Commit graph

14168 commits

Author SHA1 Message Date
Matt Caswell
dffe51091f Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify
The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).

Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.

This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.

RT#4076

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-08 13:50:41 +01:00
Richard Levitte
5850cc75ea When ENGINE_add finds that id or name is missing, actually return
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-08 11:53:07 +02:00
Pascal Cuoq
8314146ac5 Don't check pointer we just freed, always set it to NULL.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
2015-10-07 18:54:13 +02:00
Pascal Cuoq
c804d23d73 Move BN_CTX_start() call so the error case can always call BN_CTX_end().
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
2015-10-07 18:54:13 +02:00
Pascal Cuoq
99c2033375 Move BN_CTX_start() call so the error case can always call BN_CTX_end().
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
2015-10-07 18:54:13 +02:00
Pascal Cuoq
d6e92c0bd6 Properly check return type of DH_compute_key()
It returns -1 on error, not 0.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
2015-10-07 18:54:12 +02:00
Pascal Cuoq
f92768e6f5 Set flags to 0 before calling BN_with_flags()
BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
overwrites everything else.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
2015-10-07 18:54:12 +02:00
Matt Caswell
68a1662851 Don't advance PACKET in ssl_check_for_safari
The function ssl_check_for_safari fingerprints the incoming extensions
to see whether it is one of the broken versions of safari. However it was
failing to reset the PACKET back to the same position it started in, hence
causing some extensions to be skipped incorrectly.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-10-07 16:17:52 +01:00
Alessandro Ghedini
2d28462373 Fix travis builds on master
-Allow mingw debug builds to fail on Travis CI
-Fix Travis email notifications config
-Rename a variable to avoid a bogus warning with old GCC
 error: declaration of ``dup'' shadows a global declaration [-Werror=shadow]
-Disable pedantic ms-format warnings with mingw
-Properly define const DH parameters
-Restore --debug flag in Travis CI builds; -d would get incorrectly passed
 to ./Configure in mingw debug builds.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-06 12:30:47 -04:00
Emilia Kasper
20218b58b5 SSLv2 compat ciphers: clarify comment
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-06 18:03:51 +02:00
Dr. Stephen Henson
e58c4d3cdd Don't try and parse boolean type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-06 15:14:55 +01:00
Andy Polyakov
f4bd5de544 Address more Windows warnings illuminated by mingw.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-06 09:44:27 +02:00
Dmitry Belyavskiy
52ee3ed3a1 New cipher and cipher modes standardized in Russia
This change introduces short names and NIDs for Russian GOST ciphers
according to GOST R 34.13-2015

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05 21:55:10 +01:00
Alessandro Ghedini
52a48f9eed Validate ClientHello extension field length
RT#4069

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05 19:43:00 +01:00
Emilia Kasper
67202973cf Add PACKET_copy_all
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05 19:03:52 +02:00
Emilia Kasper
bf0fc41266 ssl_sess.c: grab a copy of the session ID
The user callback takes a non-const pointer, so don't pass PACKET data
to it directly; rather, grab a local copy.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05 19:03:52 +02:00
Emilia Kasper
38a3cbfbf7 PACKETize and clean up ssl_bytes_to_cipher_list.
Fix alerts.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05 19:03:52 +02:00
Emilia Kasper
b3e2272c59 ssl3_get_client_hello: rearrange logic
Move all packet parsing to the beginning of the method. This limits the
SSLv2 compatibility soup to the parsing, and makes the rest of the
processing uniform.

This is also needed for simpler EMS support: EMS servers need to do an
early scan for EMS to make resumption decisions. This'll be easier when
the entire ClientHello is parsed in the beginning.

As a side effect,
1) PACKETize ssl_get_prev_session and tls1_process_ticket; and
2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05 19:03:52 +02:00
Richard Levitte
2ff00bdbc4 make depend
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-10-05 11:08:18 +02:00
Richard Levitte
46f4d2bef6 Fix make depend for things being built in subdirectories
Some makedepend mechanisms remove all directory information in the
target, so a dependency can looks like this:

ssl3_record.o: record/ssl3_record.c

However, that doesn't quite suit us, our Makefile has us build
record/ssl3_record.o rather than ssl3_record.o.

To clear this up, a change to util/clean-depend.pl takes care of this
case by looking up the original file in the dependencies and restoring
the directory information from it.

Reviewed-by: Ben Laurie <ben@openssl.org>
2015-10-05 11:08:18 +02:00
Andy Polyakov
5f0580ccf1 Harmonize pointer printing and size_t-fy casts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-05 09:26:19 +02:00
Andy Polyakov
21ff9ac815 bio/bss_log.c: harmonize format string to silence -Wformat.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-05 09:25:54 +02:00
Andy Polyakov
45f1351821 Address Windows warnings in apps/.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-05 09:25:06 +02:00
Andy Polyakov
b13fdc4860 Explicitly cast INVALID_SOCKET to (int) to address warnings on Windows.
Even though SOCKET is effectively declared as (void *) on Windows, it's
not actually a pointer, but an index within per-process table of
kernel objects. The table size is actually limited and its upper limit
is far below upper limit for signed 32-bit integer. This is what makes
cast in question possible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-05 09:22:54 +02:00
Dr. Stephen Henson
f93ad22f6a Free up ASN.1 structures at top level only.
When a decoding error in ASN.1 occurs only free up the partial structure
at the top level. This simplifies embedded handling and fixes freeing
up of structures when presented with malformed input.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-05 03:31:41 +01:00
Kurt Roeckx
605236f6a8 Fix more d2i cases to properly update the input pointer
Thanks to David Benjamin <davidben@google.com> for pointing them out.

Reviewed-by: Steve Henson <steve@openssl.org>
MR #1198
2015-10-03 13:22:52 +02:00
Rich Salz
9982cbbbf6 Remove BIO_s_file_internal macro.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-02 14:22:05 -04:00
Matt Caswell
57e4e926da Revert "Custom cipher constants"
This reverts commit 3aabc1dd1c.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-10-01 13:51:31 +01:00
Dmitry Belyavskiy
3aabc1dd1c Custom cipher constants
Add some custom ctrls for Engine specific use.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-01 10:09:11 +01:00
Richard Levitte
721c2ac0f4 Remove the hard coded -DOPENSSL_NO_DEPRECATED from DEPFLAG
Any time you configure with enable-deprecated, make depend would
scream bloody murder.  This change has it quiet down a bit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-30 20:22:23 +02:00
Matt Caswell
c84f7f4a74 Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.

Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-30 19:15:06 +01:00
Andy Polyakov
8eed3289b2 bn/asm/armv4-mont.pl: boost NEON performance.
Close difference gap on Cortex-A9, which resulted in further improvement
even on other processors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-30 17:48:30 +02:00
Rich Salz
75f648aa06 Make update / libeay.num fix
Looks like someone forgot to do a "make update" since crypto/ts/Makefile
keeps changing.  So include that.

Second is that the declare_dh_bn macro fools the libeay.num script.
The declarations are only needed in one file (dh_rfc5114) so remove
them from the header and put the "raw" declarations directly into that
file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-30 11:15:14 -04:00
Matt Caswell
dd35486db6 Fix libeay.num
Removed duplicated ordinals from libeay.num

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-30 15:36:41 +01:00
Matt Caswell
5530d5187c Add a test for duplicated ordinals
Occaisionally we have had problems where there are duplicated ordinals in
libeay.num or ssleay.num. This adds a test for this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-30 15:36:41 +01:00
Ben Laurie
19948ceab7 Display brief help if no options for list.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-30 13:55:56 +01:00
Matt Caswell
c58f3e4293 Add GOST12 cms/smime capabilities
Add additional NID references in the CMS/SMIME capabilities code to cater
for GOST12.

Patch supplied by Dmitry Belyavsky <beldmit@gmail.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-30 11:39:24 +01:00
David Woodhouse
984d6c6052 Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>

   +Replace FILE BIO's with dummy ops that fail.
   +Include <stdio.h> for sscanf() even with no-stdio (since the declaration
    is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
    variable, since it can be larger than a 'long'. And we don't rely on the
    availability of strtoull().
   +Remove OPENSSL_stderr(); not used.
   +Make OPENSSL_showfatal() do nothing (currently without stdio there's
    nothing we can do).
   +Remove file-based functionality from ssl/. The function
    prototypes were already gone, but not the functions themselves.
   +Remove unviable conf functionality via SYS_UEFI
   +Add fallback definition of BUFSIZ.
   +Remove functions taking FILE * from header files.
   +Add missing DECLARE_PEM_write_fp_const
   +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
    so remove its prototype.
   +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
   +Eliminate SRP_VBASE_init() and supporting functions. Users will need to
    build the verifier manually instead.
   +Eliminate compiler warning for unused do_pk8pkey_fp().
   +Disable TEST_ENG_OPENSSL_PKEY.
   +Disable GOST engine as is uses [f]printf all over the place.
   +Eliminate compiler warning for unused send_fp_chars().

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-29 21:59:19 -04:00
Andy Polyakov
57ebe74831 engine/e_capi.c: fix various warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:06:06 +02:00
Andy Polyakov
db40a14ecb Fix -Wshadow warnings in mingw builds.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:05:55 +02:00
Andy Polyakov
156561b0ad Fix pedantic warnings in mingw builds.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:05:40 +02:00
Andy Polyakov
16a9542a17 Fix prototypes in e_ossttest.c.
Problem was exposed in mingw64 build, or in other words on P64 platform.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:05:29 +02:00
Andy Polyakov
03cbd3b8fa asn1t.h: silence -Wmissing-prototype in Windows builds.
On Windows OPENSSL_EXPORT_VAR_AS_FUNCTION is defined and in a sense
this modification simply harmonizes it with "VAR_AS_VAR".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:05:13 +02:00
Andy Polyakov
8be7438f16 Rationalize .gitignore and harmonize pair of Makefiles.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:02:35 +02:00
Nicholas Cooper
ef85320622 RT3948: Some structs have confusing names.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-28 22:07:29 -04:00
Alessandro Ghedini
fecd04e910 Print debug info for extended master secret extension
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-28 13:37:44 -04:00
Michal Bozon
5573ee3669 RT4053: Typo in error message
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-28 13:36:46 -04:00
Rich Salz
85a7007c38 Remove obsolete b64 demo's
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-28 11:48:05 -04:00
Emilia Kasper
fc5ce51d17 PACKET: simplify ServerHello parsing
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-28 16:22:21 +02:00
Emilia Kasper
cf7f85927c Empty NewSessionTicket: test session resumption
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-28 16:00:58 +02:00