Dr. Stephen Henson
67a014bfda
make update
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:48:44 +01:00
Dr. Stephen Henson
59b4da05b4
Constify X509_SIG.
...
Constify X509_SIG_get0() and order arguments to mactch new standard.
Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:48:43 +01:00
FdaSilvaYY
d6073e27eb
Small nits and cleanups
...
using util/openssl-format-source on s_derver, s_client, ca.c, speed.c only...
Fix/merge some #ifndef
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:09:19 +01:00
FdaSilvaYY
cc69629626
Constify char* input parameters in apps code
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:09:19 +01:00
FdaSilvaYY
e7917e38be
Simplify and add help about OPT_PVK* options
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:09:19 +01:00
FdaSilvaYY
cfd451d47f
Improve error message
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:09:19 +01:00
FdaSilvaYY
54463e4f33
Relocalise some globals variables
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:09:19 +01:00
Dr. Stephen Henson
2e5ead831b
Constify ssl_cert_type()
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 15:49:44 +01:00
Dr. Stephen Henson
5ebd2fcbc7
Constify X509_certificate_type()
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 14:59:54 +01:00
Dr. Stephen Henson
8adc1cb851
Constify X509_get0_signature()
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 14:12:55 +01:00
Dr. Stephen Henson
8900f3e398
Convert X509* functions to use const getters
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 13:59:04 +01:00
Matt Caswell
5e6089f0eb
Convert X509_CRL* functions to use const getters
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 13:38:03 +01:00
Matt Caswell
6eabcc839f
Make X509_NAME_get0_der() conform to OpenSSL style
...
Put the main object first in the params list.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 13:03:04 +01:00
Dr. Stephen Henson
a0754084f8
Corrupt signature in place.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:34:22 +01:00
Matt Caswell
79613ea844
Convert OCSP* functions to use const getters
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 12:29:03 +01:00
Dr. Stephen Henson
245c6bc33b
Constify private key decode.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
ac4e257747
constify X509_ALGOR_get0()
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
0c8006480f
Constify ASN1_item_unpack().
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Remi Gacogne
fddfc0afc8
Add missing session id and tlsext_status accessors
...
* SSL_SESSION_set1_id()
* SSL_SESSION_get0_id_context()
* SSL_CTX_get_tlsext_status_cb()
* SSL_CTX_get_tlsext_status_arg()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 10:38:20 +01:00
Richard Levitte
46117d31fe
dasync is an internal testing engine, so don't install it
...
Unfortunately, it means that the VMS IVP gets a bit crippled. This
will be fixed later on.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 10:50:31 +02:00
Richard Levitte
2238119751
VMS: no ENDIF on one line IF statements, in config.com
...
Correct small error from last config.com change
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 10:48:43 +02:00
Matt Caswell
48593cb12a
Convert SSL_SESSION* functions to use const getters
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:28 +01:00
Matt Caswell
b2e57e094d
Convert PKCS8* functions to use const getters
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:27 +01:00
Matt Caswell
bb2f62baba
Convert TS_STATUS_INFO* functions to use const getters
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:27 +01:00
FdaSilvaYY
69b86d4b98
two typo fixes
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1461 )
2016-08-16 15:51:58 -04:00
Gergely Nagy
1bb7310bf8
Fix compilation when using MASM on x86
...
The generated asm code from x86cpuid.pl contains CMOVE instructions
which are only available on i686 and later CPUs.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1459 )
2016-08-16 14:46:55 -04:00
Matt Caswell
2ecb9f2d18
Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto()
...
These functions are no longer relevant to 1.1.0 (we always have auto ecdh
on) - but no reason to break old code that tries to call it. The macros will
only return a dummy "success" result if the app was trying to enable ecdh.
Disabling can't be done in quite this way any more.
Fixes Github Issue #1437
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-16 17:11:43 +01:00
Matt Caswell
f9cf774cbd
Ensure we unpad in constant time for read pipelining
...
The read pipelining code broke constant time unpadding. See GitHub
issue #1438
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:53:17 +01:00
Dr. Stephen Henson
0f022f5a22
Corrupt signature earlier.
...
If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:05:36 +01:00
Dr. Stephen Henson
34d4d74575
make update
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:05:36 +01:00
Dr. Stephen Henson
17ebf85abd
Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().
...
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:05:35 +01:00
Richard Levitte
1940aa6e6b
Remove duplicate ordinals
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 14:16:53 +02:00
Andy Polyakov
05ef4d1980
ARMv8 assembly pack: add Samsung Mongoose results.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16 12:47:49 +02:00
Andy Polyakov
9d46752dfe
Configure: recognize -static as link option and disable incompatible options.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 12:45:51 +02:00
Andy Polyakov
f4941736a9
test/ssl_test.tmpl: make it work with elderly perl.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 12:43:44 +02:00
David Woodhouse
31c34a3e2f
Fix satsub64be() to unconditionally use 64-bit integers
...
Now we support (u)int64_t this can be very much simpler.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-16 10:24:57 +01:00
Emilia Kasper
e0421bd8b2
SSL tests: send some application data
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 11:00:15 +02:00
Richard Levitte
ffb261ff19
Add a "config" for verbosity and use it with Travis
...
Modify VMS config.com to match
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-08-16 10:38:45 +02:00
Richard Levitte
a4ffbbeef6
Make "make" less verbose in Travis, except for the build only case
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-08-16 10:38:45 +02:00
Dr. Stephen Henson
66bcba1457
Limit reads in do_b2i_bio()
...
Apply a limit to the maximum blob length which can be read in do_d2i_bio()
to avoid excessive allocation.
Thanks to Shi Lei for reporting this.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 00:27:10 +01:00
Dr. Stephen Henson
8b9afbc0fc
Check for errors in a2d_ASN1_OBJECT()
...
Check for error return in BN_div_word().
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16 00:19:19 +01:00
Dr. Stephen Henson
07bed46f33
Check for errors in BN_bn2dec()
...
If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.
Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.
Thanks to Shi Lei for reporting this bug.
CVE-2016-2182
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16 00:19:19 +01:00
Tomas Mraz
40c60b0d73
Avoid truncating the pointer on x32 platform.
...
The 64 bit pointer must not be cast to 32bit unsigned long on
x32 platform.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-15 23:30:45 +01:00
Tomas Mraz
e7e5d608fb
Add a comment for the added cast with explanation.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-15 23:30:45 +01:00
Tomas Mraz
3f8d1216df
Fix af_alg engine failure on 32 bit architectures.
...
Add extra cast to unsigned long to avoid sign extension when
converting pointer to 64 bit data.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-15 23:30:45 +01:00
Matt Caswell
bb982ce753
Remove a stray unneeded line in 70-test_sslrecords.t
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Matt Caswell
78fcddbb8d
Address feedback on SSLv2 ClientHello processing
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Matt Caswell
a2a0c86bb0
Add some SSLv2 ClientHello tests
...
Test that we handle a TLS ClientHello in an SSLv2 record correctly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Matt Caswell
a01c86a251
Send an alert if we get a non-initial record with the wrong version
...
If we receive a non-initial record but the version number isn't right then
we should send an alert.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Matt Caswell
44efb88a21
Address feedback on SSLv2 ClientHello processing
...
Feedback on the previous SSLv2 ClientHello processing fix was that it
breaks layering by reading init_num in the record layer. It also does not
detect if there was a previous non-fatal warning.
This is an alternative approach that directly tracks in the record layer
whether this is the first record.
GitHub Issue #1298
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00