Commit graph

12944 commits

Author SHA1 Message Date
Dr. Stephen Henson
15b5d6585d typo
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-02-22 14:43:09 +00:00
Edgar Pek
bcfa19a8d1 Fix null-pointer dereference
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-22 13:20:10 +01:00
Kurt Roeckx
edac5dc220 Fix memory leak
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22 13:18:24 +01:00
Doug Hogan
1549a26520 Avoid a double-free in an error path.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22 13:17:40 +01:00
Richard Levitte
ba4bdee718 Restore -DTERMIO/-DTERMIOS on Windows platforms.
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically.  Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration.  The answer is to restore those macro definitions for
the affected configuration targets.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-22 08:27:36 +01:00
Richard Levitte
64e6bf64b3 Assume TERMIOS is default, remove TERMIO on all Linux.
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux.  For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.

crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-21 23:51:05 +01:00
Dr. Stephen Henson
146ca72cca Add additional EC documentation.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-21 00:45:06 +00:00
Dr. Stephen Henson
86f300d385 Use named curve parameter encoding by default.
Many applications require named curve parameter encoding instead of explicit
parameter encoding (including the TLS library in OpenSSL itself). Set this
encoding by default instead of requiring an explicit call to set it.

Add OPENSSL_EC_EXPLICT_CURVE define.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-19 14:44:46 +00:00
Dr. Stephen Henson
f37879d077 More RSA tests.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-14 18:44:49 +00:00
Dr. Stephen Henson
f9e3146392 remove unused method declaration
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 14:00:21 +00:00
Dr. Stephen Henson
e5bf3c923c size_t for buffer functions.
Change BUF_MEM_grow and BUF_MEM_grow_clean to return size_t.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:50:36 +00:00
Dr. Stephen Henson
d5ec8efc70 Add leak detection, fix leaks.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
b9d4e97c87 Add EVP_PKEY test data.
Add some EVP_PKEY test data for sign and verify tests including
failure cases.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
5824cc2981 EVP_PKEY support for evp_test
Add two new keywords "PublicKey" and "PrivateKey". These will load a key
in PEM format from the lines immediately following the keyword and assign
it a name according to the value. These will be used later for public and
private key testing operations.

Add tests for Sign, Verify, VerifyRecover and Decrypt.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
16cb8eb013 Add CMAC test data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
b8c792dc43 Add HMAC test data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
83251f397b MAC support for evp_test
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
eff1a4d24f New macro to set mac key.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
6906a7c1a3 Return error code is any tests fail.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Richard Levitte
774ccae63c Transfer a fix from 1.0.1
manually picked from e7b85bc402
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-02-13 13:39:05 +01:00
Rich Salz
c81f425eaa RT937: Enable pilotAttributeType uniqueIdentifier
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12 14:38:31 -05:00
Andy Polyakov
2b8f33a574 evp/evp.h: add missing camellia-ctr declarations.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-12 19:26:37 +01:00
Graeme Perrow
b0333e697c RT3670: Check return from BUF_MEM_grow_clean
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12 13:00:42 -05:00
Clang via Jeffrey Walton
5006c32253 RT3684: rand_egd needs stddef.h
And remove backup definition of offsetof.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12 12:50:09 -05:00
Eric Dequin
1d2932de4c Missing OPENSSL_free on error path.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12 11:14:57 -05:00
Andy Polyakov
7b4a4b71b5 Engage ecp_nistz256-armv4 module.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-11 20:36:55 +01:00
Andy Polyakov
7a6c9a2e96 Add ec/asm/ecp_nistz256-armv4.pl module.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-11 20:34:18 +01:00
Andy Polyakov
dda8199922 Add Camellia CTR mode.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-11 20:30:13 +01:00
Andy Polyakov
c79e17731f Add more Camellia OIDs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-11 20:28:47 +01:00
Matt Caswell
b7c9187b32 Add SSL_SESSION_get0_ticket API function.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 22:54:27 +00:00
Matt Caswell
ea6bd26454 Correct reading back of tlsext_tick_lifetime_hint from ASN1.
When writing out the hint, if the hint > 0, then we write it out otherwise
we skip it.

Previously when reading the hint back in, if were expecting to see one
(because the ticket length > 0), but it wasn't present then we set the hint
to -1, otherwise we set it to 0. This fails to set the hint to the same as
when it was written out.

The hint should never be negative because the RFC states the hint is
unsigned. It is valid for a server to set the hint to 0 (this means the
lifetime is unspecified according to the RFC). If the server set it to 0, it
should still be 0 when we read it back in.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 22:54:18 +00:00
Matt Caswell
f2baac27d5 Provide the API functions SSL_SESSION_has_ticket and
SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as
required to fix Qt for OpenSSL 1.1.0. I have also added the former in order
to determine whether a ticket is present or not - otherwise it is difficult
to know whether a zero lifetime hint is because the server set it to 0, or
because there is no ticket.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 22:54:09 +00:00
Matt Caswell
75ea3632bd Make tlsext_tick_lifetime_hint an unsigned long (from signed long).
From RFC4507:
"The ticket_lifetime_hint field contains a hint from the server about how
long the ticket should be stored.  The value indicates the lifetime in
seconds as a 32-bit unsigned integer in network byte order."

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 22:53:24 +00:00
Andy Polyakov
5afc296aa6 ec/ecp_nistz256.c: fix compiler warnings.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 22:04:28 +01:00
Andy Polyakov
ea5f8411cd Configure: disable warning C4090 in Windows builds.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 22:02:54 +01:00
Andy Polyakov
5029291722 ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build).
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 21:52:25 +01:00
Dr. Stephen Henson
b033e5d5ab New evp_test updates.
Print usage message.

Print expected and got values if mismatch.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-10 16:18:05 +00:00
Dr. Stephen Henson
7303b472f1 Add new test file.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-10 16:18:05 +00:00
Dr. Stephen Henson
307e3978b9 Initial version of new evp_test program.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-10 16:18:05 +00:00
Emilia Kasper
0923e7df9e Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-10 15:35:20 +01:00
Matt Caswell
efb4597345 Remove some functions that are no longer used and break the build with:
./config --strict-warnings enable-deprecated

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 14:33:03 +00:00
Matt Caswell
00a5a74bbc HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and source.
Mark them as such with OPENSSL_USE_DEPRECATED

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 14:32:56 +00:00
Matt Caswell
a8b4e057b3 Remove -DOPENSSL_NO_DEPRECATED from --strict-warnings flags.
In master OPENSSL_NO_DEPRECATED is the default anyway. By including it in
--strict-warnings as well this means you cannot combine enable-deprecated
with --strict-warnings.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 14:32:29 +00:00
Andy Polyakov
79ee5afa26 Engage ecp_nistz256-x86 module.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-09 23:21:11 +01:00
Andy Polyakov
aa9db2d292 Add ec/asm/ecp_nistz256-x86.pl module.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-09 23:19:16 +01:00
Dr. Stephen Henson
d6c5462ef8 Support for alternative KDFs.
Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-09 16:14:04 +00:00
Andy Polyakov
849037169d Bring objects.pl output even closer to new format.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-09 15:59:09 +01:00
Andy Polyakov
c2cfc956e5 bn/bn_add.c: fix dead code elimination that went bad.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-09 15:54:58 +01:00
Dr. Stephen Henson
9c7a780bbe Fix memory leak reporting.
Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 12:53:36 +00:00
Dr. Stephen Henson
259c360d0b Remove obsolete IMPLEMENT_ASN1_SET_OF
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-09 12:47:28 +00:00