| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4875)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3825)
|
|
A temporary buffer containing g^xy was not cleared in ecdh_compute_key()
before freeing it, so the shared secret was leaked in memory.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in. This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.
This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88)
Conflicts:
Makefile.org
apps/Makefile
test/Makefile
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)
Conflicts:
crypto/x509v3/pcy_tree.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
(cherry picked from commit f6983769c1bcd6c3c6b6bbfbbc41848f6dccf127)
|
|
(cherry picked from commit 8ba2d4ed7f128e400693562efd35985068c45e4d)
|
|
(cherry picked from commit a3a2e3a43d13d8486c5e100e1bef7fec8e61b27b)
|
|
Don't need to use temporary buffer if remaining length equals digest length.
(cherry picked from commit 3f6b6f0b8cbd7173b6c007b07caa6ec34cda08c5)
|
|
Add X9.62 KDF to EC EVP_PKEY_METHOD.
(cherry picked from commit 25af7a5dbc05c7359d1d7f472d50d65a9d876b7e)
|
|
Submitted by: Adam Langley
|
|
|
|
can switch between modes.
|
|
|
|
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
|
|
New option to disable characteristic two fields in EC code.
Make no-ec2m work on Win32 build.
|
|
|
|
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
|
|
version some time soon.
|
|
|
|
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
|
|
|
|
|
|
|
|
PR: 1247
Submitted by: Doug Kaufman
|
|
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
|
|
|
|
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
|
|
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
|
|
|
|
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
|
|
during "make errors" and thus during "make update".
Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
|
|
for ecdh)
|
|
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
|
|
argument more flexible
|
|
|
|
|
|
|
|
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
|
|
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
|
|
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
|
|
tree. This further reduces header interdependencies, and makes some
associated cleanups.
|
|
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
|
|
|
|
|
|
|
|
|
