| Age | Commit message (Collapse) | Author |
|---|
|
and engage it in most modules.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
RT#4162
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary
compatibility after RSA_METHOD was extended to include rsa_sign and
rsa_verify fields. It is no longer needed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This is an option for builds with gcc and --strict-warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Main goal was to improve performance on RISC platforms, e.g. 10%
was measured on MIPS, POWER8...
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
and CRYPTO_ocb128_encrypt to handle in==out.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Rename it to be an internal function bn_init.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Now that X509_VERIFY_PARAM is opaque X509_VERIFY_PARAM_ID is no longer
needed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
The SRP_create_verifier_BN function goes to the |err| label if the |salt|
value passed to it is NULL. It is then deref'd.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The function rsa_ossl_mod_exp uses the function BN_with_flags to create a
temporary copy (local_r1) of a BIGNUM (r1) with modified flags. This
temporary copy shares some state with the original r1. If the state of r1
gets updated then local_r1's state will be stale. This was occurring in the
function so that when local_r1 was freed a call to bn_check_top was made
which failed an assert due to the stale state. To resolve this we must free
local_r1 immediately after we have finished using it and not wait until the
end of the function.
This problem prompted a review of all BN_with_flag usage within the
codebase. All other usage appears to be correct, although often not
obviously so. This commit refactors things to make it much clearer for
these other uses.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Follow-up to 070c233.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #454
|
|
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #466
|
|
Add SSLv3 ctrl to EVP_sha1() this is only needed if SSLv3 client
authentication is used with DSA/ECDSA.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Add a ctrl to EVP_md5_sha1() to handle the additional operations needed
to handle SSL v3 client authentication and finished message.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Add digest combining MD5 and SHA1. This is used by RSA signatures for
TLS 1.1 and earlier.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
And a scalar !x --> x==0 test
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
RT#4142
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
RT #4144
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
In the async code for MacOS/X define _XOPEN_SOURCE (if not already
defined) as early as possible. We must do this before including
any header files, because on MacOS/X <stlib.h> includes <signal.h>
which includes <ucontext.h>. If we delay defining _XOPEN_SOURCE
and include <ucontext.h> after various system headers are included,
we are very likely to end up with the wrong (truncated) definition
of ucontext_t.
Also, better error handling and some code cleanup in POSIX fibre
construction and destruction. We make sure that async_fibre_makecontext()
always initializes the fibre to a state that can be freed.
For all implementations, check for error returns from
async_fibre_makecontext().
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Strict ISO confirming C compilers only define __sun
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
RT #4144, MR #1353
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Implements Thread Local Storage in the windows async port. This also has
some knock on effects to the posix and null implementations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
In theory the pthreads approach for Thread Local Storage should be more
portable.
This also changes some APIs in order to accommodate this change. In
particular ASYNC_init_pool is renamed ASYNC_init_thread and
ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init
and ASYNC_cleanup.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
A lot of the pool handling code was in the arch specific files, but was
actually boiler plate and the same across the implementations. This commit
moves as much code as possible out of the arch specific files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
We were using _pipe to create a pipe on windows. This uses the "int" type
for its file descriptor for compatibility. However most windows functions
expect to use a "HANDLE". Probably we could get away with just casting but
it seems more robust to use the proper type and main stream windows
functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
There were a number of places where the async code did not conform to the
OpenSSL coding style.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The rand code can aquire locks and then attempt crypto operations. This
can end up in a deadlock if we are using an async engine, because control
returns back to the user code whilst still holding the lock. We need to
force synchronous operation for these sections of code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
There are potential deadlock situations that can occur if code executing
within the context of a job aquires a lock, and then pauses the job. This
adds an ability to temporarily block pauses from occuring whilst performing
work and holding a lock.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Even with _XOPEN_SOURCE defined OS-X still displays warnings that
makecontext and friends are deprecated. This isn't a problem until you
try and build with --strict-warnings, and the build fails. This change
suppresses the warnings. We know they are deprecated but there is no
alternative!
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
async_fibre_makecontext was initialise the fibre first and then calling
getcontext(). It should be the other way around because the getcontext
call may overwrite some of the things we just initialised. This didn't
cause an issue on Linux and so the problem went unnoticed. On OS-X it
causes a crash.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
OS-X complains if we don't have _XOPEN_SOURCE defined.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Make clang build without errors in the async code
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
_longjmp/_setjmp do not manipulate the signal mask whilst
longjmp/setjmp may do. Online sources suggest this could result
in a significant speed up in the context switching.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
If config'd without -d (--debug), asynctest was crashing with:
*** longjmp causes uninitialized stack frame ***
This is because gcc will add certain checks for some functions
(including longjmp). The checks assume you can only longjmp down the
stack not up. However, if we are actually jumping to a different
fibre then it can appear as if we are going up the stack when we are
not really. This change disables the check.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Add some clarifications to the async documentation. Also changed
ASYNC_pause_job() so that it returns success if you are not within the
context of a job. This is so that engines can be used either asynchronously
or synchronously and can treat an error from ASYNC_pause_job() as a real
error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Add ASYNCerr support to give some meaningful error message in the event of
a failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
