Skip to content
GitLab
  1. 08 Oct, 2015 2 commits
    • Matt Caswell's avatar
      Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify · dffe5109
      Matt Caswell authored 
      

The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).

Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.

This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.

RT#4076

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      dffe5109
    • Richard Levitte's avatar
      When ENGINE_add finds that id or name is missing, actually return · 5850cc75
      Richard Levitte authored 
      

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      5850cc75
  3. 07 Oct, 2015 6 commits
  5. 06 Oct, 2015 4 commits
  7. 05 Oct, 2015 13 commits
  9. 03 Oct, 2015 1 commit
  11. 02 Oct, 2015 1 commit
  13. 01 Oct, 2015 2 commits
  15. 30 Sep, 2015 9 commits
    • Richard Levitte's avatar
      Remove the hard coded -DOPENSSL_NO_DEPRECATED from DEPFLAG · 721c2ac0
      Richard Levitte authored 
      

Any time you configure with enable-deprecated, make depend would
scream bloody murder.  This change has it quiet down a bit.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      721c2ac0
    • Matt Caswell's avatar
      Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2 · c84f7f4a
      Matt Caswell authored 
      

This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.

Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      c84f7f4a
    • Andy Polyakov's avatar
      bn/asm/armv4-mont.pl: boost NEON performance. · 8eed3289
      Andy Polyakov authored 
      

Close difference gap on Cortex-A9, which resulted in further improvement
even on other processors.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      8eed3289
    • Rich Salz's avatar
      Make update / libeay.num fix · 75f648aa
      Rich Salz authored 
      

Looks like someone forgot to do a "make update" since crypto/ts/Makefile
keeps changing.  So include that.

Second is that the declare_dh_bn macro fools the libeay.num script.
The declarations are only needed in one file (dh_rfc5114) so remove
them from the header and put the "raw" declarations directly into that
file.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      75f648aa
    • Matt Caswell's avatar
      Fix libeay.num · dd35486d
      Matt Caswell authored 
      

Removed duplicated ordinals from libeay.num

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      dd35486d
    • Matt Caswell's avatar
      Add a test for duplicated ordinals · 5530d518
      Matt Caswell authored 
      

Occaisionally we have had problems where there are duplicated ordinals in
libeay.num or ssleay.num. This adds a test for this issue.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      5530d518
    • Ben Laurie's avatar
      Display brief help if no options for list. · 19948cea
      Ben Laurie authored 
      

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      19948cea
    • Matt Caswell's avatar
      Add GOST12 cms/smime capabilities · c58f3e42
      Matt Caswell authored 
      

Add additional NID references in the CMS/SMIME capabilities code to cater
for GOST12.

Patch supplied by Dmitry Belyavsky <beldmit@gmail.com>

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      c58f3e42
    • David Woodhouse's avatar
      Fix no-stdio build · 984d6c60
      David Woodhouse authored 
      

Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>

   +Replace FILE BIO's with dummy ops that fail.
   +Include <stdio.h> for sscanf() even with no-stdio (since the declaration
    is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
    variable, since it can be larger than a 'long'. And we don't rely on the
    availability of strtoull().
   +Remove OPENSSL_stderr(); not used.
   +Make OPENSSL_showfatal() do nothing (currently without stdio there's
    nothing we can do).
   +Remove file-based functionality from ssl/. The function
    prototypes were already gone, but not the functions themselves.
   +Remove unviable conf functionality via SYS_UEFI
   +Add fallback definition of BUFSIZ.
   +Remove functions taking FILE * from header files.
   +Add missing DECLARE_PEM_write_fp_const
   +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
    so remove its prototype.
   +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
   +Eliminate SRP_VBASE_init() and supporting functions. Users will need to
    build the verifier manually instead.
   +Eliminate compiler warning for unused do_pk8pkey_fp().
   +Disable TEST_ENG_OPENSSL_PKEY.
   +Disable GOST engine as is uses [f]printf all over the place.
   +Eliminate compiler warning for unused send_fp_chars().

Signed-off-by: default avatarRich Salz <rsalz@akamai.com>
Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      984d6c60
  17. 29 Sep, 2015 2 commits