Skip to content
  1. Mar 23, 2015
  2. Mar 21, 2015
  3. Mar 20, 2015
  4. Mar 19, 2015
  5. Mar 18, 2015
  6. Mar 17, 2015
    • Richard Levitte's avatar
      Correct the request of debug builds · 9e43c6b5
      Richard Levitte authored
      
      
      ./config would translate -d into having the target get a 'debug-'
      prefix, and then run './Configure LIST' to find out if such a
      debugging target exists or not.
      
      With the recent changes, the separate 'debug-foo' targets are
      disappearing, and we're giving the normal targets debugging
      capabilities instead.  Unfortunately, './config' wasn't changed to
      match this new behavior.
      
      This change introduces the arguments '--debug' and '--release' - the
      latter just for orthogonality - to ./Configure, and ./config now
      treats -d by adding '--debug' to the options for ./Configure.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      9e43c6b5
    • Matt Caswell's avatar
      Dead code removal from apps · 11abf922
      Matt Caswell authored
      
      
      Some miscellaneous removal of dead code from apps. Also fix an issue with
      error handling with pkcs7.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      11abf922
    • Matt Caswell's avatar
      Remove dead code from crypto · b7573c59
      Matt Caswell authored
      
      
      Some miscellaneous removal of dead code from lib crypto.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      b7573c59
    • Matt Caswell's avatar
      Fix probable_prime over large shift · e4676e90
      Matt Caswell authored
      
      
      In the probable_prime() function we behave slightly different if the number
      of bits we are interested in is <= BN_BITS2 (the num of bits in a BN_ULONG).
      As part of the calculation we work out a size_limit as follows:
      
          size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
      
      There is a problem though if bits == BN_BITS2. Shifting by that much causes
      undefined behaviour. I did some tests. On my system BN_BITS2 == 64. So I
      set bits to 64 and calculated the result of:
      
          (((BN_ULONG)1) << bits)
      
      I was expecting to get the result 0. I actually got 1! Strangely this...
      
          (((BN_ULONG)0) << BN_BITS2)
      
      ...does equal 0! This means that, on my system at least, size_limit will be
      off by 1 when bits == BN_BITS2.
      
      This commit fixes the behaviour so that we always get consistent results.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      e4676e90
    • Matt Caswell's avatar
      Fix unintended sign extension · 3475c7a1
      Matt Caswell authored
      
      
      The function CRYPTO_128_unwrap_pad uses an 8 byte AIV (Alternative Initial
      Value). The least significant 4 bytes of this is placed into the local
      variable |ptext_len|. This is done as follows:
      
          ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];
      
      aiv[4] is an unsigned char, but (aiv[4] << 24) is promoted to a *signed*
      int - therefore we could end up shifting into the sign bit and end up with
      a negative value. |ptext_len| is a size_t (typically 64-bits). If the
      result of the shifts is negative then the upper bits of |ptext_len| will
      all be 1.
      
      This commit fixes the issue by explicitly casting to an unsigned int.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      3475c7a1
    • Matt Caswell's avatar
      Fix seg fault in s_time · dfef52f6
      Matt Caswell authored
      
      
      Passing a negative value for the "-time" option to s_time results in a seg
      fault. This commit fixes it so that time has to be greater than 0.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      dfef52f6
    • Matt Caswell's avatar
      Add sanity check to PRF · 668f6f08
      Matt Caswell authored
      
      
      The function tls1_PRF counts the number of digests in use and partitions
      security evenly between them. There always needs to be at least one digest
      in use, otherwise this is an internal error. Add a sanity check for this.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      668f6f08