- Jan 29, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Remove depend hacks from demos/engines. Remove clean-depend; just call makedepend (or $CC -M) and use that. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
By default X509_check_trust() trusts self-signed certificates from the trust store that have no explicit local trust/reject oids encapsulated as a "TRUSTED CERTIFICATE" object. (See the -addtrust and -trustout options of x509(1)). This commit adds a flag that makes it possible to distinguish between that implicit trust, and explicit auxiliary settings. With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted via explicit trust settings. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
The use of the uninitialized buffer in the RNG has no real security benefits and is only a nuisance when using memory sanitizers. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Rich Salz authored
This is a followin from !1738, we no longer need those variables. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Add tests for have_precompute_mult for the optimised curves (nistp224, nistp256 and nistp521) if present Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
During precomputation if the group given is well known then we memcpy a well known precomputation. However we go the wrong label in the code and don't store the data properly. Consequently if we call have_precompute_mult the data isn't there and we return 0. RT#3600 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The function DH_check_pub_key() was missing some return value checks in some calls to BN functions. RT#4278 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
A new return value for DH_check_pub_key was recently added: DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other return values it should have been set to the value 4 not 3. RT#4278 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
This extends the existing async functionality to SSL_shutdown(), i.e. SSL_shutdown() can now casuse an SSL_ERROR_WANT_ASYNC error to be returned from SSL_get_error() if async mode has been enabled. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 28, 2016
-
-
Dr. Stephen Henson authored
PR#4277 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
These tests are not built, and only usable as hand-tests so not worth moving into our test framework. This closes https://github.com/openssl/openssl/pull/561 and RT 4252 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Add enable-crypto-mdebug enable-rc5 enable-md2 to any target that was --strict-warnings. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Add details about the latest issues fixed in the forthcoming release. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Following on from the previous commit, add a test to ensure that DH_compute_key correctly fails if passed a bad y such that: y^q (mod p) != 1 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same DH exponent. A simple mitigation is to ensure that y^q (mod p) == 1 CVE-2016-0701 Issue reported by Antonio Sanso. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Viktor Dukhovni authored
This fixes clang compilation problem with size_t NUMPRIMES and int loop counters. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Also turn B<foo> into foo() in the pod page. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Also cleaned up bn_prime.pl to current coding style. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Many options for supporting optimizations for legacy crypto on legacy platforms have been removed. This simplifies the source code and does not really penalize anyone. DES_PTR (always on) DES_RISC1, DES_RISC2 (always off) DES_INT (always 'unsigned int') DES_UNROLL (always on) BF_PTR (always on) BF_PTR2 (removed) MD2_CHAR, MD2_LONG (always 'unsigned char') IDEA_SHORT, IDEA_LONG (always 'unsigned int') RC2_SHORT, RC2_LONG (always 'unsigned int') RC4_LONG (only int and char (for assembler) are supported) RC4_CHUNK (always long), RC_CHUNK_LL (removed) RC4_INDEX (always on) And also make D_ENCRYPT macro more clear (@appro) This is done in consultation with Andy. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Jan 27, 2016
-
-
Richard Levitte authored
A mistake was made and the setting of this config variable got reverted to an older behavior. This restores the latest. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Billy Brumley authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Some files that are automatically generated still had those comments added by the generating scripts. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
It seems that Test::More doesn't like 0 tests, a line like this raises an error and stops the recipe entirely: plan tests => 0; So we need to check for 0 tests beforehand and skip the subtest explicitely in that case. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Zhao Junwang authored
cryptograpic => cryptographic Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
$EXE_SHELL should only be used with out own programs, not with surrounding programs such as the perl interpreter. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Viktor Dukhovni authored
RT4264, RT4268 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 26, 2016
-
-
Rich Salz authored
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Benjamin Kaduk authored
Also removes the make variable SHARED_LIBS_LINK_EXTS, only used by the clean-shared target. When shared library linking was moved to the separate Makefile.shared in commit 30afcc07 , this target was skipped. Prior to that commit, clean-shared was invoked as a dependency of build-shared, but afterward it was no longer referenced anywhere in the tree. Instead of porting the functionality over to Makefile.shared, just remove it entirely, as it appears to be unused. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Todd Short authored
Missing SKIP: block in SSL unit tests for DTLS and TLS version tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Since we're building some of our perl scripts and the result might not end up in apps/ (*), we may need to treat them like the compile programs we use for testing. This introduces perlapp() and perltest(), which behave like app() and test(), but will add the perl executable in the command line. ----- (*) For example, with a mk1mf build, the result will end up in $(BIN_D) Reviewed-by: Matt Caswell <matt@openssl.org>
-