| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handling of padding. This fixes a crash that can be triggered by feeding
base64 data followed by 64 or more padding characters, which results in a
negative output length.
This issue was reported by David Ramos, although the same bug has been
sitting in the OpenSSL RT since 2011:
https://rt.openssl.org/Ticket/Display.html?id=2608
Worse still, BIO_read seems to be completely unable to detect that the
base64 input was invalid/corrupt - in particular, enabling
BIO_FLAGS_BASE64_NO_NL results in a stream of zero value bytes rather than
no input (possibly a good replacement for /dev/null...), which could
result in nasty consequences. Prior to this fix some zero value bytes were
also injected without this flag being enabled.
The recently added base64 regress triggers and documents these issues
(and also ensures that this change retains functional behaviour).
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Assembler bits for AES remain commented out as they run slower than the C code.
|
| |
|
|
|
| |
a SIGILL handler.
Do not attempt to detect and use a 64-bit FPU yet.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
things. Worth doing as it's twice faster than the C code.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
processor (PA2.0) and, if so, switches to 64-bit code.
However, when running under a 32-bit OpenBSD/hppa kernel, there is no guarantee
that the upper part of the registers will be preserved accross context switches
(or even userland->kernel boundaries), which causes this code to fail.
Wrap the generated code within #ifndef __OpenBSD__ in that case, to avoid
using the 64-bit code completely. (OpenBSD/hppa64, once stable, will not be
affected by this)
|
| | |
|
| |
|
|
| |
RC4 assembler code is not used, as it runs about 35% slower than the C code.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
| |
While not to be considered a good choice of elliptic curve (refer to
http://safecurves.cr.yp.to/ for more details), it is nevertheless deemed a
good decision to allow developers with requirements to use such a curve,
to be able to do this via a crypto library allowing for much better choices
to be made, without having to change (much of) their code to get better crypto.
ok beck@ deraadt@
|
| |
|
|
|
| |
Be sure to rerun `make includes' after updating.
ok tedu@ beck@ deraadt@
|
| |
|
|
|
|
|
| |
OpenSSL FIPS module to prevent forbidden digests to be allowed.
No functional change but readability.
ok deraadt@
|
| |
|
|
|
|
|
| |
scripts. We certainly do not need an identical copy of the win64
exception handler in each script (surely one copy would be sufficient).
ok miod@
|
| |
|
|
|
|
|
|
| |
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
avoid unreadable/unmaintainable constructs like that:
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
0,
"CMAC",
"OpenSSL CMAC method",
0,0,0,0,
0,0,0,
cmac_size,
0,
0,0,0,0,0,0,0,
cmac_key_free,
0,
0,0
};
ok matthew@ deraadt@
|
| |
|
|
| |
No functional change.
|
| |
|
|
| |
redefine OPENSSL_EXTERN from `extern' to `extern'.
|
| |
|
|
|
| |
declaration to pass -Wextra, should we want to add it to CFLAGS.
No binary change.
|
| |
|
|
| |
ok miod@
|
| | |
|
| |
|
|
|
|
|
|
| |
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@
|
| | |
|
| | |
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok miod@
|
| | |
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
Suggested by miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intent of this change is to only keep support for two kind of architectures:
- those with 32-bit int and long, and 64-bit long long, where
``long * long -> long long'' multiplication routines are available.
- those with 64-bit int and long, and no 128-bit long long type.
This gets rid of the SIXTY_FOUR_BIT_LONG, SIXTY_FOUR_BIT (not the same!),
THIRTY_TWO_BIT, SIXTEEN_BIT and EIGHT_BIT defines.
After this change, the types and defines are as follows:
arch: 64bit 32bit rationale
BN_LLONG undefined defined defined if l * l -> ll
BN_ULLONG undefined u long long result of BN_LONG * BN_LONG
BN_ULONG u long u int native register size
BN_LONG long int the same, signed
BN_BITS 128 64 size of 2*BN_ULONG in bits
BN_BYTES 8 4 size of 2*BN_ULONG in bytes
BN_BITS2 64 32 BN_BITS / 2
Tested on various 32-bit and 64-bit OpenBSD systems of various endianness.
|
