mar 20, 2015
  4. Mar 19, 2015
  5. Mar 18, 2015
  6. Mar 17, 2015
    • Richard Levitte's avatar
      Correct the request of debug builds · 9e43c6b5
      Richard Levitte authored
      
      
      ./config would translate -d into having the target get a 'debug-'
      prefix, and then run './Configure LIST' to find out if such a
      debugging target exists or not.
      
      With the recent changes, the separate 'debug-foo' targets are
      disappearing, and we're giving the normal targets debugging
      capabilities instead.  Unfortunately, './config' wasn't changed to
      match this new behavior.
      
      This change introduces the arguments '--debug' and '--release' - the
      latter just for orthogonality - to ./Configure, and ./config now
      treats -d by adding '--debug' to the options for ./Configure.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      9e43c6b5
    • Matt Caswell's avatar
      Dead code removal from apps · 11abf922
      Matt Caswell authored
      
      
      Some miscellaneous removal of dead code from apps. Also fix an issue with
      error handling with pkcs7.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      11abf922
    • Matt Caswell's avatar
      Remove dead code from crypto · b7573c59
      Matt Caswell authored
      
      
      Some miscellaneous removal of dead code from lib crypto.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      b7573c59
    • Matt Caswell's avatar
      Fix probable_prime over large shift · e4676e90
      Matt Caswell authored
      
      
      In the probable_prime() function we behave slightly different if the number
      of bits we are interested in is <= BN_BITS2 (the num of bits in a BN_ULONG).
      As part of the calculation we work out a size_limit as follows:
      
          size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
      
      There is a problem though if bits == BN_BITS2. Shifting by that much causes
      undefined behaviour. I did some tests. On my system BN_BITS2 == 64. So I
      set bits to 64 and calculated the result of:
      
          (((BN_ULONG)1) << bits)
      
      I was expecting to get the result 0. I actually got 1! Strangely this...
      
          (((BN_ULONG)0) << BN_BITS2)
      
      ...does equal 0! This means that, on my system at least, size_limit will be
      off by 1 when bits == BN_BITS2.
      
      This commit fixes the behaviour so that we always get consistent results.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      e4676e90
    • Matt Caswell's avatar
      Fix unintended sign extension · 3475c7a1
      Matt Caswell authored
      
      
      The function CRYPTO_128_unwrap_pad uses an 8 byte AIV (Alternative Initial
      Value). The least significant 4 bytes of this is placed into the local
      variable |ptext_len|. This is done as follows:
      
          ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];
      
      aiv[4] is an unsigned char, but (aiv[4] << 24) is promoted to a *signed*
      int - therefore we could end up shifting into the sign bit and end up with
      a negative value. |ptext_len| is a size_t (typically 64-bits). If the
      result of the shifts is negative then the upper bits of |ptext_len| will
      all be 1.
      
      This commit fixes the issue by explicitly casting to an unsigned int.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      3475c7a1