Commit Graph

6407 Commits

Author SHA1 Message Date
Matt Caswell
2cbc8d7de5 Implement internally opaque bn access from ts
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:07 +00:00
Matt Caswell
aeb556f831 Implement internally opaque bn access from srp
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:02 +00:00
Matt Caswell
18125f7f55 Implement internally opaque bn access from rsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:57 +00:00
Matt Caswell
68c29f61a4 Implement internally opaque bn access from evp
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:52 +00:00
Matt Caswell
5784a52145 Implement internally opaque bn access from ec
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:47 +00:00
Matt Caswell
c0d4390194 Implement internally opaque bn access from dsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:41 +00:00
Matt Caswell
829ccf6ab6 Implement internally opaque bn access from dh
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:32 +00:00
Matt Caswell
76b2a02274 Implement internally opaque bn access from asn1
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:26 +00:00
Matt Caswell
7a5233118c Prepare exptest for bn opaquify
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:19 +00:00
Matt Caswell
85bcf27ccc Prepare for bn opaquify. Implement internal helper functions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Geoff Thorpe
e52a3c3d14 Include <openssl/foo.h> instead of "foo.h"
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.

Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Dr. Stephen Henson
73e45b2dd1 remove OPENSSL_FIPSAPI
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
b2ecc05a9a remove FIPS_*_SIZE_T
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
916e56208b remove FIPS module code from crypto/evp
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
ebdf37e4b1 remove FIPS module code from crypto/bn
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1c98de6d81 remove FIPS module code from crypto/ecdh
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
dbfbe10a1f remove FIPS module code from crypto/ecdsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1bfffe9bd0 Remove FIPS module code from crypto/dh
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
fce8311cae remove FIPS module code from crypto/dsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
8d73db288f remove FIPS module code from crypto/rsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
05417a3476 Remove FIPS error library from openssl.ec mkerr.pl
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9 Remove fips_constseg references.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
85129ab579 remove another FIPSCANISTER reference
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
b3da6f496b remove unnecessary OPENSSL_FIPS reference
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
c603c723ce Remove OPENSSL_FIPSCANISTER code.
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:16 +00:00
Dr. Stephen Henson
f072785eb4 Remove fipscanister build functionality from makefiles.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Matt Caswell
3feb63054a Added OPENSSL_NO_OCB guards
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:29:03 +00:00
Matt Caswell
d827c5edb5 Add tests for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:47 +00:00
Matt Caswell
e6b336efa3 Add EVP support for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:34 +00:00
Matt Caswell
c857a80c9d Add support for OCB mode as per RFC7253
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:27:56 +00:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00
Matt Caswell
0d3ae34df5 There are a number of instances throughout the code where the constant 28 is
used with no explanation. Some of this was introduced as part of RT#1929. The
value 28 is the length of the IP header (20 bytes) plus the UDP header (8
bytes). However use of this constant is incorrect because there may be
instances where a different value is needed, e.g. an IPv4 header is 20 bytes
but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP).
This commit introduces a new BIO_CTRL that provides the value to be used for
this mtu "overhead". It will be used by subsequent commits.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-03 09:24:04 +00:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Richard Levitte
91316e6765 Check for FindNextFile when defining it rather than FindFirstFile
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-28 23:27:21 +01:00
Annie Yousar
c56a50b229 RT2679: Fix error if keysize too short
In keygen, return KEY_SIZE_TOO_SMALL not INVALID_KEYBITS.

** I also increased the minimum from 256 to 512, which is now
documented in CHANGES file. **

Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-20 13:45:25 -05:00
Rich Salz
14d3b76be8 RT3488: Update doc for OPENSSL_config
Fix CONF_load_modules to CONF_modules_load.
Document that it calls exit.
Advise against using it now.
Add an error print to stderr.

Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-20 13:40:03 -05:00
Matt Caswell
8d02bebddf When using EVP_PKEY_derive with a KDF set, a negative error from
ECDH_compute_key is silently ignored and the KDF is run on duff data

Thanks to github user tomykaira for the suggested fix.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-20 15:20:37 +00:00
Jan Hykel
012aa9ec76 Don't use msg on error.
Don't attempt to access msg structure if recvmsg returns an error.

PR#3483
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-17 12:40:44 +00:00
Mike Bland
13d30e27c2 Add missing SRC variable
This is the only Makefile without SRC defined. This change enables a
standard Makefile include directive to cover crypto/jpake/*.d files.

This was automatically applied by AddSrcVarIfNeeded() in:
https://code.google.com/p/mike-bland/source/browse/openssl/update_makefiles.py

Change-Id: I030204a1bc873b5de5b06c8ddc0b94bb224c6650
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:45:01 -05:00
Mike Bland
dbaf608320 Remove redundant test targets outside of test/
These correspond to targets of the same name in test/Makefile that clash when
using the single-makefile build method using GitConfigure and GitMake.

Change-Id: If7e900c75f4341b446608b6916a3d76f202026ea
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:44:51 -05:00
Dr. Stephen Henson
55f7fb8848 Fix cross reference table generator.
If the hash or public key algorithm is "undef" the signature type
will receive special handling and shouldn't be included in the
cross reference table.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-13 13:34:42 +00:00
Michal Bozon
ae64fb528e Correct timestamp output when clock_precision_digits > 0
PR#3535

Reviewed-by: Stephen Henson <steve@openssl.org>
2014-11-12 20:51:41 +00:00
Matt Caswell
e04d426bf9 Fix free of garbage pointer. PR#3595
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-11-12 20:26:31 +00:00
Kurt Roeckx
67b8bcee95 Fix warning about negative unsigned intergers
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-11 15:46:28 +01:00
Russell Coker
f8ae603238 Fix datarace reported by valgrind/helgrind
This doesn't really fix the datarace but changes it so it can only happens
once. This isn't really a problem since we always just set it to the same
value. We now just stop writing it after the first time.

PR3584, https://bugs.debian.org/534534

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-11-10 18:34:11 +01:00
Andy Polyakov
6696203963 armv4cpuid.S: fix compilation error in pre-ARMv7 build.
PR: 3474
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-10-30 20:24:29 +01:00
Dr. Stephen Henson
ecb9966e7c Fix WIN32 build by disabling bn* calls.
The trial division and probable prime with coprime tests are disabled
on WIN32 builds because they use internal functions not exported from
the WIN32 DLLs.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-10-29 22:23:31 +00:00
Andy Polyakov
c381b63764 ec/asm/ecp_nistz256-x86_64.pl: fix inconsistency in path handling.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-29 10:57:46 +01:00
Andy Polyakov
d45282fc7c md32_common.h: address compiler warning in HOST_c2l.
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-10-29 10:48:39 +01:00
Samuel Neves
d2fa182988 Use only unsigned arithmetic in constant-time operations
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-10-28 20:40:45 +01:00