- Jun 06, 2016
-
-
Matt Caswell authored
The dsa_ossl.c file defined a couple of multi-line macros, but then only used each one once. The macros just serve to complicate the code and make it more difficult to understand what is really going on. Hence they are removed. Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Cesar Pereida authored
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. CVE-2016-2178 Reviewed-by:
Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Some of the instructions used in latest additions are extension ones. There is no real reason to limit ourselves to specific processors, so [re-]adhere to base instruction set. RT#4548 Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
In rare cases, the shell we run test programs in may have complaints. Shut those up unless testing verbosely. Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
- Jun 05, 2016
-
-
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: -
FdaSilvaYY authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Return directly NULL after ASN1_STRING_set, as it already has set an error code. Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
- Jun 04, 2016
-
-
Richard Levitte authored
Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
Previous build scheme allowed building just the stuff in one subdirectory, like this: make -C crypto/aes Because the unified only has a top-level Makefile, this is not possible with it. This change adds a replacement where each directory we have something to build in becomes a target in its own right, allowing building something like this: make crypto/aes The exception is the directory test, because we already have such a target. Reviewed-by:Stephen Henson <steve@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: -
Dr. Stephen Henson authored
RT#4474 (partial) Reviewed-by: -
Kurt Roeckx authored
Reviewed-by:Ben Laurie <ben@links.org> MR: #2740
-
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Remove some unused files. Rename doc-nit-check to be consistent. Add check for multiple #include in synopsis. Reviewed-by: -
Richard Levitte authored
Since one generates files that the other depends on, there's no real reason to keep them separate. Since they were both different aspects of 'openssl req', the merge ends up in 25-test_req.t. This also makes cleanup easier. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
- Jun 03, 2016
-
-
Richard Levitte authored
Needed to get size_t on Windows Reviewed-by: -
Richard Levitte authored
Needed to get size_t Reviewed-by: -
Richard Levitte authored
Needed to get the needed declarations for STACK_OF(X509) Reviewed-by: -
Richard Levitte authored
Generate small test programs to check that external programs can be built with our stuff at a very basic level. For now, they check that each of our header files can be included individually without compile failure. Reviewed-by: -
Matt Caswell authored
According to the x509 man page in the section discussing -certopt it says that the ca_default option is the same as that used by the ca utility and (amongst other things) has the effect of suppressing printing of the signature - but in fact it doesn't. This error seems to have been present since the documentation was written back in 2001. It never had this effect. The default config file sets the certopt value to ca_default. The ca utility takes that and THEN adds additional options to suppress printing of the signature. So the ca utility DOES suppress printing of the signature - but it is not as a result of using the ca_default option. GitHub Issue #247 Reviewed-by: -
Matt Caswell authored
If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: -
Jonas Maebe authored
zapparams modification based on tip from Matt Caswell RT#3198 Reviewed-by:
-
Matt Caswell authored
The ssl3_init_finished_mac() function can fail, in which case we need to propagate the error up through the stack. RT#3198 Reviewed-by: -
Matt Caswell authored
Fill out the INSTALL instructions with more information on Configure arguments, environment variables and Makefile targets. Reviewed-by: -
Mat authored
Use STATUS_SUCCESS instead of 0. Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines. Reviewed-by:
-
Mat authored
Adds missing casts for 64-bit. Removed zero initialization of hProvider. hProvider is an "out" parameter of CryptAcquireContextW. Reviewed-by:
-
Mat authored
Define USE_BCRYPT Removed _WIN32_WINNT define Reviewed-by:
-
Mat authored
When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI. This change brings the following benefits: - Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll - CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded. - Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps) Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Tweak to the wording on merge commits. Reviewed-by:
-
