wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12605 commits 20 branches 302 tags 153 MiB
Commit graph

12605 commits

This branch
This branch
All branches
Author SHA1 Message Date
Matt Caswell
1939187922 Make bn opaque 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:41:27 +00:00
Matt Caswell
348d0d148a Update apps for bn opaque change 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:41:19 +00:00
Matt Caswell
29e7a56d54 Disable engines that will fail to build when bn is made opaque 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:41:12 +00:00
Matt Caswell
2cbc8d7de5 Implement internally opaque bn access from ts 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:41:07 +00:00
Matt Caswell
aeb556f831 Implement internally opaque bn access from srp 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:41:02 +00:00
Matt Caswell
18125f7f55 Implement internally opaque bn access from rsa 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:40:57 +00:00
Matt Caswell
68c29f61a4 Implement internally opaque bn access from evp 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:40:52 +00:00
Matt Caswell
5784a52145 Implement internally opaque bn access from ec 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:40:47 +00:00
Matt Caswell
c0d4390194 Implement internally opaque bn access from dsa 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:40:41 +00:00
Matt Caswell
829ccf6ab6 Implement internally opaque bn access from dh 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:40:32 +00:00
Matt Caswell
76b2a02274 Implement internally opaque bn access from asn1 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:40:26 +00:00
Matt Caswell
7a5233118c Prepare exptest for bn opaquify 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:40:19 +00:00
Matt Caswell
85bcf27ccc Prepare for bn opaquify. Implement internal helper functions. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:40:12 +00:00
Matt Caswell
dd703de022 Remove internal bn dependancies from speed.c 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:39:38 +00:00
Geoff Thorpe
e52a3c3d14 Include <openssl/foo.h> instead of "foo.h" 
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.

Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-12-08 14:21:35 -05:00
Matt Caswell
41bf250130 Fixed memory leak in the event of a failure of BUF_MEM_grow 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-08 16:43:25 +00:00
Matt Caswell
76e6509085 Fix memory leak in SSL_new if errors occur. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-08 16:42:59 +00:00
Dr. Stephen Henson
7bca0a1db5 Remove fips directories from mkfiles.pl 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 14:01:47 +00:00
Dr. Stephen Henson
71a5f534f1 Remove references to deleted fips directory from Makefile.org 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
73e45b2dd1 remove OPENSSL_FIPSAPI 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
b2ecc05a9a remove FIPS_*_SIZE_T 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
916e56208b remove FIPS module code from crypto/evp 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
ebdf37e4b1 remove FIPS module code from crypto/bn 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1c98de6d81 remove FIPS module code from crypto/ecdh 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
dbfbe10a1f remove FIPS module code from crypto/ecdsa 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1bfffe9bd0 Remove FIPS module code from crypto/dh 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
fce8311cae remove FIPS module code from crypto/dsa 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
8d73db288f remove FIPS module code from crypto/rsa 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
05417a3476 Remove FIPS error library from openssl.ec mkerr.pl 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
cc2f1045d1 make depend 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
4fa579c58d Remove fips.h reference. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9 Remove fips_constseg references. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
85129ab579 remove another FIPSCANISTER reference 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
b3da6f496b remove unnecessary OPENSSL_FIPS reference 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
c603c723ce Remove OPENSSL_FIPSCANISTER code. 
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:16 +00:00
Dr. Stephen Henson
225fce8a98 Remove FIPSCANISTERINTERNAL reference. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:23:54 +00:00
Dr. Stephen Henson
a42366a406 Remove fips utility build rules from test/Makefile 
The fips test utilities are only build if an FIPS module is being
built from source. As this isn't done in master these are redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:23:48 +00:00
Dr. Stephen Henson
f072785eb4 Remove fipscanister build functionality from makefiles. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:23:45 +00:00
Dr. Stephen Henson
78c990c156 Remove fipscanister from Configure, delete fips directory 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:18:43 +00:00
Dr. Stephen Henson
00b4ee7664 Remove some unnecessary OPENSSL_FIPS references 
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:18:43 +00:00
Matt Caswell
0c1bd7f03f Add CHANGES entry for OCB 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:29:11 +00:00
Matt Caswell
3feb63054a Added OPENSSL_NO_OCB guards 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:29:03 +00:00
Matt Caswell
e4bbee9633 Add documentation for OCB mode 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:28:56 +00:00
Matt Caswell
d827c5edb5 Add tests for OCB mode 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:28:47 +00:00
Matt Caswell
e6b336efa3 Add EVP support for OCB mode 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:28:34 +00:00
Matt Caswell
c857a80c9d Add support for OCB mode as per RFC7253 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:27:56 +00:00
Emilia Kasper
376e2ca3e3 Clarify the return values for SSL_get_shared_curve. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-05 18:31:21 +01:00
Emilia Kasper
740580c2b2 Add extra checks for odd-length EC curve lists. 
Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
be extra careful and add guards against off-by-one reads.

Also, drive-by replace inexplicable double-negation with an explicit comparison.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-05 16:57:58 +01:00
Emilia Kasper
33d5ba8629 Reject elliptic curve lists of odd lengths. 
The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.

Thanks to Felix Groebert of the Google Security Team for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-05 16:32:39 +01:00
Emilia Kasper
f50ffd10fa Fix broken build 
Add includes missing from commit 33eab3f6af

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
 2014-12-05 16:18:20 +01:00