summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-05-01Add Brainpool elliptic curves. From OpenSSL RT#2239 via ${DAYJOB}.Miod Vallat
Be sure to rerun `make includes' after updating. ok tedu@ beck@ deraadt@
2014-05-01Remove fips_md_init() macro indirection for digest algorithms, used by theMiod Vallat
OpenSSL FIPS module to prevent forbidden digests to be allowed. No functional change but readability. ok deraadt@
2014-04-30Avoid a potential null pointer dereference by checking that we actuallyJoel Sing
managed to allocate a fragment, before trying to memcpy data into it. ok miod@
2014-04-30First pass at removing win64 support from the assembly generating PerlJoel Sing
scripts. We certainly do not need an identical copy of the win64 exception handler in each script (surely one copy would be sufficient). ok miod@
2014-04-30i suck at math. b - 8 = 3, not 4. detected by Antoine Pitrou. thanks.Ted Unangst
2014-04-29Constrain bytes read/written to positive values.Bob Beck
ok miod@ tedu@
2014-04-28Remove WIN32, WIN64 and MINGW32 tentacles.Miod Vallat
Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms. Loosely based upon a diff from Martijn van Duren on tech@
2014-04-28use the correct algorithm mask. reported by satish lvr viaTed Unangst
http://marc.info/?l=openssl-dev&m=139779977532459&w=2 ok miod
2014-04-28SSL_OP_ALL is supposed to be all options and workarounds that are safe,Ted Unangst
but disabling attack mitigations is not safe. 0.9.6d contained a workaround for an attack against CBC modes. 0.9.6e disabled it by default because "some" implementations couldn't handle empty fragments. 12 years have passed. Does anybody still care? Let's find out. ok miod
2014-04-28Remove ending cplusplus guard followed by starting cplusplus guard; fromMiod Vallat
Gebruiker Schoot.
2014-04-28Leftover includes and local declarations; from Gebruiker SchootMiod Vallat
2014-04-27typo in commentMiod Vallat
2014-04-27Remove orphaned l2n6 and n2l6 macros.Miod Vallat
2014-04-27Use C99 initializers for the various FOO_METHOD structs. More readable, andMiod Vallat
avoid unreadable/unmaintainable constructs like that: const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, 0, "CMAC", "OpenSSL CMAC method", 0,0,0,0, 0,0,0, cmac_size, 0, 0,0,0,0,0,0,0, cmac_key_free, 0, 0,0 }; ok matthew@ deraadt@
2014-04-27static const char * = "" -> static const char[] = "", to produce shorter code.Miod Vallat
No functional change.
2014-04-27Unifdef -U OPENSSL_BUILD_SHLIBCRYPTO, since all it causes under Unix is toMiod Vallat
redefine OPENSSL_EXTERN from `extern' to `extern'.
2014-04-27Put explicit (void) in function declarations and shuffle keywords in someMiod Vallat
declaration to pass -Wextra, should we want to add it to CFLAGS. No binary change.
2014-04-27We do not need a separate file for two compatibility wrapper functions.Joel Sing
ok miod@
2014-04-27Fix leak last commit introduced. Spotted by Sebastian Kapfer.Bob Beck
2014-04-26Appease gcc3 -Wuninitialized.Miod Vallat
2014-04-26Replace all use of ERR_add_error_data with ERR_asprintf_error_data.Bob Beck
This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
2014-04-26More KNF.Joel Sing
2014-04-26KNF.Joel Sing
2014-04-26This is not FreeBSD.Joel Sing
ok miod@
2014-04-26Do you really want to build OpenSSL for 16-bit Windows? Well, we don't.Joel Sing
ok miod@
2014-04-25KNF.Joel Sing
2014-04-25Clean up the remaining TTY related remnants.Joel Sing
ok miod@
2014-04-25Use const char *.Joel Sing
Suggested by miod@
2014-04-25KNF fixesLawrence Teo
2014-04-24Try to clean the maze of <openssl/bn.h> defines regarding the BN internals.Miod Vallat
The intent of this change is to only keep support for two kind of architectures: - those with 32-bit int and long, and 64-bit long long, where ``long * long -> long long'' multiplication routines are available. - those with 64-bit int and long, and no 128-bit long long type. This gets rid of the SIXTY_FOUR_BIT_LONG, SIXTY_FOUR_BIT (not the same!), THIRTY_TWO_BIT, SIXTEEN_BIT and EIGHT_BIT defines. After this change, the types and defines are as follows: arch: 64bit 32bit rationale BN_LLONG undefined defined defined if l * l -> ll BN_ULLONG undefined u long long result of BN_LONG * BN_LONG BN_ULONG u long u int native register size BN_LONG long int the same, signed BN_BITS 128 64 size of 2*BN_ULONG in bits BN_BYTES 8 4 size of 2*BN_ULONG in bytes BN_BITS2 64 32 BN_BITS / 2 Tested on various 32-bit and 64-bit OpenBSD systems of various endianness.
2014-04-24Fix indentation.Ryan Thomas McBride
2014-04-24Bring back the SSL_OP_PKCS1_CHECK_* defines (defined to zero, as they alreadyMiod Vallat
were), after stumbling upon code (mis)using them in the wild.
2014-04-24rearrange a bit of code/commentsTed Unangst
2014-04-24unifdef MSDOSGiovanni Bechis
ok miod@
2014-04-24More KNF.Joel Sing
2014-04-24Make it compile again.Joel Sing
2014-04-24Remove some malloc/strlcpy/strlcat horror. Just use asprintf and avoid anJoel Sing
unchecked malloc at the same time. ok beck@
2014-04-24add ERR_asprintf_error_data, A tool to be used to get rid of the far tooBob Beck
frequent construct of 30 lines of pointer and strlcat insanity followed by an ERR_add_error_data. I will sweep through here like a chubby mongol horde in the next few days pillaging crappy ERR_add_error_data's. Oh and while we're at it fix the nasty vdata function to use something less hard on the eyes. ok jsing@
2014-04-24You want signals?!? I'll give you signals!!! Oh, and we have termios asJoel Sing
well... ok beck@
2014-04-24More KNF.Joel Sing
2014-04-24More KNF, things that couldn't be verified with md5(1), and some whitespaceRyan Thomas McBride
I missed on the first go around.
2014-04-24KNFRyan Thomas McBride
2014-04-24A fantastic way to make a large unsigned number is to assignBob Beck
a small signed one to it.. Some people on OpenSSL's list noticed - http://marc.info/?l=openssl-dev&m=139809485525663&w=2 This should fix that, and make sure we don't try to write out insane amounts of stuff. ok miod@ tedu@
2014-04-24remove redundant asign. from David HillTed Unangst
2014-04-24on today's episode of things you didn't want to learn:Ted Unangst
do_ssl3_write() is recursive. and not in the simple, obvious way, but in the sneaky called through ssl3_dispatch_alert way. (alert level: fuchsia) this then has a decent chance of releasing the buffer that we thought we were going to use. check for this happening, and if the buffer has gone missing, put another one back in place. the direct recursive call is safe because it won't call ssl3_write_pending which is the function that actually does do the writing and releasing. as reported by David Ramos to openssl-dev: http://marc.info/?l=openssl-dev&m=139809493725682&w=2 ok beck
2014-04-24repair missing semicolon. from Ian McwilliamTed Unangst
2014-04-23Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftoverMiod Vallat
``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No production code should use them. ok beck@
2014-04-23ain't nobody got time for hpuxTed Unangst
2014-04-23fix some variablesTed Unangst
2014-04-23replace a bunch of hand duped strings with strdupTed Unangst