- Feb 28, 2018
-
-
Kurt Roeckx authored
Reviewed-by:Richard Levitte <levitte@openssl.org> GH: #4672
-
- Feb 27, 2018
-
-
David Benjamin authored
Thumb2 addresses are a bit a mess, depending on whether a label is interpreted as a function pointer value (for use with BX and BLX) or as a program counter value (for use with PC-relative addressing). Clang's integrated assembler mis-assembles this code. See https://crbug.com/124610#c54 for details. Instead, use the ADR pseudo-instruction which has clear semantics and should be supported by every assembler that handles the OpenSSL Thumb2 code. (In other files, the ADR vs SUB conditionals are based on __thumb2__ already. For some reason, this one is based on __APPLE__, I'm guessing to deal with an older version of clang assembler.) It's unclear to me which of clang or binutils is "correct" or if this is even a well-defined notion beyond "whatever binutils does". But I will note that https://github.com/openssl/openssl/pull/4669 suggests binutils has also changed behavior around this before. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5431)
-
Rich Salz authored
And only generate one output "file" at a time for objects.pl Reviewed-by:
-
Richard Levitte authored
Fixes #5471 Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5472)
-
Dr. Matthias St. Pierre authored
Fixes #5405, #1381 The base64 filter BIO reads its input in chunks of B64_BLOCK_SIZE bytes. When processing input in PEM format it can happen in rare cases that - the trailing PEM marker crosses the boundary of a chunk, and - the beginning of the following chunk contains valid base64 encoded data. This happened in issue #5405, where the PEM marker was split into "-----END CER" and "TIFICATE-----" at the end of the first chunk. The decoding of the first chunk terminated correctly at the '-' character, which is treated as an EOF marker, and b64_read() returned. However, when called the second time, b64_read() read the next chunk and interpreted the string "TIFICATE" as valid base64 encoded data, adding 6 extra bytes '4c 81 48 08 04 c4'. This patch restores the assignment of the error code to 'ctx->cont', which was deleted accidentally in commit 5562cfac and which prevents b64_read() from reading additional data on subsequent calls. This issue was observed and reported by Annie Yousar. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Feb 26, 2018
-
-
Andy Polyakov authored
Even though mlock(2) was standardized in POSIX.1-2001, vendors did implement it prior that point. Reviewed-by:
-
- Feb 24, 2018
-
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
As it turns out gcc -pedantic doesn't seem to consider __uint128_t as non-standard, unlike __int128 that is. Fix even MSVC warnings in curve25519.c. Reviewed-by:
-
Andy Polyakov authored
SPARC condition in __SIZEOF_INT128__==16 is rather performance thing than portability. Even though compiler advertises int128 capability, corresponding operations are inefficient, because they are not directly backed by instruction set. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- Feb 23, 2018
-
-
Bernd Edlinger authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Feb 22, 2018
-
-
Rich Salz authored
Reviewed-by:
-
- Feb 21, 2018
-
-
Kurt Roeckx authored
Reviewed-by:
Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
Paul Dale <paul.dale@oracle.com> GH: #5400
-
Pavel Kopyl authored
X509v3_add_ext: free 'sk' if the memory pointed to by it was malloc-ed inside this function. X509V3_EXT_add_nconf_sk: return an error if X509v3_add_ext() fails. This prevents use of a freed memory in do_body:sk_X509_EXTENSION_num(). Reviewed-by:
-
Samuel Weiser authored
Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5161)
-
Matt Caswell authored
We can't add NULL data into a hash Reviewed-by:
-
Andy Polyakov authored
Currently it's limited to 64-bit platforms only as minimum radix expected in assembly is 2^51. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
3 least significant bits of the input scalar are explicitly cleared, hence swap variable has fixed value [of zero] upon exit from the loop. Reviewed-by:
-
- Feb 20, 2018
-
-
Matt Caswell authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5105)
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
The original curve448 code was templated to allow for a 25519 implementation. We've just imported the 448 stuff - but a remnant of the original templated approach remained. This just simplifies that. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
We removed various platform specific optimisation files in an earlier commit. The vector code was related to that and therefore is no longer required. It may be resurrected at a later point if we reintroduce the opimtisations. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
