| Age | Commit message (Collapse) | Author |
|---|
|
they don't make sense.
ok beck@
|
|
ok bock@ jsing@
|
|
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.
While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.
Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.
i386 tests and ok jsing@
|
|
faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in
the SHA512 code, and had not been enabled in years, if at all.
ok tom@ bcook@
|
|
Software that refers to ctx after calling Final breaks with these changes.
revert parts of 1.31 and 1.32
|
|
corrected by deraadt@ / guenther@
|
|
|
|
This adds a linker warning for EVP_EncryptFinal(), EVP_DecryptFinal(),
EVP_CipherFinal(), and documents the recent behavior updates.
ok beck@
|
|
14 years ago these were changed in OpenSSL to be the same
as the _ex functions. We use the _ex functions only internally
to ensure it is obvious the ctx must be cleared.
ok bcook@
|
|
additionally, in EncodeUpdate, if the amount written would overflow,
return 0 instead to prevent bugs in the caller.
CVE-2016-2105 and CVE-2016-2106 from openssl.
|
|
for both the mac and padding bytes.
CVE-2016-2107 from openssl
|
|
|
|
|
|
missing padding check in aesni functions
overflow in evp encode functions
use of invalid negative asn.1 types
ok beck
|
|
and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will
become the standard version.
Discussed with many.
|
|
EVP_aead_chacha20_poly1305_ietf().
|
|
ok guenther@
|
|
|
|
"ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD
construction that is incompatible with the common style that has been
already used in TLS with EVP_aead_chacha20_poly1305(). The IETF
version also adds a constant (salt) that is prepended to the nonce.
OK mikeb@ jsing@
|
|
error was present in the original 2004 commit, so it hasn't been used in
over 11 years, thus exceeding our deprecation requirements by over a decade.
OpenSSL has chosen to *fix it*; we'll gladly watch it burn
ok jsing@
|
|
|
|
MD4 should have been removed a long time ago. Also, RFC 6150 moved it to
historic in 2011. Rides the major crank from removing SHA-0.
Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@
|
|
SHA-0 was withdrawn shortly after publication 20 years ago and replaced
with SHA-1. This will require a major crank.
ok bcook@, jsing@
|
|
ok miod@
|
|
ok doug@ deraadt@
|
|
ok deraadt@ jsing@ miod@
|
|
|
|
Coverity CID 105346
ok doug@
|
|
|
|
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
|
|
|
be enabled.
Removes one symbol from libcrypto, however there is no ABI change.
ok beck@ miod@ tedu@
|
|
if EVP_DigestInit_ex() fails.
|
|
Careful review, feedback & ok doug@ jsing@
|
|
|
|
and get rid of a silly FIXME comment.
ok doug@ jsing@
|
|
ok doug@ jsing@
|
|
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't
strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3
3d47c1d331fdc7574d2275cda1a630ccdb624b08
dfb56425b68314b2b57e17c82c1df42e7a015132
c8fa2356a00cbaada8963f739e5570298311a060
f16a64d11f55c01f56baa62ebf1dec7f8fe718cb
9ccc00ef6ea65567622e40c49aca43f2c6d79cdb
02a938c953b3e1ced71d9a832de1618f907eb96d
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
d6fbb194095312f4722c81c9362dbd0de66cb656
6f1a93ad111c7dfe36a09a976c4c009079b19ea1
1a5adcfb5edfe23908b350f8757df405b0f5f71f
8de24b792743d11e1d5a0dcd336a49368750c577
a2b18e657ea1a932d125154f4e13ab2258796d90
8e964419603d2478dfb391c66e7ccb2dcc9776b4
32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
|
this split across files, especially when two of them have less code than
license text.
ok bcook@ beck@ doug@ miod@
|
|
cleanup diff.
|
|
|
|
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.
This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.
None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.
|
|
This functionality was already available (and optional), and used in the
bowels of the ASN.1 code. This exposes it as a public interface, which will
be used by the upcoming GOST code.
Crank libcrypto minor version.
From Dmitry Eremin-Solenikov.
|
|
ok doug@ jsing@
|
|
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
|
|
|
|
Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined,
only enabling inline assembly, but the RSA / RC4-5 blocks (used only in
amd64 systems) turn on implicitly. Guard these two as well.
This simplifies enabling just inline ASM in portable, no effective
change in OpenBSD.
|
|
behaviour that allows a PEM block to be fed through the base64 decoder.
Reported by Dmitry Eremin-Solenikov on tech@
ok deraadt@ tedu@
|
|
and UI_add_verify_string() return -1 (and maybe -2?) on failure and
>=0 on success, instead of always zero on success
problem reported by Mark Patruck (mark (at) wrapped.cx)
ok miod@
|
|
ok guenther@ jsing@
|
