Age | Commit message (Collapse) | Author |
|
Be sure to rerun `make includes' after updating.
ok tedu@ beck@ deraadt@
|
|
OpenSSL FIPS module to prevent forbidden digests to be allowed.
No functional change but readability.
ok deraadt@
|
|
managed to allocate a fragment, before trying to memcpy data into it.
ok miod@
|
|
scripts. We certainly do not need an identical copy of the win64
exception handler in each script (surely one copy would be sufficient).
ok miod@
|
|
|
|
ok miod@ tedu@
|
|
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
|
http://marc.info/?l=openssl-dev&m=139779977532459&w=2
ok miod
|
|
but disabling attack mitigations is not safe. 0.9.6d contained a
workaround for an attack against CBC modes. 0.9.6e disabled it by default
because "some" implementations couldn't handle empty fragments. 12 years
have passed. Does anybody still care? Let's find out.
ok miod
|
|
Gebruiker Schoot.
|
|
|
|
|
|
|
|
avoid unreadable/unmaintainable constructs like that:
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
0,
"CMAC",
"OpenSSL CMAC method",
0,0,0,0,
0,0,0,
cmac_size,
0,
0,0,0,0,0,0,0,
cmac_key_free,
0,
0,0
};
ok matthew@ deraadt@
|
|
No functional change.
|
|
redefine OPENSSL_EXTERN from `extern' to `extern'.
|
|
declaration to pass -Wextra, should we want to add it to CFLAGS.
No binary change.
|
|
ok miod@
|
|
|
|
|
|
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@
|
|
|
|
|
|
ok miod@
|
|
ok miod@
|
|
|
|
ok miod@
|
|
Suggested by miod@
|
|
|
|
The intent of this change is to only keep support for two kind of architectures:
- those with 32-bit int and long, and 64-bit long long, where
``long * long -> long long'' multiplication routines are available.
- those with 64-bit int and long, and no 128-bit long long type.
This gets rid of the SIXTY_FOUR_BIT_LONG, SIXTY_FOUR_BIT (not the same!),
THIRTY_TWO_BIT, SIXTEEN_BIT and EIGHT_BIT defines.
After this change, the types and defines are as follows:
arch: 64bit 32bit rationale
BN_LLONG undefined defined defined if l * l -> ll
BN_ULLONG undefined u long long result of BN_LONG * BN_LONG
BN_ULONG u long u int native register size
BN_LONG long int the same, signed
BN_BITS 128 64 size of 2*BN_ULONG in bits
BN_BYTES 8 4 size of 2*BN_ULONG in bytes
BN_BITS2 64 32 BN_BITS / 2
Tested on various 32-bit and 64-bit OpenBSD systems of various endianness.
|
|
|
|
were), after stumbling upon code (mis)using them in the wild.
|
|
|
|
ok miod@
|
|
|
|
|
|
unchecked malloc at the same time.
ok beck@
|
|
frequent construct of 30 lines of pointer and strlcat insanity followed
by an ERR_add_error_data. I will sweep through here like a chubby mongol
horde in the next few days pillaging crappy ERR_add_error_data's.
Oh and while we're at it fix the nasty vdata function to use something less
hard on the eyes.
ok jsing@
|
|
well...
ok beck@
|
|
|
|
I missed on the first go around.
|
|
|
|
a small signed one to it.. Some people on OpenSSL's list
noticed - http://marc.info/?l=openssl-dev&m=139809485525663&w=2
This should fix that, and make sure we don't try to write out insane
amounts of stuff.
ok miod@ tedu@
|
|
|
|
do_ssl3_write() is recursive. and not in the simple, obvious way, but in
the sneaky called through ssl3_dispatch_alert way. (alert level: fuchsia)
this then has a decent chance of releasing the buffer that we thought we
were going to use. check for this happening, and if the buffer has gone
missing, put another one back in place.
the direct recursive call is safe because it won't call ssl3_write_pending
which is the function that actually does do the writing and releasing.
as reported by David Ramos to openssl-dev:
http://marc.info/?l=openssl-dev&m=139809493725682&w=2
ok beck
|
|
|
|
``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_*
constants have had a value of zero since ages. No production code should use
them.
ok beck@
|
|
|
|
|
|
|