The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).
Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.
This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.
RT#4076
Reviewed-by: Richard Levitte <levitte@openssl.org>
BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
overwrites everything else.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
The function ssl_check_for_safari fingerprints the incoming extensions
to see whether it is one of the broken versions of safari. However it was
failing to reset the PACKET back to the same position it started in, hence
causing some extensions to be skipped incorrectly.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-Allow mingw debug builds to fail on Travis CI
-Fix Travis email notifications config
-Rename a variable to avoid a bogus warning with old GCC
error: declaration of ``dup'' shadows a global declaration [-Werror=shadow]
-Disable pedantic ms-format warnings with mingw
-Properly define const DH parameters
-Restore --debug flag in Travis CI builds; -d would get incorrectly passed
to ./Configure in mingw debug builds.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
This change introduces short names and NIDs for Russian GOST ciphers
according to GOST R 34.13-2015
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
The user callback takes a non-const pointer, so don't pass PACKET data
to it directly; rather, grab a local copy.
Reviewed-by: Matt Caswell <matt@openssl.org>
Move all packet parsing to the beginning of the method. This limits the
SSLv2 compatibility soup to the parsing, and makes the rest of the
processing uniform.
This is also needed for simpler EMS support: EMS servers need to do an
early scan for EMS to make resumption decisions. This'll be easier when
the entire ClientHello is parsed in the beginning.
As a side effect,
1) PACKETize ssl_get_prev_session and tls1_process_ticket; and
2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.
Reviewed-by: Matt Caswell <matt@openssl.org>
Some makedepend mechanisms remove all directory information in the
target, so a dependency can looks like this:
ssl3_record.o: record/ssl3_record.c
However, that doesn't quite suit us, our Makefile has us build
record/ssl3_record.o rather than ssl3_record.o.
To clear this up, a change to util/clean-depend.pl takes care of this
case by looking up the original file in the dependencies and restoring
the directory information from it.
Reviewed-by: Ben Laurie <ben@openssl.org>
Even though SOCKET is effectively declared as (void *) on Windows, it's
not actually a pointer, but an index within per-process table of
kernel objects. The table size is actually limited and its upper limit
is far below upper limit for signed 32-bit integer. This is what makes
cast in question possible.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
When a decoding error in ASN.1 occurs only free up the partial structure
at the top level. This simplifies embedded handling and fixes freeing
up of structures when presented with malformed input.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Any time you configure with enable-deprecated, make depend would
scream bloody murder. This change has it quiet down a bit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.
Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Looks like someone forgot to do a "make update" since crypto/ts/Makefile
keeps changing. So include that.
Second is that the declare_dh_bn macro fools the libeay.num script.
The declarations are only needed in one file (dh_rfc5114) so remove
them from the header and put the "raw" declarations directly into that
file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Occaisionally we have had problems where there are duplicated ordinals in
libeay.num or ssleay.num. This adds a test for this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Add additional NID references in the CMS/SMIME capabilities code to cater
for GOST12.
Patch supplied by Dmitry Belyavsky <beldmit@gmail.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>
+Replace FILE BIO's with dummy ops that fail.
+Include <stdio.h> for sscanf() even with no-stdio (since the declaration
is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
variable, since it can be larger than a 'long'. And we don't rely on the
availability of strtoull().
+Remove OPENSSL_stderr(); not used.
+Make OPENSSL_showfatal() do nothing (currently without stdio there's
nothing we can do).
+Remove file-based functionality from ssl/. The function
prototypes were already gone, but not the functions themselves.
+Remove unviable conf functionality via SYS_UEFI
+Add fallback definition of BUFSIZ.
+Remove functions taking FILE * from header files.
+Add missing DECLARE_PEM_write_fp_const
+Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
so remove its prototype.
+Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
+Eliminate SRP_VBASE_init() and supporting functions. Users will need to
build the verifier manually instead.
+Eliminate compiler warning for unused do_pk8pkey_fp().
+Disable TEST_ENG_OPENSSL_PKEY.
+Disable GOST engine as is uses [f]printf all over the place.
+Eliminate compiler warning for unused send_fp_chars().
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
On Windows OPENSSL_EXPORT_VAR_AS_FUNCTION is defined and in a sense
this modification simply harmonizes it with "VAR_AS_VAR".
Reviewed-by: Rich Salz <rsalz@openssl.org>