generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,795 Commits 16 Branches 258 Tags
Commit Graph

641 Commits

Author SHA1 Message Date
Dr. Stephen Henson
c58f4f73bd Tolerate test_sqr errors for FIPS builds. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-03-14 22:21:21 +00:00
Matt Caswell
02f0c26cea Re-align some comments after running the reformat script. 
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 0.9.8 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:53:07 +00:00
Matt Caswell
40720ce3ca Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:55 +00:00
Matt Caswell
9d03aabea3 More comment changes required for indent 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:49 +00:00
Matt Caswell
13270477f4 Move more comments that confuse indent 
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Conflicts:
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/ec/ecp_oct.c
	crypto/modes/gcm128.c
	ssl/ssl_locl.h

Conflicts:
	apps/apps.c
	crypto/crypto.h
	crypto/rand/md_rand.c
	ssl/d1_pkt.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:21 +00:00
Matt Caswell
175af9de89 Fix indent comment corruption issue 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:49 +00:00
Andy Polyakov
4191a11f36 bn/bn_const.c: make it indent-friendly. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:38 +00:00
Andy Polyakov
f6e4701f2a bn/asm/x86_64-gcc.cL make it indent-friendly. 
Conflicts:
	crypto/bn/asm/x86_64-gcc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:32 +00:00
Andy Polyakov
86183798f3 bn/bn_asm.c: make it indent-friendly. 
Conflicts:
	crypto/bn/bn_asm.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:26 +00:00
Andy Polyakov
b527959318 bn/bn_exp.c: make it indent-friendly. 
Conflicts:
	crypto/bn/bn_exp.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:21 +00:00
Matt Caswell
c7c7a432df indent has problems with comments that are on the right hand side of a line. 
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
	crypto/bn/bn.h
	crypto/ec/ec_lcl.h
	crypto/rsa/rsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl.h
	ssl/ssl3.h

Conflicts:
	crypto/ec/ec_lcl.h
	ssl/tls1.h

Conflicts:
	crypto/ec/ecp_nistp224.c
	crypto/evp/evp.h
	ssl/d1_both.c
	ssl/ssl.h
	ssl/ssl_lib.c

Conflicts:
	crypto/bio/bss_file.c
	crypto/ec/ec_lcl.h
	crypto/evp/evp.h
	crypto/store/str_mem.c
	crypto/whrlpool/wp_block.c
	crypto/x509/x509_vfy.h
	ssl/ssl.h
	ssl/ssl3.h
	ssl/ssltest.c
	ssl/t1_lib.c
	ssl/tls1.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:57 +00:00
Andy Polyakov
366b193f89 bn/bntest.c: make it indent-friendly. 
Conflicts:
	crypto/bn/bntest.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:26 +00:00
Andy Polyakov
402eec1ae5 bn/bn_recp.c: make it indent-friendly. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:22 +00:00
Matt Caswell
00ea17f9d7 Fix source where indent will not be able to cope 
Conflicts:
	apps/ciphers.c
	ssl/s3_pkt.c

Conflicts:
	crypto/ec/ec_curve.c

Conflicts:
	crypto/ec/ec_curve.c
	ssl/s3_clnt.c
	ssl/s3_srvr.c
	ssl/ssl_sess.c

Conflicts:
	apps/ciphers.c
	crypto/bn/bn.h
	crypto/ec/ec_curve.c
	ssl/t1_enc.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:49:13 +00:00
Matt Caswell
3e8042c38f Additional comment changes for reformat of 0.9.8 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:49:06 +00:00
Matt Caswell
564ccc55d6 Further comment amendments to preserve formatting prior to source reformat 
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)

Conflicts:
	crypto/x509v3/pcy_tree.c

Conflicts:
	apps/apps.c
	ssl/ssltest.c

Conflicts:
	apps/apps.c
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	ssl/s3_cbc.c
	ssl/ssl_sess.c
	ssl/t1_lib.c

Conflicts:
	crypto/bio/b_sock.c
	crypto/pem/pem.h
	crypto/x509/x509_vfy.c
	crypto/x509v3/pcy_tree.c
	ssl/s3_both.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:48:59 +00:00
Tim Hudson
b558c8d597 mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Conflicts:
	crypto/rc4/rc4_enc.c
	crypto/x509v3/v3_scts.c
	crypto/x509v3/v3nametest.c
	ssl/d1_both.c
	ssl/s3_srvr.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_lib.c

Conflicts:
	crypto/asn1/a_sign.c
	crypto/bn/bn_div.c
	crypto/dsa/dsa_asn1.c
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/modes/gcm128.c
	crypto/opensslv.h
	ssl/d1_both.c
	ssl/heartbeat_test.c
	ssl/s3_clnt.c
	ssl/s3_srvr.c
	ssl/ssl_sess.c
	ssl/t1_lib.c
	test/testutil.h

Conflicts:
	apps/openssl.c
	apps/ts.c
	apps/vms_decc_init.c
	crypto/aes/aes_core.c
	crypto/aes/aes_x86core.c
	crypto/dsa/dsa_ameth.c
	crypto/ec/ec2_mult.c
	crypto/evp/evp.h
	crypto/objects/objects.h
	crypto/rsa/rsa_pss.c
	crypto/stack/safestack.h
	crypto/ts/ts.h
	crypto/ts/ts_rsp_verify.c
	crypto/whrlpool/wp_dgst.c
	crypto/x509v3/v3_ncons.c
	e_os2.h
	engines/ccgost/gost89.c
	engines/ccgost/gost_ctl.c
	engines/ccgost/gost_keywrap.c
	engines/ccgost/gost_keywrap.h
	engines/ccgost/gost_sign.c
	ssl/kssl.c
	ssl/s3_srvr.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:48:44 +00:00
Andy Polyakov
4b4c0a1921 Fix for CVE-2014-3570. 
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de)
 2015-01-08 11:28:17 +00:00
Dr. Stephen Henson
f33636faf7 Don't try 1**0 test with FIPS. 
The 1**0 test will fail for FIPS capable builds because it uses the
old BIGNUM code in the 1.2 FIPS module which can't be fixed.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-10-16 04:40:50 +01:00
Adam Langley
45d129511f Ensure that x**0 mod 1 = 0. 
(cherry picked from commit 2b0180c37fa6ffc48ee40caa831ca398b828e680)

Reviewed-by: Ben Laurie <ben@openssl.org>
 2014-09-04 16:07:39 +02:00
Adam Langley
fee8d86d7a Add volatile qualifications to two blocks of inline asm to stop GCC from 
eliminating them as dead code.

Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.

(cherry picked from commit 7753a3a68431aa81b82beea4c3f5374b41454679)

Conflicts:
	crypto/bn/asm/x86_64-gcc.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a90b1e32d2f697d1aa39b49038469e2ea40d5e7b)
 2014-08-19 17:12:08 +02:00
Matt Caswell
02fef91630 Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data. 
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
 2014-07-13 22:36:03 +01:00
Huzaifa Sidhpurwala
54985b5061 Make sure BN_sqr can never return a negative value. 
PR#3410
(cherry picked from commit e14e764c0d5d469da63d0819c6ffc0e1e9e7f0bb)
 2014-06-26 23:52:18 +01:00
Dr. Stephen Henson
0a9b8dd1b4 Fix 0.9.8 FIPS capable OpenSSL build. 
The object file bn_lib.o is excluded from FIPS builds which causes
a linker error for BN_consttime_swap. So move definition from bn_lib.c
to bn_gf2m.c

This change is *only* needed for OpenSSL 0.9.8 which uses the 1.2
FIPS module.
 2014-06-06 12:31:13 +01:00
Geoff Thorpe
a721216f0f bignum: allow concurrent BN_MONT_CTX_set_locked() 
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
 2014-05-06 18:23:49 -04:00
mancha
fff69a7d8c Fix for CVE-2014-0076 backported to 0.9.8 branch 
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.

Thanks for mancha for backporting the fix to OpenSSL 0.9.8 branch.
 2014-03-27 00:55:08 +00:00
Andy Polyakov
1213e6c3c2 bn_word.c: fix overflow bug in BN_add_word. 
(cherry picked from commit 134c00659a1bc67ad35a1e4620e16bc4315e6e37)
 2013-02-05 16:50:36 +00:00
Andy Polyakov
2ee77d36a0 x86-mont.pl: fix bug in integer-only squaring path [from HEAD]. 
PR: 2648
 2011-12-09 14:28:48 +00:00
Andy Polyakov
65f7456652 ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. 
PR: 2636
Submitted by: Charles Bryant
 2011-11-05 10:17:06 +00:00
Bodo Möller
195d6bf760 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:57:59 +00:00
Dr. Stephen Henson
22152d6885 PR: 2540 
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().
 2011-06-22 15:23:20 +00:00
Dr. Stephen Henson
05bbbe9204 PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2010-10-11 23:28:54 +00:00
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Andy Polyakov
02312a91ca ppc.pl: assembler Y chokes on apostrophes in comment. 2010-03-22 20:58:43 +00:00
Ben Laurie
ed4cd027f3 Fix warnings. 2010-02-28 13:37:15 +00:00
Bodo Möller
3e4da3f7cb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:41 +00:00
Dr. Stephen Henson
1ff44a99a4 PR: 2111 
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
 2009-12-02 15:27:19 +00:00
Dr. Stephen Henson
ae37f9f3a2 PR: 2062 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BN_rand error handling in bntest.c
 2009-10-01 00:22:23 +00:00
Dr. Stephen Henson
15684f58c2 Update from 1.0.0-stable. 2009-06-17 11:49:18 +00:00
Dr. Stephen Henson
0e6c24ae4b Update from HEAD. 2009-06-17 11:26:39 +00:00
Dr. Stephen Henson
a78ded0b61 PR: 1700 
Submitted by: "Robbins, Aharon" <aharon.robbins@intel.com>
Approved by: steve@openssl.org

#undef X509_EXTENSIONS for WIN32 too.
 2009-04-03 16:54:04 +00:00
Dr. Stephen Henson
72f6453c48 PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:50:14 +00:00
Andy Polyakov
e607e731eb Synchronize with bn_nist.c from HEAD. 2008-12-30 13:41:08 +00:00
Dr. Stephen Henson
3795297af8 Change old obsolete email address... 2008-11-05 18:36:57 +00:00
Andy Polyakov
8d64abacc6 Fix crash in BN_rshift [from HEAD]. 
PR: 1663
 2008-10-28 13:47:38 +00:00
Ben Laurie
b76306c983 Constification. 2008-10-18 14:27:36 +00:00
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
9b809d6278 Add missing files. 2008-09-16 22:54:30 +00:00
Dr. Stephen Henson
d83dde6180 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
0067bd77a8 Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies. 2008-09-16 11:08:24 +00:00