Commit graph

75 commits

Author SHA1 Message Date
Matt Caswell
40720ce3ca Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:52:55 +00:00
Andy Polyakov
dd7ad2c53d crypto/cryptlib.c: make it indent-friendly.
Conflicts:
	crypto/cryptlib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:50:31 +00:00
Dr. Stephen Henson
09caf4ffcd Avoid Windows 8 Getversion deprecated errors.
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041)

Conflicts:
	apps/apps.c
	crypto/bio/bss_log.c

Backported by Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openss.org>
2015-01-13 09:30:24 +00:00
Dr. Stephen Henson
24b2806097 Move CRYPTO_memcmp to o_init.c when compiling with fips: cryptlib.o
is in the fips module for fips capable builds.
2013-02-05 16:50:34 +00:00
Ben Laurie
2708813166 Add and use a constant-time memcmp.
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a)

Conflicts:
	crypto/crypto.h
	ssl/t1_lib.c
(cherry picked from commit dc406b59f3169fe191e58906df08dce97edb727c)

Conflicts:
	crypto/crypto.h
	ssl/d1_pkt.c
	ssl/s3_pkt.c
2013-02-05 16:50:32 +00:00
Dr. Stephen Henson
87d14a3625 PR: 2470
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.
2011-06-22 15:39:19 +00:00
Dr. Stephen Henson
e1246e1ad7 Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:20:38 +00:00
Dr. Stephen Henson
8067d34b3a FIPS merge "crypto" functions. 2008-09-16 15:11:50 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
Fix various "computed value not used" warnings too.
2007-09-06 12:43:54 +00:00
Dr. Stephen Henson
e31c620686 Update from fips2 branch. 2007-02-03 17:32:14 +00:00
Andy Polyakov
2d54cc69c9 WCE update, mostly typos [from HEAD]. 2005-08-03 20:04:05 +00:00
Andy Polyakov
93cf2b17bf WCE-specific fix for cryptlib.c [from HEAD]. 2005-08-02 22:21:07 +00:00
Andy Polyakov
dabaea8048 To secure Win64 API I'm throwing in this minimalistic Win64 support. 2005-07-04 23:24:12 +00:00
Andy Polyakov
886ed3544b Move _WIN32_WINNT definition from command line to e_os.h [from HEAD]. 2005-05-21 13:19:46 +00:00
Andy Polyakov
34c7ff6dc9 Cygwin doesn't expose Win32 [not "officially"]. 2005-05-03 21:20:17 +00:00
Richard Levitte
630e4a6e59 Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where
util/libeay.num is important when building shared libraries, like
VMS.
2005-04-21 09:10:19 +00:00
Andy Polyakov
1bf955920a Fix typos. 2005-04-13 15:41:11 +00:00
Andy Polyakov
51d28013db Introduce OPENSSL_NONPIC_relocated to denote relocated DLLs. 2005-04-13 08:46:35 +00:00
Andy Polyakov
9e88c82703 Minor cryptlib.c update: compiler warnings in OPENSSL_showfatal and
OPENSSL_stderr stub.
2005-04-13 06:55:42 +00:00
Andy Polyakov
9f2027e56d Implement OPENSSL_showfatal and make it Win32 GUI and service aware
[meaning that it will detect in which context application is running
and either write message to stderr, post a dialog or log an event].
2005-04-07 18:39:45 +00:00
Andy Polyakov
e1d51de41f Harmonize cygwin/mingw and VC targets. 2005-04-07 15:51:55 +00:00
Andy Polyakov
959f9b1158 linux-x86_64 didn't link after EM64T RC4 tune-up... 2004-11-23 09:06:12 +00:00
Andy Polyakov
2b247cf81f OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a
symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter
is the only one to be exported to application.
2004-08-29 16:36:05 +00:00
Andy Polyakov
c77094415f Cygwin fix-up for shared build. 2004-08-01 21:24:34 +00:00
Andy Polyakov
00555c2f2f DLLEntryPoint is a collective name, not what linker looks for. However,
if we explicitly intruct the linker to set entry point, then we become
obliged to initialize run-time library. Instead we can pick name run-time
will call and such name is DllMain. Note that this applies to both
"native" Win32 environment and Cygwin:-)
2004-08-01 14:27:43 +00:00
Andy Polyakov
ebaec63e3e This is so to say "damage control" for jumbo "cpuid" patch, see
http://cvs.openssl.org/chngview?cn=12493. Now all platform should
be operational, while SSE2 code pathes get engaged on ELF platforms
only.
2004-07-26 22:01:50 +00:00
Andy Polyakov
14e21f863a Add framework for yet another assembler module dubbed "cpuid." Idea
is to have a placeholder to small routines, which can be written only
in assembler. In IA-32 case this includes processor capability
identification and access to Time-Stamp Counter. As discussed earlier
OPENSSL_ia32cap is introduced to control recently added SSE2 code
pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the
code is operational on ELF platforms only. I haven't checked it yet,
but I have all reasons to believe that Windows build should fail to
link too. I'll be looking into it shortly...
2004-07-26 20:18:55 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Richard Levitte
c40b9bdefb Setting the ex_data index is unsafe in a threaded environment, so
let's wrap it with a lock.
2003-10-06 09:09:44 +00:00
Richard Levitte
9236b5b013 Define a STORE lock (the STORE type will be committed later). 2003-05-01 03:46:10 +00:00
Bodo Möller
abd22c9c46 new lock for EC_PRE_COMP structures
Submitted by: Nils Larsch
2003-02-12 22:01:12 +00:00
Richard Levitte
b9b6e14b4a In CRYPTO_lock(), check that the application cares about locking (provided
callbacks) before attempting to lock.
2002-12-11 08:56:35 +00:00
Richard Levitte
442d42300b sk_*_push() returns the number of items on the stack, not the index of the
pushed item.  The index is the number of items - 1.  And if a NULL item was
found, actually use it.
Finally, provide a little bit of safety in CRYPTO_lock() by asserting the a
requested dynamic lock really must exist, instead of just being silent about it
2002-12-11 08:33:31 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
e5f4d8279d Off-by-one-error corrected.
PR: 235
2002-11-04 11:30:47 +00:00
Bodo Möller
19b8d06a79 clean up new code for NIST primes
create new lock CRYPTO_LOCK_BN to avoid race condition
2002-10-28 14:02:19 +00:00
Bodo Möller
e78f137899 really fix race condition
PR: 262
2002-09-23 14:25:07 +00:00
Bodo Möller
e172d60ddb Add ECDH support.
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Bodo Möller
5574e0ed41 get rid of OpenSSLDie 2002-08-02 11:48:15 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Bodo Möller
4f85a2e21e new locks 2002-02-13 17:25:27 +00:00
Geoff Thorpe
bcbe4e5254 This looks to have been a typo. 2001-11-24 04:02:42 +00:00
Bodo Möller
883b0c2274 fix submitted by Andy Schneider <andy.schneider@bjss.co.uk>
(in main branch, hn_ncipher.c is already correct)
2001-11-23 20:58:40 +00:00
Bodo Möller
78f7923580 Totally get rid of CRYPTO_LOCK_ERR_HASH.
In err.c, flags int_error_hash_set and int_thread_hash_set
appear superfluous since we can just as well initialize
int_error_hash and int_thread_hash to NULL.

Change some of the err.c formatting to conform with the rest of
OpenSSL.
2001-09-06 12:37:36 +00:00
Geoff Thorpe
3a0799977b First step in fixing "ex_data" support. Warning: big commit log ...
Currently, this change merely addresses where ex_data indexes are stored
and managed, and thus fixes the thread-safety issues that existed at that
level. "Class" code (eg. RSA, DSA, etc) no longer store their own STACKS
and per-class index counters - all such data is stored inside ex_data.c. So
rather than passing both STACK+counter to index-management ex_data
functions, a 'class_index' is instead passed to indicate the class (eg.
CRYPTO_EX_INDEX_RSA). New classes can be dynamically registered on-the-fly
and this is also thread-safe inside ex_data.c (though whether the caller
manages the return value in a thread-safe way is not addressed).

This does not change the "get/set" functions on individual "ex_data"
structures, and so thread-safety at that level isn't (yet) assured.
Likewise, the method of getting and storing per-class indexes has not
changed, so locking may still be required at the "caller" end but is
nonetheless thread-safe inside "ex_data"'s internal implementation.
Typically this occurs when code implements a new method of some kind and
stores its own per-class index in a global variable without locking the
setting and usage of that variable. If the code in question is likely to be
used in multiple threads, locking the setting and use of that index is
still up to the code in question. Possible fixes to this are being
sketched, but definitely require more major changes to the API itself than
this change undertakes.

The underlying implementation in ex_data.c has also been modularised so
that alternative "ex_data" implementations (that control all access to
state) can be plugged in. Eg. a loaded module can have its implementation
set to that of the application loaded it - the result being that
thread-safety and consistency of "ex_data" classes and indexes can be
maintained in the same place rather than the loaded module using its own
copy of ex_data support code and state.

Due to the centralisation of "state" with this change, cleanup of all
"ex_data" state can now be performed properly. Previously all allocation of
ex_data state was guaranteed to leak - and MemCheck_off() had been used to
avoid it flagging up the memory debugging. A new function has been added to
perfrom all this cleanup, CRYPTO_cleanup_all_ex_data(). The "openssl"
command(s) have been changed to use this cleanup, as have the relevant test
programs. External application code may want to do so too - failure to
cleanup will not induce more memory leaking than was the case before, but
the memory debugging is not tricked into hiding it any more so it may
"appear" where it previously did not.
2001-09-01 19:56:46 +00:00
Bodo Möller
daba492c3a md_rand.c thread safety 2001-07-25 17:17:24 +00:00
Dr. Stephen Henson
3cc1f498a1 Don't set pointer if add_lock_callback used. 2001-06-19 00:04:57 +00:00
Richard Levitte
a87f50fb5a Stop mishandling the type number in dynlock locking 2001-06-01 15:21:01 +00:00
Richard Levitte
80340f1fe9 Don't decrement the reference counter twice when destroying dynamic
links.
2001-05-31 22:25:30 +00:00
Richard Levitte
a63d5eaab2 Add a general user interface API. This is designed to replace things
like des_read_password and friends (backward compatibility functions
using this new API are provided).  The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.
2001-05-06 23:19:37 +00:00