Commit Graph

1394 Commits

Author SHA1 Message Date
Bernd Edlinger
018fcbec38 Fix gcc-7 warnings.
- Mostly missing fall thru comments
- And uninitialized value used in sslapitest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3440)
2017-05-11 19:39:38 +02:00
Pauli
3f97052392 Remove dead code.
The second BN_is_zero test can never be true.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3434)
2017-05-11 11:03:40 -04:00
David Benjamin
8b24f94209 Numbers greater than 1 are usually non-negative.
BN_is_prime_fasttest_ex begins by rejecting if a <= 1. Then it goes to
set A := abs(a), but a cannot be negative at this point.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3275)
2017-04-21 12:22:37 -04:00
Adam Langley
6e64c56066 Small primes are primes too.
Previously, BN_is_prime_fasttest_ex, when doing trial-division, would
check whether the candidate is a multiple of a number of small primes
and, if so, reject it. However, three is a multiple of three yet is
still a prime number.

This change accepts small primes as prime when doing trial-division.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3264)
2017-04-20 16:10:10 -04:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
FdaSilvaYY
cbe9524183 Refomat a few comments on 80 cols
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066)
2017-03-28 16:16:49 -04:00
Andy Polyakov
120a9e1a82 bn/asm/sparcv9-mont.pl: fix squaring code path.
This module is used only with odd input lengths, i.e. not used in normal
PKI cases, on contemporary processors. The problem was "illuminated" by
fuzzing tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-24 12:18:35 +01:00
Matt Caswell
d08086645f Ensure we don't call memcpy with a NULL pointer
Commit d5aa14dd simplified the bn_expand_internal() and BN_copy() functions.
Unfortunately it also removed some checks which are still required,
otherwise we call memcpy passing in NULL which is not allowed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2836)
2017-03-03 23:49:24 +00:00
Bernd Edlinger
d734582275 Reset executable bits on files where not needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2835)
2017-03-03 09:13:40 +01:00
Andy Polyakov
eac54143fd bn/asm: clean up unused PA-RISC modules.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-02 16:19:54 +01:00
Emilia Kasper
d5aa14dde5 Remove memcpy unrolling in bn_lib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2017-02-28 19:47:36 +01:00
Matt Caswell
7f517c2676 Remove some commented out code in libcrypto
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2774)
2017-02-28 16:02:11 +00:00
Matt Caswell
1fef2f8050 Remove dead code in bn
There are a number of symbols in bn which are internal only and never used
by anything. They should be removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2766)
2017-02-28 14:46:24 +00:00
Emilia Kasper
b53338cbf8 Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:25 +01:00
Emilia Kasper
223a90cc9a Remove BN_DEBUG_TRIX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-02-28 15:24:30 +01:00
David Benjamin
25b802bb85 Fix typo in x86_64-mont5.pl CFI directives
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2655)
2017-02-17 10:32:13 +01:00
Adam Langley
3f55ec6792 Fix copy-pasteism in CFI directives.
I don't think this actually affects anything since the cfi_restore
directives aren't strictly needed anyway. (The old values are still in
memory so either will do.)

CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2582)
2017-02-10 20:28:28 +01:00
Andy Polyakov
76e624a003 bn/asm/x86_64*: add DWARF CFI directives.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-02-09 20:05:16 +01:00
Andy Polyakov
53b3310076 bn/asm/rsaz-avx2.pl: refine Win64 SE handler.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-02-09 20:00:10 +01:00
Andy Polyakov
384e6de4c7 x86_64 assembly pack: Win64 SEH face-lift.
- harmonize handlers with guidelines and themselves;
- fix some bugs in handlers;
- add missing handlers in chacha and ecp_nistz256 modules;

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-02-06 08:21:42 +01:00
Richard Levitte
0a2dcb6990 bn: fix occurance of negative zero in BN_rshift1()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-02-01 02:31:41 +01:00
Geoff Thorpe
38d1b3cc02 bn: fix occurances of negative zero
The BIGNUM behaviour is supposed to be "consistent" when going into and
out of APIs, where "consistent" means 'top' is set minimally and that
'neg' (negative) is not set if the BIGNUM is zero (which is iff 'top' is
zero, due to the previous point).

The BN_DEBUG testing (make test) caught the cases that this patch
corrects.

Note, bn_correct_top() could have been used instead, but that is intended
for where 'top' is expected to (sometimes) require adjustment after direct
word-array manipulation, and so is heavier-weight. Here, we are just
catching the negative-zero case, so we test and correct for that
explicitly, in-place.

Change-Id: Iddefbd3c28a13d935648932beebcc765d5b85ae7
Signed-off-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1672)
2017-02-01 02:06:39 +01:00
Geoff Thorpe
2fc9b36a96 bn: catch negative zero as an error
Change-Id: I5ab72ad0aae9069b47d5b7b7b9e25bd1b7afa251
Signed-off-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1672)
2017-02-01 02:06:38 +01:00
Geoff Thorpe
0b50ac1a0f bn: fix BN_DEBUG + BN_DEBUG_RAND support
Couple of updates to make this code work properly again;
* use OPENSSL_assert() instead of assert() (and #include <assert.h>)
* the circular-dependency-avoidance uses RAND_bytes() (not pseudo)

Change-Id: Iefb5a9dd73f71fd81c1268495c54a64378955354
Signed-off-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1672)
2017-02-01 02:06:38 +01:00
Andy Polyakov
3f4bcf5bb6 bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.
CVE-2017-3732

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-01-26 10:54:01 +00:00
Kurt Roeckx
eeab356c29 Don't call memcpy with NULL as source
Calling it with lenght 0 and NULL as source is undefined behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2089
2016-12-15 21:45:25 +01:00
Andy Polyakov
90fc4832a3 bn/asm/ppc-mont.pl: signal no-op in 32-bit bit build.
The bug was introduced in 80d27cdb84,
one too many instructions was removed. It went unnoticed, because
new subroutine introduced in previous commit is called in real-life
RSA/DSA/DH cases, while original code is called only in rare tests.
The bug was caught in test_fuzz.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-25 17:18:24 +01:00
Rich Salz
78e09b53a4 Check return value of some BN functions.
Factorise multiple bn_get_top(group->field) calls
Add missing checks on some conditional BN_copy return value
Add missing checks on some BN_copy return value
Add missing checks on a few bn_wexpand return value

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1626)
2016-11-15 18:54:28 -05:00
Richard Levitte
10b0b5ecd9 Revert "Move algorithm specific ppccap code from crypto/ppccap.c"
Now that we can link specifically with static libraries, the immediate
need to split ppccap.c (and eventually other *cap.c files) is no more.

This reverts commit e3fb4d3d52.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 16:24:02 +01:00
Andy Polyakov
2fac86d9ab bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 10:33:21 +00:00
Richard Levitte
e3fb4d3d52 Move algorithm specific ppccap code from crypto/ppccap.c
Having that code in one central object file turned out to cause
trouble when building test/modes_internal_test.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1883)
2016-11-09 02:40:36 +01:00
FdaSilvaYY
318447bceb Missing BN_RECP_CTX field init.
BN_RECP_CTX_new direclty use bn_init to avoid twice memset calls

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1879)
2016-11-08 17:44:32 -05:00
Rich Salz
e5e71f2857 Zero stack variable with DSA nonce
Thanks to Falko Strenzke for bringing this to our attention.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1882)
2016-11-08 17:20:13 -05:00
Andy Polyakov
80d27cdb84 ppccap.c: engage new multipplication and squaring subroutines.
[And remove FPU mutiplication subroutine.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-24 20:00:40 +02:00
Andy Polyakov
68f6d2a02c bn/asm/ppc-mont.pl: add optimized multiplication and squaring subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-24 20:00:33 +02:00
Andy Polyakov
0310becc82 bn/asm/ppc-mont.pl: prepare for extension.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-24 20:00:08 +02:00
David Benjamin
0e831db0a6 Fix up bn_prime.pl formatting.
Align at 5 characters, not 4. There are 5-digit numbers in the output.
Also avoid emitting an extra blank line and trailing whitespace.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:22 +01:00
David Benjamin
609b0852e4 Remove trailing whitespace from some files.
The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:

  find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'

Then bn_prime.h was excluded since this is a generated file.

Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:21 +01:00
Andy Polyakov
cc2cb7bf63 bn/bn_lcl.h: improve interoperability with clang and Android NDK.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 13:34:12 +02:00
Rich Salz
01c09f9fde Misc BN fixes
Never output -0; make "negative zero" an impossibility.
Do better checking on BN_rand top/bottom requirements and #bits.
Update doc.
Ignoring trailing garbage in BN_asc2bn.

Port this commit from boringSSL: https://boringssl.googlesource.com/boringssl/+/899b9b19a4cd3fe526aaf5047ab9234cdca19f7d%5E!/
        Ensure |BN_div| never gives negative zero in the no_branch code.

        Have |bn_correct_top| fix |bn->neg| if the input is zero so that we
        don't have negative zeros lying around.

        Thanks to Brian Smith for noticing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-06 10:42:01 -04:00
Andy Polyakov
947716c187 MIPS assembly pack: adapt it for MIPS[32|64]R6.
MIPS[32|64]R6 is binary and source incompatible with previous MIPS ISA
specifications. Fortunately it's still possible to resolve differences
in source code with standard pre-processor and switching to trap-free
version of addition and subtraction instructions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-02 13:33:17 +02:00
Andy Polyakov
68b4a6e91f crypto/bn/*: x86[_64] division instruction doesn't handle constants, change constraint from 'g' to 'r'.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-31 16:45:00 +02:00
Andy Polyakov
fca8f5ded8 bn/asm/ppc.pl: harmonize .size directive in bn_mul_words.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-29 23:12:05 +02:00
Matt Caswell
fe81a1b051 Remove useless assignment
The variable assignment c1 is never read before it is overwritten.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-24 11:25:23 +01:00
David Benjamin
2338ad8885 Fix math in BN_bn2dec comment.
The bound on log(2)/3 on the second line is incorrect and has an extra
zero compared to the divisions in the third line. log(2)/3 = 0.10034...
which is bounded by 0.101 and not 0.1001. The divisions actually
correspond to 0.101 which is fine. The third line also dropped a factor
of three.

The actual code appears to be fine. Just the comments are wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:37:58 +01:00
Matt Caswell
4d94bd362d Check for malloc error in bn_x931p.c
Ensure BN_CTX_get() has been successful

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Andy Polyakov
3ba1ef829c bn/asm/x86[_64]-mont*.pl: implement slightly alternative page-walking.
Original strategy for page-walking was adjust stack pointer and then
touch pages in order. This kind of asks for double-fault, because
if touch fails, then signal will be delivered to frame above adjusted
stack pointer. But touching pages prior adjusting stack pointer would
upset valgrind. As compromise let's adjust stack pointer in pages,
touching top of the stack. This still asks for double-fault, but at
least prevents corruption of neighbour stack if allocation is to
overstep the guard page.

Also omit predict-non-taken hints as they reportedly trigger illegal
instructions in some VM setups.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 14:58:32 +02:00
Kazuki Yamaguchi
099e2968ed Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46f33
("Check for errors in BN_bn2dec()").

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 13:38:48 +01:00
Dr. Stephen Henson
07bed46f33 Check for errors in BN_bn2dec()
If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.

Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.

Thanks to Shi Lei for reporting this bug.

CVE-2016-2182

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16 00:19:19 +01:00
Jakub Zelenka
0818dbadf3 Never return -1 from BN_exp
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1455)
2016-08-14 20:52:13 +01:00
Rich Salz
2301d91dd5 Change callers to use the new constants.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
2016-08-10 10:07:37 -04:00
klemens
6025001707 spelling fixes, just comments and readme.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-05 19:07:30 -04:00
FdaSilvaYY
700b814549 Fix some style issues...
extra spacing and 80 cols

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1366)
2016-08-02 09:59:23 +02:00
Kurt Roeckx
69588edbaa Check for errors allocating the error strings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
FdaSilvaYY
e8aa8b6c8f Fix a few if(, for(, while( inside code.
Fix some indentation at the same time

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)
2016-07-20 07:21:53 -04:00
Rich Salz
aebb9aac48 RT4593: Add space after comma (doc nits)
Update find-doc-nits to find errors in SYNOPSIS (the most common
place where they were missing).

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-19 09:29:53 -04:00
Richard Levitte
0483f58652 Simplify INCLUDE statements in build.info files
Now that INCLUDE considers both the source and build trees, no need
for the rel2abs perl fragment hacks any more.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 18:36:08 +02:00
Matt Caswell
3ce2fdabe6 Convert memset calls to OPENSSL_cleanse
Ensure things really do get cleared when we intend them to.

Addresses an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-30 15:51:57 +01:00
FdaSilvaYY
02e112a885 Whitespace cleanup in crypto
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
David Benjamin
d70a562714 Handle BN_mod_word failures.
As of 37258dadaa and the corresponding upstream
change, BN_mod_word may fail, like BN_div_word. Handle this properly. Thanks to
Brian Smith for pointing this out. See BoringSSL's
44bedc348d9491e63c7ed1438db100a4b8a830be.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1251
2016-06-25 11:01:34 +02:00
David Benjamin
748e85308e Fix BN_is_prime* calls.
This function returns a tri-state -1 on error. See BoringSSL's
53409ee3d7595ed37da472bc73b010cd2c8a5ffd.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1251
2016-06-25 11:01:30 +02:00
FdaSilvaYY
823146d65f Useless header include of openssl/rand.h
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
2016-06-18 16:30:24 -04:00
Matt Caswell
d356dc5619 Add some missing return value checks
Some misc return value checks

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 17:38:39 +01:00
Andy Polyakov
7d6284057b bn/bn_add.c: favour counted loops over ifs and breaks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 12:35:39 +02:00
Kurt Roeckx
f3cf2251de Avoid creating illegal pointers
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1179
2016-06-11 16:43:53 +02:00
Rich Salz
53934822ac Clean up "generic" intro pod files.
Files like dh.pod, etc., mostly duplicated the API-specific pod files.
Removed the duplicated content; that often mean the whole file could
be removed.  Some of the content about internals got moved into README
files in the source tree.  Some content (e.g., err.pod) got moved
into other pod pages.

Annotate generic pages, remove dup NAME

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-09 16:39:19 -04:00
Matt Caswell
37258dadaa Fix BN_mod_word bug
On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems)
then BN_mod_word() can return incorrect results if the supplied modulus is
too big.

RT#4501

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-07 21:55:31 +01:00
Matt Caswell
02d6070430 Fix test failures when using enable-ubsan
Numerous test failures were occuring when Configured with enable-ubsan
although they could all be traced back to one issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-02 15:36:22 +01:00
Rich Salz
44c8a5e2b9 Add final(?) set of copyrights.
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:27:25 -04:00
Andy Polyakov
cfe1d9929e x86_64 assembly pack: tolerate spaces in source directory name.
[as it is now quoting $output is not required, but done just in case]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-29 14:12:51 +02:00
Andy Polyakov
bb83c8796b bn/bn_exp.c: explain 'volatile' in MOD_EXP_CTIME_COPY_FROM_PREBUF.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-27 22:58:49 +02:00
huangqinjin
58c03e3b92 fix BN_hex2bn()/BN_dec2bn() memory leak
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-27 10:04:26 +01:00
Richard Levitte
7030e35d07 build.info files: add quotes around any spec that may contain spaces
RT#4492

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-25 11:50:44 +02:00
Todd Short
e0a675e211 Clean up RAND_bytes() calls
When RAND_pseudo_bytes() was replaced with RAND_bytes(), this case
was not reduced to a simple RAND_bytes() call.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1117)
2016-05-24 08:55:12 -04:00
Rich Salz
0cd0a820ab Remove unused error/function codes.
Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 15:04:23 -04:00
Richard Levitte
f3fcd4d5e7 VMS: remove last VAX vestiges
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-23 19:36:55 +02:00
Kurt Roeckx
1544583bbc Avoid creating an illegal pointer
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1106
2016-05-22 12:05:15 +02:00
Kurt Roeckx
acc600928d Avoid creating an illegal pointer
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1106
2016-05-22 12:05:13 +02:00
Rich Salz
6aa36e8e5a Add OpenSSL copyright to .pl files
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-21 08:23:39 -04:00
Rich Salz
b6cff313cb Manual fixes after copyright consolidation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 17:38:18 -04:00
Rich Salz
4f22f40507 Copyright consolidation 06/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:04 -04:00
Rich Salz
49445f21da Use OPENSSL_hexchar2int
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 15:21:10 -04:00
Viktor Dukhovni
5c4328f04f Fold threads.h into crypto.h making API public
Document thread-safe lock creation

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 12:16:26 -04:00
Andy Polyakov
c6cb8e3ca4 Alpha assembly pack: make it work on Linux.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-04 08:51:08 +02:00
Dmitry-Me
399de49699 Improve comment
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 12:30:09 +02:00
Matt Caswell
b8f1c116a3 Don't free the BIGNUM passed to BN_mpi2bn
Commit 91fb42dd fixed a leak but introduced a problem where a parameter
is erroneously freed instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 09:05:23 +01:00
Matt Caswell
d71eb667c4 Don't leak memory on error in BN_generate_prime_ex
In BN_generate_prime_ex() we do some sanity checks first and return
with an error if they fail. We should do that *before* allocating any
resources to avoid a memory leak.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-28 13:13:09 +01:00
Matt Caswell
91fb42ddbe Free a BIGNUM on error in BN_mpi2bn
In the BN_mpi2bn() function, a failure of a call to BN_bin2bn() could
result in the leak of a previously allocated BIGNUM value.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-28 13:13:09 +01:00
Rich Salz
3fb2cf1ad1 Update copyright; generated files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:33:15 -04:00
Richard Levitte
45c6e23c97 Remove --classic build entirely
The Unix build was the last to retain the classic build scheme.  The
new unified scheme has matured enough, even though some details may
need polishing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 16:04:56 +02:00
Rich Salz
e0a651945c Copyright consolidation: perl files
Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:45:40 -04:00
Rich Salz
9021a5dfb3 Rename some lowercase API's
Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 08:22:00 -04:00
Andy Polyakov
20b88bb160 PPC assembly pack: remove branch hints.
As it turns out branch hints grew as kind of a misconception. In
addition their interpretation by GNU assembler is affected by
assembler flags and can end up with opposite meaning on different
processors. As we have to loose quite a lot on misinterprerations,
especially on newer processors, we just omit them altogether.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-04-07 21:27:24 +02:00
Andy Polyakov
463a7b8cb0 Clean-up *_DEBUG options.
Since NDEBUG is defined unconditionally on command line for release
builds, we can omit *_DEBUG options in favour of effective "all-on"
in debug builds exercised though CI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 21:18:00 +02:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Rich Salz
23d38992fc Remove ultrix/mips support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 15:29:15 -04:00
Emilia Kasper
0a86f66821 On Windows, page walking is known as __chkstk.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-15 23:56:23 +01:00
Emilia Kasper
1bf80d9302 Explain *cough*-dows
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-15 23:56:17 +01:00
Andy Polyakov
6bfb7db35a build.info/Makefile.in: Itanium fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 13:50:43 +01:00
Richard Levitte
f425f9dcff Add $(LIB_CFLAGS) for any build.info generator that uses $(CFLAGS)
The reason to do so is that some of the generators detect PIC flags
like -fPIC and -KPIC, and those are normally delivered in LD_CFLAGS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-13 00:02:55 +01:00
Andy Polyakov
12940f08f4 crypto/*/build.info: SPARC-specific fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:29:55 +01:00
Richard Levitte
a5aa63a456 Fix some assembler generating scripts for better unification
Some of these scripts would recognise an output parameter if it looks
like a file path.  That works both in both the classic and new build
schemes.  Some fo these scripts would only recognise it if it's a
basename (i.e. no directory component).  Those need to be corrected,
as the output parameter in the new build scheme is more likely to
contain a directory component than not.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-11 00:54:31 +01:00
Richard Levitte
f0667b1430 Add include directory options for assembler files that include from crypto/
Closes RT#4406

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 20:30:47 +01:00
Richard Levitte
5b14d5b5a0 Make sure the effect of "pic" / "no-pic" is used with assembler compilations
Before the 'Introduce the "pic" / "no-pic" config option' commit, the
shared_cflag value for the chosen config would be part of the make
variable CFLAG, which got replicated into CFLAGS and ASFLAGS.

Since said commit, the shared_cflag value has become a make variable
of its own, SHARED_CFLAG (which is left empty in a "no-pic" build).

However, ASFLAGS was forgotten.  That's what's corrected with this
change.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:33:23 +01:00
Alessandro Ghedini
0b1a07c8a7 Convert RSA blinding to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 23:52:48 +00:00
Andy Polyakov
eb77e8886d SPARCv9 assembly pack: unify build rules and argument handling.
Make all scripts produce .S, make interpretation of $(CFLAGS)
pre-processor's responsibility, start accepting $(PERLASM_SCHEME).
[$(PERLASM_SCHEME) is redundant in this case, because there are
no deviataions between Solaris and Linux assemblers. This is
purely to unify .pl->.S handling across all targets.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08 15:51:06 +01:00
Alessandro Ghedini
d188a53617 Convert CRYPTO_LOCK_{DH,DSA,RSA} to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Richard Levitte
6bd7a4d96c Unified - adapt the generation of bignum assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/bn/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 18:25:56 +01:00
Andy Polyakov
adc4f1fc25 bn/asm/x86[_64]-mont*.pl: complement alloca with page-walking.
Some OSes, *cough*-dows, insist on stack being "wired" to
physical memory in strictly sequential manner, i.e. if stack
allocation spans two pages, then reference to farmost one can
be punishable by SEGV. But page walking can do good even on
other OSes, because it guarantees that villain thread hits
the guard page before it can make damage to innocent one...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 14:58:14 +01:00
David Benjamin
bdbd3aea59 Consistently use arm_arch.h constants in armcap assembly code.
Most of the assembly uses constants from arm_arch.h, but a few references to
ARMV7_NEON don't. Consistently use the macros everywhere.

Signed-off-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 12:57:28 +01:00
Andy Polyakov
317be63875 bn/asm/x86_64-mont5.pl: unify gather procedure in hardly used path
and reorganize/harmonize post-conditions.

Additional hardening following on from CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Andy Polyakov
8fc8f486f7 crypto/bn/x86_64-mont5.pl: constant-time gather procedure.
At the same time remove miniscule bias in final subtraction.
Performance penalty varies from platform to platform, and even with
key length. For rsa2048 sign it was observed to be 4% for Sandy
Bridge and 7% on Broadwell.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Andy Polyakov
d6d422e1ec bn/asm/rsaz-avx2.pl: constant-time gather procedure.
Performance penalty is 2%.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Andy Polyakov
5ea08bd2fe bn/asm/rsax-x86_64.pl: constant-time gather procedure.
Performance penalty is 2% on Linux and 5% on Windows.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Andy Polyakov
d6482a82bc bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.
Performance penalty varies from platform to platform, and even
key length. For rsa2048 sign it was observed to reach almost 10%.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Matt Caswell
99ba9fd02f Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption
In the BN_hex2bn function the number of hex digits is calculated using
an int value |i|. Later |bn_expand| is called with a value of |i * 4|.
For large values of |i| this can result in |bn_expand| not allocating any
memory because |i * 4| is negative. This leaves ret->d as NULL leading
to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this
case memory is allocated to ret->d, but it is insufficiently sized
leading to heap corruption. A similar issue exists in BN_dec2bn.

This could have security consequences if BN_hex2bn/BN_dec2bn is ever
called by user applications with very large untrusted hex/dec data. This is
anticipated to be a rare occurrence.

All OpenSSL internal usage of this function uses data that is not expected
to be untrusted, e.g. config file data or application command line
arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be a rare.

Issue reported by Guido Vranken.

CVE-2016-0797

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-29 16:32:18 +00:00
David Woodhouse
78c830785c RT4339: Fix handling of <internal/bn_conf.h>
The entire contents of <internal/bn_conf.h> are unwanted in the UEFI
build because we have to do it differently there. To support building
for both 32-bit and 64-bit platforms without re-running the OpenSSL
Configure script, the EDK2 environment defines THIRTY_TWO_BIT or
SIXTY_FOUR_BIT for itself according to the target platform.

The current setup is broken, though. It checks for OPENSSL_SYS_UEFI but
before it's actually defined, since opensslconf.h hasn't yet been
included.

Let's fix that by including opensslconf.h. And also let's move the
bn_conf.h doesn't even need to *exist* in the UEFI build environment.

This is also GH PR736.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-23 13:18:23 -05:00
FdaSilvaYY
a2d0baa2d9 GH678: Add a few more zalloc
Remove some duplicated NULL/zero init.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-22 12:13:37 -05:00
Richard Levitte
45502bfe19 Always build library object files with shared library cflags
This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Richard Levitte
ce192ebed0 Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:43:09 +01:00
Rich Salz
d63a5e5e7d Remove outdated DEBUG flags.
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:14:50 -05:00
Richard Levitte
4418e0302f In the unified scheme, there is no $(TOP), use $(SRCDIR) instead
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 00:38:26 +01:00
Richard Levitte
de72be2e57 Pass $(CC) to perlasm scripts via the environment
It seems that on some platforms, the perlasm scripts call the C
compiler for certain checks.  These scripts need the environment
variable CC to have the C compiler command.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-13 19:21:36 +01:00
Rich Salz
3577398360 Missing header include.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 08:47:57 -05:00
Richard Levitte
5caef3b502 Add inclusion directory crypto/include for BN compilations
Some files in crypto/bn depend on internal/bn_conf.h, and so does
test/bntest.  Therefore, we add another inclusion directory.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 14:39:57 +01:00
Richard Levitte
567a9e6fe0 unified build scheme: add a "unified" template for Unix Makefile
This also adds all the raw sections needed for some files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:04 +01:00
Rich Salz
effaf4dee9 Use NON_EMPTY_TRANSLATION_UNIT, consistently.
This also closes RT 4123

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 20:13:29 -05:00
Andy Polyakov
6bc1dfd651 bn/Makefile.in: remove obsolete rules.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 15:54:36 +01:00
FdaSilvaYY
0d4fb84390 GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Dr. Stephen Henson
85a4807f94 New BN functions.
Add new function BN_bn2binpad() which checks the length of the output
buffer and pads the result with zeroes if necessary.

New functions BN_bn2lebinpad() and BN_lebin2bn() which use little endian
format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-02 17:17:38 +00:00
Richard Levitte
777a288270 unified build scheme: add build.info files
Now that we have the foundation for the "unified" build scheme in
place, we add build.info files.  They have been generated from the
Makefiles in the same directories.  Things that are platform specific
will appear in later commits.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-01 12:46:58 +01:00
Richard Levitte
9fe2bb77c4 unified build scheme: a first introduction
The "unified" build scheme revolves around small information files,
build.info, which each describe their own bit of everything that needs
to be built, using a mini-language described in Configurations/README.

The information in build.info file contain references to source files
and final result.  Object files are not mentioned at all, they are
simply from source files.  Because of this, all the *_obj items in
Configurations/*.conf are renamed to *_asm_src and the files listed
in the values are change from object files to their corresponding
source files.  For the sake of the other build schemes, Configure
generates corresponding *_obj entries in %target.

Furthermore, the "unified" build scheme supports having a build
directory tree separate from the source directry tree.

All paths in a build.info file is assumed to be relative to its
location, either within the source tree or within the build tree.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-01 12:46:58 +01:00
Rich Salz
94af0cd7f3 Move more BN internals to bn_lcl.h
There was an unused macro in ssl_locl.h that used an internal
type, so I removed it.
Move bio_st from bio.h to ossl_type.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-30 16:54:35 -05:00
Rich Salz
ced2c2c598 Templatize util/domd
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 16:56:07 -05:00
Emilia Kasper
d8ca44ba41 Always DPURIFY
The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-29 16:33:13 +01:00
Viktor Dukhovni
7eba4e6207 Restore NUMPRIMES as a numeric literal
This fixes clang compilation problem with size_t NUMPRIMES and int
loop counters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-28 06:36:55 -05:00
Rich Salz
b4f35e5e07 Remove EIGHT_BIT and SIXTEEN_BIT
Also cleaned up bn_prime.pl to current coding style.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-27 19:10:13 -05:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Rich Salz
dc193c9c5e Move & split opensslconf.h.in
Move opensslconf.h.in to include/openssl.
Split off DES,BN,RC4 stuff into separate header file
templates in crypto/include/internal/*_conf.h.in

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-25 09:44:08 -05:00
Rich Salz
8cef1212f3 Consolidate "make update"
Rename 'update' to 'generate'.  Rather than recurse, just explicitly
call the three generate targets directly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-20 09:09:14 -05:00
Rich Salz
ee6d9f4eb6 Remove some old makefile targets
Remove lint, tags, dclean, tests.
This is prep for a new makedepend scheme.
This is temporary pending unified makefile, and might help it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-17 14:47:32 -05:00
Rich Salz
d10dac1187 Move Makefiles to Makefile.in
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-12 16:26:56 -05:00
Viktor Dukhovni
8707e3be0c Update comment as bn_dup_expand is gone
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-08 12:53:39 -05:00
Viktor Dukhovni
98186eb4e4 Backwards-compatibility subject to OPENSSL_API_COMPAT
Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 20:53:18 -05:00
Andy Polyakov
b859d70d4a bn/asm/bn-c64xplus.asm: update commentary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-22 10:30:03 +01:00
Matt Caswell
79caf5d323 Fix URLs mangled by reformat
Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-19 20:33:00 +00:00
Emilia Kasper
d911097d7c Fix a ** 0 mod 1 = 0 for real this time.
Commit 2b0180c37f attempted to do this but
only hit one of many BN_mod_exp codepaths. Fix remaining variants and add
a test for each method.

Thanks to Hanno Boeck for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-14 17:39:39 +01:00
Andy Polyakov
b974943234 x86_64 assembly pack: tune clang version detection even further.
RT#4171

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-13 22:18:18 +01:00
Andy Polyakov
a285992763 ARMv4 assembly pack: allow Thumb2 even in iOS build,
and engage it in most modules.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-07 12:06:06 +01:00
Andy Polyakov
29851264f1 bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193).
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-03 13:12:01 +00:00
Rich Salz
d59c7c81e3 Remove BN_init
Rename it to be an internal function bn_init.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-30 16:10:12 -05:00
Matt Caswell
fd7d252060 Tighten up BN_with_flags usage and avoid a reachable assert
The function rsa_ossl_mod_exp uses the function BN_with_flags to create a
temporary copy (local_r1) of a BIGNUM (r1) with modified flags. This
temporary copy shares some state with the original r1. If the state of r1
gets updated then local_r1's state will be stale. This was occurring in the
function so that when local_r1 was freed a call to bn_check_top was made
which failed an assert due to the stale state. To resolve this we must free
local_r1 immediately after we have finished using it and not wait until the
end of the function.

This problem prompted a review of all BN_with_flag usage within the
codebase. All other usage appears to be correct, although often not
obviously so. This commit refactors things to make it much clearer for
these other uses.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-11-26 10:20:36 +00:00
Andy Polyakov
76eba0d94b x86_64 assembly pack: tune clang version detection.
RT#4142

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-23 16:00:06 +01:00
Pascal Cuoq
9f6795e7d2 BN_usub: Don't copy when r and a the same
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

RT #4100, MR #1264
2015-11-20 22:29:53 +01:00
Andy Polyakov
e4693b4e2a bn/asm/ppc64-mont.pl: adapt for little-endian.
The problem remained unnoticed so far, because it's never called by default.
You have to craft OPENSSL_ppccap environment variable to trigger the problem.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-16 13:40:41 +01:00
Andy Polyakov
9d0e4dc635 bn/asm/s390x.S: improve performance on z196 and z13 by up to 26%. [even z10 is couple percent faster]. Triggered by RT#4128, but solves the problem by real modulo-scheduling.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-16 13:10:45 +01:00
Matt Caswell
90945fa31a Continue standardising malloc style for libcrypto
Continuing from previous commit ensure our style is consistent for malloc
return checks.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-09 22:48:41 +00:00
Dr. Stephen Henson
b8fb59897b Rebuild error source files.
Rebuild error source files: the new mkerr.pl functionality will now
pick up and translate static function names properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-05 15:48:37 +00:00
Rich Salz
b0700d2c8d Replace "SSLeay" in API with OpenSSL
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 17:21:42 -04:00
Pascal Cuoq
94b3664a52 BN_GF2m_mod_inv(): check bn_wexpand return value
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

MR #1276, RT #4107
2015-10-29 20:34:24 +01:00
Ben Laurie
2f1a5d1694 Fix undeclared variable warnings.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-10-24 16:42:51 +01:00
Alessandro Ghedini
d900a015b5 Fix typos
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Alessandro Ghedini
3f6c769187 Fix memory leaks and other mistakes on errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Richard Levitte
5212d39bd9 Only include SRP headers when OPENSSL_NO_SRP is undefined
[fixes github issue #447]

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-22 23:45:45 +02:00
Pascal Cuoq
f92768e6f5 Set flags to 0 before calling BN_with_flags()
BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
overwrites everything else.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
2015-10-07 18:54:12 +02:00
Alessandro Ghedini
2d28462373 Fix travis builds on master
-Allow mingw debug builds to fail on Travis CI
-Fix Travis email notifications config
-Rename a variable to avoid a bogus warning with old GCC
 error: declaration of ``dup'' shadows a global declaration [-Werror=shadow]
-Disable pedantic ms-format warnings with mingw
-Properly define const DH parameters
-Restore --debug flag in Travis CI builds; -d would get incorrectly passed
 to ./Configure in mingw debug builds.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-06 12:30:47 -04:00
Andy Polyakov
8eed3289b2 bn/asm/armv4-mont.pl: boost NEON performance.
Close difference gap on Cortex-A9, which resulted in further improvement
even on other processors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-30 17:48:30 +02:00
Andy Polyakov
11208dcfb9 ARMv4 assembly pack: implement support for Thumb2.
As some of ARM processors, more specifically Cortex-Mx series, are
Thumb2-only, we need to support Thumb2-only builds even in assembly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-25 13:34:02 +02:00
Dr. Stephen Henson
37f3a3b327 make no-dh work
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 12:50:55 +01:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Rich Salz
8e704858f2 RT3955: Reduce some stack usage
Use malloc/free instead of big onstack buffers.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05 17:40:48 -04:00
Rich Salz
64b25758ed remove 0 assignments.
After openssl_zalloc, cleanup more "set to 0/NULL" assignments.
Many are from github feedback.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 16:26:34 -04:00
Rich Salz
b51bce9420 Add and use OPENSSL_zalloc
There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-02 22:05:37 -04:00
Emilia Kasper
a9009e518c BN_mod_exp_mont_consttime: check for zero modulus.
Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs.

Follow-up to b11980d79a

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 19:25:59 +02:00
Rich Salz
3c65047d30 Fix memory over-read
Fix from David Baggett via tweet.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-27 17:29:46 -04:00
Rich Salz
22dc08d00a BN_bin2bn handle leading zero's
If a binary sequence is all zero's, call BN_zero.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-26 07:00:43 -04:00
Matt Caswell
6a009812b2 Check for 0 modulus in BN_MONT_CTX_set
The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.

This is a follow on from CVE-2015-1794.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-11 19:57:01 +01:00
Rich Salz
fbfcb22439 RT3999: Remove sub-component version strings
Especially since after the #ifdef cleanups this is not useful.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-10 12:13:32 -04:00
Loganaden Velvindron
1a586b3942 Clear BN-mont values when free'ing it.
From a CloudFlare patch.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-07-31 13:38:15 -04:00
Emilia Kasper
f4ee22be03 rsaz_exp.h: align license with the rest of the contribution
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-23 14:20:28 +02:00
Rich Salz
9f040d6dec Some cleanups for crypto/bn
Create bn_free_d utility routine and use it.
Fix RT3950
Also a missing cleanse, from Loganaden Velvindron (loganaden@gmail.com),
who noticed it in a Cloudflare patch.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-22 14:43:05 -04:00
Richard Levitte
053fa39af6 Conversion to UTF-8 where needed
This leaves behind files with names ending with '.iso-8859-1'.  These
should be safe to remove.  If something went wrong when re-encoding,
there will be some files with names ending with '.utf8' left behind.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-14 01:10:01 +02:00
Rich Salz
74924dcb38 More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-23 17:09:35 -04:00
Richard Levitte
a1c506ae9e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-23 02:59:47 +02:00
Richard Levitte
ed45f3c242 Rearrange rsaz
A small rearrangement so the inclusion of rsaz_exp.h would be
unconditional, but what that header defines becomes conditional.

This solves the weirdness where rsaz_exp.h gets in and out of the
dependency list for bn_exp.c, depending on the present architecture.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-23 02:59:47 +02:00
Andy Polyakov
4924b37ee0 bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
CVE-2015-1788

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-11 13:34:13 +02:00
Matt Caswell
c56353071d Fix off-by-one error in BN_bn2hex
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.

With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-04 09:23:02 +01:00
Dr. Stephen Henson
97cacc537e make update.
Make update with manual edit so EVP_PKEY_asn1_set_item uses the same
ordinal as 1.0.2.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-03 15:39:29 +01:00
Andy Polyakov
60c268b21a bn/bn_lcl.h: fix MIPS-specific gcc version check.
RT#3859

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-26 10:06:28 +02:00
Andy Polyakov
69567687b0 bn/asm/x86_64-mont5.pl: fix valgrind error.
bn_get_bits5 was overstepping array boundary by 1 byte. It was exclusively
read overstep and data could not have been used. The only potential problem
would be if array happens to end on the very edge of last accesible page.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-24 21:30:39 +02:00
Andy Polyakov
86e5d1e32b bn/bn_gf2m.c: appease STACK, unstable code detector.
RT#3852

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-24 21:25:59 +02:00
Matt Caswell
efee575ad4 Fix off-by-one in BN_rand
If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-22 23:40:38 +01:00
Matt Caswell
7cc18d8158 Reject negative shifts for BN_rshift and BN_lshift
The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-22 23:15:02 +01:00
Richard Levitte
0f539dc1a2 Fix the update target and remove duplicate file updates
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-22 18:44:33 +02:00
Andy Polyakov
579734ced6 bn/asm/vis3-mont.pl: fix intermittent EC failures on SPARC T3.
BLKINIT optimization worked on T4, but for some reason appears "too
aggressive" for T3 triggering intermiitent EC failures. It's not clear
why only EC is affected...

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-20 09:11:25 +02:00
Richard Levitte
a3aadb2d9c make depend
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:38:31 +02:00
Richard Levitte
b39fc56061 Identify and move common internal libcrypto header files
There are header files in crypto/ that are used by a number of crypto/
submodules.  Move those to crypto/include/internal and adapt the
affected source code and Makefiles.

The header files that got moved are:

crypto/cryptolib.h
crypto/md32_common.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:21:40 +02:00
Andy Polyakov
7ee7f92025 bn/Makefile: give MacOS X hand to compiler armv8-mont module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-13 17:14:22 +02:00
Andy Polyakov
d38f1b39f1 bn/asm/armv8-mont.pl: boost performance.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-13 17:14:00 +02:00
Rich Salz
16f8d4ebf0 memset, memcpy, sizeof consistency fixes
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy.  Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-05 22:18:59 -04:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00
Dr. Stephen Henson
b6eb9827a6 Add OSSL_NELEM macro.
Add OSSL_NELEM macro to e_os.h to determine the number of elements in an
array.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 12:53:08 +01:00
Rich Salz
b548a1f11c free null cleanup finale
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Rich Salz
23a1d5e97c free NULL cleanup 7
This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 21:37:06 -04:00
Rich Salz
4b45c6e52b free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Rich Salz
b196e7d936 remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00
Emilia Kasper
e22d2199e2 Error checking and memory leak fixes in NISTZ256.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 16:21:48 +02:00
Andy Polyakov
313e6ec11f Add assembly support for 32-bit iOS.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-20 15:06:22 +02:00
Andy Polyakov
cb2ed54582 Add ARMv8 Montgomery multiplication module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-20 14:39:34 +02:00
Richard Levitte
a80e33b991 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant
With no more symlinks, there's no need for those variables, or the links
target.  This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.

Also, removed METHTEST from test/Makefile.  It looks like an old test that's
forgotten...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Matt Caswell
266483d2f5 RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:38:07 +00:00
Matt Caswell
e4676e900f Fix probable_prime over large shift
In the probable_prime() function we behave slightly different if the number
of bits we are interested in is <= BN_BITS2 (the num of bits in a BN_ULONG).
As part of the calculation we work out a size_limit as follows:

    size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;

There is a problem though if bits == BN_BITS2. Shifting by that much causes
undefined behaviour. I did some tests. On my system BN_BITS2 == 64. So I
set bits to 64 and calculated the result of:

    (((BN_ULONG)1) << bits)

I was expecting to get the result 0. I actually got 1! Strangely this...

    (((BN_ULONG)0) << BN_BITS2)

...does equal 0! This means that, on my system at least, size_limit will be
off by 1 when bits == BN_BITS2.

This commit fixes the behaviour so that we always get consistent results.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-17 13:41:49 +00:00
Matt Caswell
8c5a7b33c6 Fix error handling in bn_exp
In the event of an error |rr| could be NULL. Therefore don't assume you can
use |rr| in the error handling code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-12 09:18:22 +00:00
Matt Caswell
efb4597345 Remove some functions that are no longer used and break the build with:
./config --strict-warnings enable-deprecated

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 14:33:03 +00:00
Andy Polyakov
c2cfc956e5 bn/bn_add.c: fix dead code elimination that went bad.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-09 15:54:58 +01:00
Rich Salz
06cf881a3a Final (for me, for now) dead code cleanup
This is a final pass looking for '#if 0'/'#if 1' controls and
removing the appropriate pieces.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-08 18:48:09 -05:00
Rich Salz
fe6d2a339b Use memset in bn_mont
Use memset() not inline code.  Compilers are smarter now.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-05 15:07:40 -05:00
Rich Salz
9ccc00ef6e Dead code cleanup: #if 0 dropped from tests
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:11:34 -05:00
Richard Levitte
c6ef15c494 clang on Linux x86_64 complains about unreachable code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-29 01:54:09 +01:00
Rich Salz
1a5adcfb5e "#if 0" removal: header files
Remove all "#if 0" blocks from header files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-27 17:44:12 -05:00
Rich Salz
474e469bbd OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 12:34:45 -05:00
Rich Salz
a00ae6c46e OPENSSL_NO_xxx cleanup: many removals
The following compile options (#ifdef's) are removed:
    OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
    OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
    OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
    OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY

This diff is big because of updating the indents on preprocessor lines.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:06:22 -05:00
Rich Salz
c436e05bdc Remove unused eng_rsax and related asm file
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-24 16:27:03 -05:00
Rich Salz
a2b18e657e ifdef cleanup, part 4a: '#ifdef undef'
This removes all code surrounded by '#ifdef undef'
One case is left: memmove() replaced by open-coded for loop,
in crypto/stack/stack.c  That needs further review.

Also removed a couple of instances of /* dead code */ if I saw them
while doing the main removal.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-24 10:58:38 -05:00
Matt Caswell
35a1cc90bc More comment realignment
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
50e735f9e5 Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
68d39f3ce6 Move more comments that confuse indent
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
7a2cb6f034 Fix indent comment corruption issue
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
f4c46d0aab bn/bn_const.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
c27310f938 bn/asm/x86_64-gcc.cL make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
7cc63545a3 bn/bn_asm.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
0546db3ef7 bn/bn_exp.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
dbd87ffc21 indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
985a9af813 bn/bntest.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Andy Polyakov
e95bbc3ca6 bn/bn_recp.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Andy Polyakov
5f0b444899 bn/rsaz_exp.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Matt Caswell
e636e2acd7 Fix source where indent will not be able to cope
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:06 +00:00
Matt Caswell
c80fd6b215 Further comment changes for reformat (master)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:19:59 +00:00
Rich Salz
4b618848f9 Cleanup OPENSSL_NO_xxx, part 1
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
	OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
	OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Andy Polyakov
b3d7294976 Add Broadwell performance results.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-01-13 21:40:14 +01:00
Dr. Stephen Henson
a5a412350d Remove use of BN_init, BN_RECP_CTX_init from bntest
BN_init and BN_RECP_CTX_init are deprecated and are not exported
from shared libraries on some platforms (e.g. Windows) convert
bntest to use BN_new and BN_RECP_CTX_new instead.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-13 15:39:37 +00:00
Rich Salz
6d23cf9744 RT3548: Remove unsupported platforms
This last one for this ticket.  Removes WIN16.
So long, MS_CALLBACK and MS_FAR.  We won't miss you.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 17:30:54 -05:00
Rich Salz
fcf64ba0ac RT3548: Remove some unsupported platforms.
This commit removes NCR, Tandem, Cray.
Regenerates TABLE.
Removes another missing BEOS fluff.
The last platform remaining on this ticket is WIN16.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 10:40:00 -05:00
Andy Polyakov
a7a44ba55c Fix for CVE-2014-3570 (with minor bn_asm.c revamp).
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2015-01-08 15:49:45 +00:00
Matt Caswell
3a83462dfe Further comment amendments to preserve formatting prior to source reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Andy Polyakov
219338115b Revert "CHANGES: mention "universal" ARM support."
This reverts commit 4fec915069.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 12:11:01 +01:00
Andy Polyakov
4fec915069 CHANGES: mention "universal" ARM support.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 11:10:01 +01:00
Andy Polyakov
c1669e1c20 Remove inconsistency in ARM support.
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-04 23:45:08 +01:00