- Jun 06, 2016
-
-
Richard Levitte authored
The directories for the final products were never registered, it was plain luck that intermediary files were in the same place and registered the directory anyway. Also, scripts are generated directly from source (binaries go through intermadiary object files), so we need to explicitely make sure to avoid registering the source directory unless it's an in source build. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch off the constant time implementation for RSA, DSA and DH have been made no-ops and deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The dsa_ossl.c file defined a couple of multi-line macros, but then only used each one once. The macros just serve to complicate the code and make it more difficult to understand what is really going on. Hence they are removed. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Cesar Pereida authored
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. CVE-2016-2178 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Some of the instructions used in latest additions are extension ones. There is no real reason to limit ourselves to specific processors, so [re-]adhere to base instruction set. RT#4548 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
In rare cases, the shell we run test programs in may have complaints. Shut those up unless testing verbosely. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Jun 05, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
FdaSilvaYY authored
Return directly NULL after ASN1_STRING_set, as it already has set an error code. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
- Jun 04, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Previous build scheme allowed building just the stuff in one subdirectory, like this: make -C crypto/aes Because the unified only has a top-level Makefile, this is not possible with it. This change adds a replacement where each directory we have something to build in becomes a target in its own right, allowing building something like this: make crypto/aes The exception is the directory test, because we already have such a target. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1139
-
Dr. Stephen Henson authored
RT#4474 (partial) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Ben Laurie <ben@links.org> MR: #2740
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Remove some unused files. Rename doc-nit-check to be consistent. Add check for multiple #include in synopsis. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Since one generates files that the other depends on, there's no real reason to keep them separate. Since they were both different aspects of 'openssl req', the merge ends up in 25-test_req.t. This also makes cleanup easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 03, 2016
-
-
Richard Levitte authored
Needed to get size_t on Windows Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Needed to get size_t Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Needed to get the needed declarations for STACK_OF(X509) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Generate small test programs to check that external programs can be built with our stuff at a very basic level. For now, they check that each of our header files can be included individually without compile failure. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
According to the x509 man page in the section discussing -certopt it says that the ca_default option is the same as that used by the ca utility and (amongst other things) has the effect of suppressing printing of the signature - but in fact it doesn't. This error seems to have been present since the documentation was written back in 2001. It never had this effect. The default config file sets the certopt value to ca_default. The ca utility takes that and THEN adds additional options to suppress printing of the signature. So the ca utility DOES suppress printing of the signature - but it is not as a result of using the ca_default option. GitHub Issue #247 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Jonas Maebe authored
zapparams modification based on tip from Matt Caswell RT#3198 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
The ssl3_init_finished_mac() function can fail, in which case we need to propagate the error up through the stack. RT#3198 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Fill out the INSTALL instructions with more information on Configure arguments, environment variables and Makefile targets. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mat authored
Use STATUS_SUCCESS instead of 0. Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
-
Mat authored
Adds missing casts for 64-bit. Removed zero initialization of hProvider. hProvider is an "out" parameter of CryptAcquireContextW. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
-
Mat authored
Define USE_BCRYPT Removed _WIN32_WINNT define Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
-
Mat authored
When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI. This change brings the following benefits: - Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll - CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded. - Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
-