Commit graph

16893 commits

Author SHA1 Message Date
Rich Salz
0f91e1dff4 Fix some RAND bugs
RT2630 -- segfault for int overlow
RT2877 -- check return values in apps/rand
Update CHANGES file for previous "windows rand" changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 10:45:18 -04:00
Matt Caswell
f83b85fb0f Ensure an ASN1_OBJECT is freed in error paths
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 14:58:46 +01:00
Matt Caswell
7b0ee1353d Free allocated password strings on exit
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 14:58:46 +01:00
Matt Caswell
a3768e0c9b Free a BIO_ADDR if DTLSv1_listen return <=0
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 14:51:36 +01:00
Matt Caswell
5bf7c7725b Ensure BIGNUM is freed in an error path
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 14:51:36 +01:00
Matt Caswell
fe2b7dfdf4 Free an X509_CRL in an error path
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 14:51:36 +01:00
Matt Caswell
0461b7ea7b Don't leak X509_OBJECT in an error path
Swap the ordering of some code to avoid a leak in an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 14:51:36 +01:00
Rich Salz
6493e4801e RT4337: Crash in DES
Salt must be two ASCII characters.  Add tests to check for that,
and a test to test the checks.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-01 09:28:53 -04:00
Matt Caswell
1d54ef3408 Fix printing of DH Parameters
The -text argument to dhparam is broken, because the DHparams_print()
function always returns an error. The problem is that always expects a
public or private key to be present, even though that is never the case
with parameters.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 13:19:02 +01:00
Matt Caswell
eeb21772ef Add dhparam sanity check and update DH_check documentation
The -check argument to dhparam should never identify any problems if we
have just generated the parameters. Add a sanity check for this and print
an error and fail if necessary.

Also updates the documentation for the -check argument, and the DH_check()
function.

RT#4244

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 13:19:02 +01:00
FdaSilvaYY
b2b361f6af Raise an Err when CRYPTO_THREAD_lock_new fails
Add missing error raise call, as it is done everywhere else.
and as CRYPTO_THREAD_lock_new don't do it internally.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-01 13:14:49 +01:00
Matt Caswell
57358a83a4 req command incorrectly displays the bits for an EC key
When the "req" command is used to generate a new EC key using the -newkey
option it will incorrectly display:

 Generating a 2048 bit EC private key

This commit fixes the message to not display the bit length for EC keys
because we don't currently support getting that during generation.

GitHub Issue #1068

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 13:09:26 +01:00
Matt Caswell
e51329d381 OpenBSD doesn't have ucontext.h so don't try and include it
On OpenBSD we turn off async capabilities due to no ucontext.h.

RT#4379

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 10:19:25 +01:00
Matt Caswell
befe31cd38 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-31 23:03:54 +01:00
Mat
af9895cb8c Updates from review
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-31 17:39:00 -04:00
Mat
b01e1644d7 Fix: PEM_read_bio_PrivateKey with no-ui / no-stdio
If openssl is compiled with no-ui or no-stdio, then PEM_read_bio_PrivateKey fails if a password but no callback is provided.

The reason is that the premature return in the PEM_def_callback implementation when OPENSSL_NO_STDIO or OPENSSL_NO_UI is defined, comes too early.

This patch moves the ifdef block to the correct place.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-31 17:39:00 -04:00
TJ Saunders
80c630f657 Remove null check, per review feedback. Note this in the docs.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1135)
2016-05-31 17:16:29 -04:00
TJ Saunders
73271290fe Add requested HISTORY section, remove copy/pastos, per review feedback.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1135)
2016-05-31 17:16:29 -04:00
TJ Saunders
bd01f6498c Add an SSL_SESSION accessor for obtaining the protocol version number, with
accompanying documentation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1135)
2016-05-31 17:16:29 -04:00
Rich Salz
6d1e7709c6 RT4539: Add section for renamed ciphers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-31 13:55:20 -04:00
Cristian Stoica
dab1f5fe4b speed.c: fix segfault with unrecognized algorithms
When an unrecognized algorithm is given on command line together with
-async_jobs, speed_main will jump to clean-up and run
ASYNC_cleanup_thread without calling ASYNC_init_thread first.

Example:
openssl speed -async_jobs 4 ras2048

Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1084)
2016-05-31 10:14:45 -04:00
Dr. Stephen Henson
f72f00d495 Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.

If key type is not initialised return missing parameters

RT#4149

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-31 13:06:16 +01:00
Dr. Stephen Henson
cc7113e8de return error in ct_move_scts()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-31 13:02:20 +01:00
Emilia Kasper
a7cbe963c3 Travis: update sanitizer configs
- Use the new enable-ubsan and enable-asan configuration options.
- Separate ubsan and asan runs.
- In addition, run shared ubsan tests to get more coverage.
  (Shared asan tests need a bit more thought to get them working.)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-30 18:47:32 +02:00
Mat
8d95ca36e6 Fix strdup macro redefinition
This fixes the following error when the CRT debug heap (crtdbg.h) is used:
e_os.h(476): warning C4005: 'strdup': macro redefinition
C:\Program Files (x86)\Windows Kits\10\Include\10.0.10586.0\ucrt\crtdbg.h(319): note: see previous definition of 'strdup'
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1137)
2016-05-30 09:51:31 -04:00
Richard Levitte
23049aa52e perl: use the 'if' module to conditionally load File::Glob
Trying to use normal perl conditions to conditionally 'use' a perl
module didn't quite work.  Using the 'if' module to do so does work.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-30 11:55:46 +02:00
Richard Levitte
453fc7a018 Make sure max in fmtstr() doesn't overflow into negativity
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-30 05:41:57 +02:00
Joey Yandle
6378809b22 set RAND_event and RAND_screen to deprecated in 1.1.0 in librypto.num
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
d407fd2c87 fix deprecation version number in docs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
1931a04c66 update docs with descriptions and deprecation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
2ff3b693e7 fix return value in docs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
73241290bc add removed functions back as deprecated
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
ad0f926c9c get rid of now empty #if
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
151a4376bc remove winrand.c entirely, nothing seems to reference it
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
6f0cc2a6f8 cherry pick pr-512 changes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
42af747925 get rid of unnecessary include
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
75dcf70a99 remove RAND_screen and friends
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
888db7f224 cherry pick pr-512 changes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
4447d829de OR flags with CRYPT_SILENT to really make sure no UI pops up
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
1cd02c699f fix endif comment
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
1150999e04 remove all WINCE ifdefs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
eb9b92ec8e - remove insane heap walk and kernel loading code; clean up style and calling conventions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Andy Polyakov
cfe1d9929e x86_64 assembly pack: tolerate spaces in source directory name.
[as it is now quoting $output is not required, but done just in case]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-29 14:12:51 +02:00
Andy Polyakov
9785555616 Configure,test/recipes: "pin" glob to File::Glob::glob.
As it turns out default glob's behaviour for quoted argument varies
from version to version, making it impossible to Configure or run
tests in some cases. The reason for quoting globs was to accommodate
source path with spaces in its name, which was treated by default glob
as multiple paths. File::Glob::glob on the other hand doesn't consider
spaces as delimiters and therefore works with unquoted patterns.

[Unfortunaltely File::Glob::glob, being too csh-ly, doesn't work
on VMS, hence the "pinning" is conditional.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-29 14:12:35 +02:00
FdaSilvaYY
f59f23c383 Add more zalloc
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/997)
2016-05-29 01:36:11 +02:00
FdaSilvaYY
8e89e85f55 Fix some missing inits
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/997)
2016-05-29 01:36:11 +02:00
Andy Polyakov
8640f21093 poly1305/asm/poly1305-mips.pl: adhere to standard frame layout.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-28 22:17:59 +02:00
Andy Polyakov
ff823ee89b SPARC assembly pack: add missing .type directives.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-28 22:14:13 +02:00
Richard Levitte
38e19eb96f Change a call of OPENSSL_strcasecmp to strcasecmp
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-28 02:15:04 +02:00
Richard Levitte
da32e04b5e make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-28 02:15:04 +02:00