On error we could leak a ACCESS_DESCRIPTION and an ASN1_IA5STRING. Both
should be freed in the error path.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The cms_SignerInfo_content_sign() function allocated an EVP_MD_CTX but
then failed to free it on an error path.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The cms_RecipientInfo_pwri_crypt() allocated an EVP_CIPHER_CTX but then
failed to free it in some error paths. By allocating it a bit later that
can be avoided.
Reviewed-by: Richard Levitte <levitte@openssl.org>
In BN_generate_prime_ex() we do some sanity checks first and return
with an error if they fail. We should do that *before* allocating any
resources to avoid a memory leak.
Reviewed-by: Richard Levitte <levitte@openssl.org>
In the BN_mpi2bn() function, a failure of a call to BN_bin2bn() could
result in the leak of a previously allocated BIGNUM value.
Reviewed-by: Richard Levitte <levitte@openssl.org>
During construction of a mem BIO we allocate some resources. If this
allocation fails we can end up leaking everything we have allocated so
far.
Reviewed-by: Richard Levitte <levitte@openssl.org>
When setting an accepted socket for non-blocking, if the operation fails
make sure we close the accepted socket.
Reviewed-by: Richard Levitte <levitte@openssl.org>
BIO_sock_error() returned 1 when getsockopt() fails when it should
return the error code for that failure.
Additionally, the optlen parameter to getsockopt() has to point at
the size of the area that the optval parameter points at rather than
zero. Some systems may forgive it being zero, but others don't.
Reviewed-by: Matt Caswell <matt@openssl.org>
The traditional private key encryption algorithm doesn't function
properly if the IV length of the cipher is zero. These ciphers
(e.g. ECB mode) are not suitable for private key encryption
anyway.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Coverity reports a potential NULL deref when "2 0 0" DANE trust-anchors
from DNS are configured via SSL_dane_tlsa_add() and X509_STORE_CTX_init()
is called with a NULL stack of untrusted certificates.
Since ssl_verify_cert_chain() always provideds a non-NULL stack of
untrusted certs, and no other code path enables DANE, the problem
can only happen in applications that use SSL_CTX_set_cert_verify_callback()
to implement their own wrappers around X509_verify_cert() passing
only the leaf certificate to the latter.
Regardless of the "improbability" of the problem, we do need to
ensure that build_chain() handles this case correctly.
Reviewed-by: Matt Caswell <matt@openssl.org>
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
Add X509_STORE_{set,get}_ex_data() function and
X509_STORE_get_ex_new_index() macro.
X509_STORE has ex_data and the documentation also mentions them but they
are not actually implemented.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Commit d32f5d8733 added a 'goto end;' statement
at the end of the code block for the 'end' label. Fortunately, it was after a
return statement, so no infinite loop occurred, but it is still dead code.
Remove the extra goto statement as cleanup.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
The i2d_X509() function can return a negative value on error. Therefore
we should make sure we check it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Even though no test could be found to trigger this, paper-n-pencil
estimate suggests that x86 and ARM inner loop lazy reductions can
loose a bit in H4>>*5+H0 step.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
IBM argues that in certain scenarios capability query is really
expensive. At the same time it's asserted that query results can
be safely cached, because disabling CPACF is incompatible with
reboot-free operation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Fix a bug introduced by 6903e2e7e9 (Extended EC_METHOD customisation
support., 2016-02-01). key->meth->set_private() is wrongly called where
it should call key->group->meth->set_private().
PR#4517
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
If the ASN.1 BIO is presented with a large length field read it in
chunks of increasing size checking for EOF on each read. This prevents
small files allocating excessive amounts of data.
CVE-2016-2109
Thanks to Brian Carpenter for reporting this issue.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
If allocation in CRYPTO_clear_realloc() fails don't free up the original
buffer: this is consistent with the behaviour of realloc(3) and is expected
in other places in OpenSSL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
The Unix build was the last to retain the classic build scheme. The
new unified scheme has matured enough, even though some details may
need polishing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Commit f0e0fd51f was a bit over-zealous in removing a call to
X509_STORE_CTX_cleanup(). The call in question was in a loop and was
required to cleanup resources used on each iteration of the loop. Removing
this resulted in a memory leak.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Recently, OCSP_basic_verify() was changed to always return 0 on error,
when it would previously return 0 on error and < 0 on fatal error.
This restores the previous semantics back.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Travis identified a problem with freeing the ex_data locks which wasn't
quite right in ff2344052. Trying to fix it identified a further problem:
the ex_data locks are cleaned up by OPENSSL_cleanup(), which is called
explicitly by CRYPTO_mem_leaks(), but then later the BIO passed to
CRYPTO_mem_leaks() is freed. An attempt is then made to use the ex_data
lock already freed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
The check_defer() function was used to ensure that EVP_cleanup() was always
called before OBJ_cleanup(). The new cleanup code ensures this so it is
no longer needed.
Remove obj_cleanup() call in OID config module: it is not needed
any more either.
Reviewed-by: Matt Caswell <matt@openssl.org>
Instead of absolute hard coding of the libz library name, have it use
the macro LIBZ, which is set to defaults we know in case it's
undefined.
This allows our configuration to set something that's sane on current
or older platforms, and allows the user to override it by defining
LIBZ themselves.
Reviewed-by: Matt Caswell <matt@openssl.org>
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
There was a lot of naming inconsistency, so we try and standardise on
one form.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CONF_modules_free() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
ENGINE_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
EVP_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
BIO_sock_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CRYPTO_cleanup_all_ex_data() should not be called expicitly - we should
leave auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
COMP_zlib_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
When a file is opened with BIO_new_file(), make sure that the internal
mode TEXT vs BINARY setting reflects what's given in the mode string.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Code without PEDANTIC has intentional "undefined" behaviour. To get best
coverage for both PEDANTIC and non-PEDANTIC codepaths, run the sanitizer
builds in two different configurations:
1) Without PEDANTIC but with alignment checks disabled.
2) With PEDANTIC.
To not overload Travis too much, run one build with clang and the other
with gcc (chosen at random).
Also remove a micro-optimization in CAST code to be able to
-fsanitize=shift. Whether shift sanitization is meaningful for crypto or
an obstacle is debatable but since this appears to be the only offender,
we might as well keep the check for now.
Reviewed-by: Richard Levitte <levitte@openssl.org>
A number of new functions have been added following the DH and DH_METHOD
opacity commits. This commit provides documentation for those functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Move the dh_method structure into an internal header file and provide
relevant accessors for the internal fields.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Move the dh_st structure into an internal header file and provide
relevant accessors for the internal fields.
Reviewed-by: Richard Levitte <levitte@openssl.org>
As it turns out branch hints grew as kind of a misconception. In
addition their interpretation by GNU assembler is affected by
assembler flags and can end up with opposite meaning on different
processors. As we have to loose quite a lot on misinterprerations,
especially on newer processors, we just omit them altogether.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Since NDEBUG is defined unconditionally on command line for release
builds, we can omit *_DEBUG options in favour of effective "all-on"
in debug builds exercised though CI.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates. Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing
when the chain is fails verification.
Move and consolidate CT callbacks from libcrypto to libssl. We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.
Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information. When printing SCTs, print the
validation status if set and not valid.
Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Move rsa_meth_st away from public headers.
Add RSA_METHOD creator/destructor functions.
Add RSA_METHOD accessor/writer functions.
Adapt all other source to use the creator, destructor, accessors and writers.
Reviewed-by: Matt Caswell <matt@openssl.org>
Move rsa_st away from public headers.
Add accessor/writer functions for the public RSA data.
Adapt all other source to use the accessors and writers.
Reviewed-by: Matt Caswell <matt@openssl.org>
When config'd with "no-async" the ASYNC_NULL implementation is used, so
async symbols still exist. We should still init the NULL implementation so
that when we get the async ctx it is NULL rather than undefined.
Reviewed-by: Rich Salz <rsalz@openssl.org>
It was harmless in this case, but best avoid the annoying warnings.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level. For verification of SSL peers, this
is automatically set from the SSL security level. Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.
The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.
New verify(1) tests added to check enforcement of chain signature
and public key security levels. Also added new tests of enforcement
of the verify_depth limit.
Updated documentation.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Numerous fixups based on feedback of the DSA opacity changes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Currently on every BIO mem read operation the remaining data is reallocated.
This commit solves the issue.
BIO mem structure includes additional pointer to the read position.
On every read the pointer moves instead of reallocating the memory for the remaining data.
Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer.
Also the flag is added to rewind the read pointer without losing the data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
InitOnceExecuteOnce returns nonzero on success:
MSDN: "If the function succeeds, the return value is nonzero."
So return 1 if it is nonzero, 0 others.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Don't decode a public key in X509_PUBKEY_get0(): that is handled when
the key is parsed using x509_pubkey_decode() instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
This minimizes inter-block overhead. Performance gain naturally
varies from case to case, up to 10% was spotted so far. There is
one thing to recognize, given same circumstances gain would be
higher faster computational part is. Or in other words biggest
improvement coefficient would have been observed with assembly.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
CRYPTO_mem_leaks attempts to adjust the count of bytes leaks to not
include the BIO that is being used to print the results out. However this
does not work properly. In all internal cases we switch off recording
the memory allocation during creation of the BIO so it makes no difference.
In other cases if the BIO allocates any additional memory during
construction then the adjustment will be wrong anyway. It also skips over
the BIO memory during print_leak anyway, so the BIO memory is never
added into the total. In other words this was broken in lots of ways and
has been since it was first added.
The simplest solution is just to make it the documented behaviour that
you must turn off memory logging when creating the BIO, and remove all
the adjustment stuff completely. The adjustment code was only ever in
master and never made it to a release branch so there is no loss of
functionality.
This commit also fixes a compilation failure when using
enable-crypto-mdebug.
Reviewed-by: Rich Salz <rsalz@openssl.org>
On VMS, the C compiler can work with 32-bit and 64-bit pointers, and
the command line determines what the initial pointer size shall be.
However, there is some functionality that only works with 32-bit
pointers. In this case, it's gethostbyname(), getservbyname() and
accompanying structures, so we need to make sure that we define our
own pointers as 32-bit ones.
Furthermore, there seems to be a bug in VMS C netdb.h, where struct
addrinfo is always defined with 32-bit pointers no matter what, but
the functions handling it are adapted to the initial pointer size.
This leads to pointer size warnings when compiling with
/POINTER_SIZE=64. The workaround is to force struct addrinfo to be
the 64-bit variant if the initial pointer size is 64.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Cache the decoded public key when an X509_PUBKEY structure is initially
parsed so no locking is required. Ignore any decode errors.
When an application calls X509_PUBKEY_get0() subsequently it will either
get the cached key or the decode operation will be repeated which will
return an appropriate error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Also, have it always be built, even though it's only (currently) used
on VMS. That will assure it will get the same changes as all others.
Reviewed-by: Matt Caswell <matt@openssl.org>
Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing. That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The private key is a scalar and should be sized by the order, not the
degree. See RFC 5915.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
In this OpenSSL version, we deliver engines with lower case symbol
names. The DSO symbol finder must be updated to allow for mixed case
symbols or it won't fine them.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Instead of have every DSO_METHOD_xxx in all platforms, ensure that only
one DSO_METHOD_openssl is available on all platforms.
Reviewed-by: Tim Hudson <tjh@openssl.org>
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Allows CONF files for certificate requests to specify that a pre-
certificate should be created (see RFC6962).
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Don't free up passed EVP_MD_CTX in ASN1_item_sign_ctx(). This
simplifies handling and retains compatiblity with previous behaviour.
PR#4446
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
mkdef.pl was not detecting no-comp functions. This updates the header file
so that mkdef.pl detects that no-comp applies, and the functions are marked
accordingly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
There is a potential double free in EVP_DigestInit_ex. This is believed
to be reached only as a result of programmer error - but we should fix it
anyway.
Issue reported by Guido Vranken.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Some platforms claim to be POSIX but their getcontext() implementation
does not work. Therefore we update the ASYNC_is_capable() function to test
for this.
RT#4366
Reviewed-by: Richard Levitte <levitte@openssl.org>
There are internal dependencies between the various cleanup functions.
This re-orders things to try and get that right.
Reviewed-by: Richard Levitte <levitte@openssl.org>
OBJ_cleanup() doesn't always get called from EVP_cleanup() so needs to be
explicitly called in de-init. Also BIO_sock_cleanup() also needs to be
called.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The reason to do so is that some of the generators detect PIC flags
like -fPIC and -KPIC, and those are normally delivered in LD_CFLAGS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
ENGINE_cleanup calls CRYPTO_free_ex_data and therefore,
CRYPTO_cleanup_all_ex_data - which cleans up the method pointers - must
run after ENGINE_cleanup.
Additionally, don't needlessly initialize the EX_CALLBACKS stack during
e.g. CRYPTO_free_ex_data. The only time this is actually needed is when
reserving the first ex data index. Specifically, since sk_num returns -1
on NULL input, the rest of the code already handles a NULL method stack
correctly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
On Windows we call WSAGetLastError() to find out the last error that
happened on a socket operation. We use this to find out whether we can
retry the operation or not. You are supposed to call this immediately
however in a couple of places we logged an error first. This can end up
making other Windows system calls to get the thread local error state.
Sometimes that can clobber the error code, so if you call WSAGetLastError()
later on you get a spurious response and the socket operation looks like
a fatal error.
Really we shouldn't be logging an error anyway if its a retryable issue.
Otherwise we could end up with stale errors on the error queue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
During auto de-init we were calling ENGINE_cleanup(), and then later
CONF_modules_free(). However the latter function can end up calling
engine code, which can lead to a use of the global_engine_lock after it
has already been freed. Therefore we should swap the calling order of
these two functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Some of these scripts would recognise an output parameter if it looks
like a file path. That works both in both the classic and new build
schemes. Some fo these scripts would only recognise it if it's a
basename (i.e. no directory component). Those need to be corrected,
as the output parameter in the new build scheme is more likely to
contain a directory component than not.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Pass entire CTLOG_STORE to SCT_print, rather than just the SCT's CTLOG
SCT_print now looks up the correct CT log for you.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Remove 'log' field from SCT and related accessors
In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.
Improved documentation for some CT functions in openssl/ssl.h.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
BIO_snprintf() can return -1 on truncation (and overflow as of commit
9cb177301f). Though neither can
realistically occur while printing a pointer and short fixed string into
a buffer of length 256, the analysis to confirm that this the case goes
somewhat far up the call chain, and not all static analyzers can
successfully follow the chain of logic.
It's easy enough to clamp the returned length to be nonnegative before
continuing, which appeases the static analyzer and does not harm the
subsequent code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Some of the ASN.1 routines for the GeneralizedTime type can return
errors; check for these and do not continue past failure, so as
to appease coverity.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
set pointers to NULL after OPENSSL_free before returning to caller to
avoid possible double-free in caller
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Both of these functions can easily be implemented by callers instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Use "!x" instead of "x <= 0", as these functions never return a negative
value.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
No longer terminates on first error, but instead tries to set the source
of every SCT regardless of whether an error occurs with some.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.
There is now no longer a need to set locking callbacks!!
Reviewed-by: Richard Levitte <levitte@openssl.org>
The locking here is a bit strange and unclear. Rather than refactor
anything and possibly break stuff I have just moved to using the new
thread API following as closely as possible what was there previously.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Before the 'Introduce the "pic" / "no-pic" config option' commit, the
shared_cflag value for the chosen config would be part of the make
variable CFLAG, which got replicated into CFLAGS and ASFLAGS.
Since said commit, the shared_cflag value has become a make variable
of its own, SHARED_CFLAG (which is left empty in a "no-pic" build).
However, ASFLAGS was forgotten. That's what's corrected with this
change.
Reviewed-by: Andy Polyakov <appro@openssl.org>
crypto/evp/e_aes.c and crypto/modes/gcm128.c include ppc_arch.h, which
is located in crypto/, so add that as extra include directory for them.
Issue reported by Jeffrey Walton <noloader@gmail.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/whrlpool/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/sha/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/rc4/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/rc5/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/ripemd/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/md5/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/modes/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/poly1305/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/des/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/ec/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/camellia/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/cast/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/chacha/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/aes/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/bf/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Even if we haven't loaded an engine, we might have set up the
global_engine_lock, so we should still clean up.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The Engine API lost the setting of memory management hooks in
bind_engine. Here's putting that back.
EX_DATA and ERR functions need the same treatment.
Reviewed-by: Matt Caswell <matt@openssl.org>
This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Make all scripts produce .S, make interpretation of $(CFLAGS)
pre-processor's responsibility, start accepting $(PERLASM_SCHEME).
[$(PERLASM_SCHEME) is redundant in this case, because there are
no deviataions between Solaris and Linux assemblers. This is
purely to unify .pl->.S handling across all targets.]
Reviewed-by: Richard Levitte <levitte@openssl.org>
The kinv/r fields in the DSA structure are not used by OpenSSL internally
and should not be used in general.
Reviewed-by: Rich Salz <rsalz@openssl.org>
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Implement aes128-cbc as a pipeline capable cipher in the dasync engine.
As dasync is just a dummy engine, it actually just performs the parallel
encrypts/decrypts in serial.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Strictly speaking, it isn't stdio and file access which offend me here;
it's the fact that UEFI doesn't provide a strdup() function. But the
fact that it's pointless without file access is a good enough excuse for
compiling it out.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in crypto/bn/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Swap the use of CRYPTO_LOCK_INIT in the init code to use the new threading
API mechanism for locking.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The init code was using its own thread local code. Now we have a central
API for it we should use that instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The init code was using its own "once" implementation. Now that we have
the new thread API we should use that instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Make PKCS8_PRIV_KEY_INFO opaque. Several accessor functions already exist
for this structure. Two new ones were added to handle attributes.
The old handling of broken formats has been removed and the corresponding
structures simplified.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Some OSes, *cough*-dows, insist on stack being "wired" to
physical memory in strictly sequential manner, i.e. if stack
allocation spans two pages, then reference to farmost one can
be punishable by SEGV. But page walking can do good even on
other OSes, because it guarantees that villain thread hits
the guard page before it can make damage to innocent one...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Not all assemblers of "gas" flavour handle binary constants, e.g.
seasoned MacOS Xcode doesn't, so give them a hand.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Add support for application supplied any defined by callback. An
application can change the selector value if it wishes. This is
mainly intended for values which are only known at runtime, for
example dynamically created OIDs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Previously, the remaining CT log entries would not be loaded.
Also, CTLOG_STORE_load_file would return 1 even if a log entry was
invalid, resulting in no errors being shown.
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Appease the sanitizer: avoid left shifts of negative values.
This could've been done entirely with casts to uint and back,
but using masks seemed slightly more readable.
There are also implementation-defined signed right shifts in this
code. Those remain.
Reviewed-by: Rich Salz <rsalz@openssl.org>
PVK files with abnormally large length or salt fields can cause an
integer overflow which can result in an OOB read and heap corruption.
However this is an rarely used format and private key files do not
normally come from untrusted sources the security implications not
significant.
Fix by limiting PVK length field to 100K and salt to 10K: these should be
more than enough to cover any files encountered in practice.
Issue reported by Guido Vranken.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This patch implements the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) as defined in RFC 5869.
It is required to implement the QUIC and TLS 1.3 protocols (among others).
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
- Remove OPENSSL_X25519_X86_64 which never worked, because we don't have
the assembly.
- Also remove OPENSSL_SMALL (which should have been
OPENSSL_SMALL_FOOTPRINT) which isn't a priority at the moment.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Handle KDF in ECDH_compute_key instead of requiring each implementation
support it. This modifies the compute_key method: now it allocates and
populates a buffer containing the shared secret.
Reviewed-by: Rich Salz <rsalz@openssl.org>
There are cases, for example when configuring no-asm, that the added
uplink source files got in the way of the cpuid ones. The best way to
solve this is to separate the two.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Formally only 32-bit AVX2 code path needs this, but I choose to
harmonize all vector code paths.
RT#4346
Reviewed-by: Richard Levitte <levitte@openssl.org>
Most of the assembly uses constants from arm_arch.h, but a few references to
ARMV7_NEON don't. Consistently use the macros everywhere.
Signed-off-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Instead of overriding a default operation move default operation to a
separate function which is then explicitly included in any EC_METHOD
that uses it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Specifies a callback that will, in the future, be used by the SSL code to
decide whether to abort a connection on Certificate Transparency grounds.
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
The HOST_c2l() macro assigns the value to the specified variable, but also
evaluates to the same value. Which we ignore, triggering a warning.
To fix this, just cast it to void like we did in commit 08e553644
("Fix some clang warnings.") for a bunch of other instances.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
and reorganize/harmonize post-conditions.
Additional hardening following on from CVE-2016-0702
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
At the same time remove miniscule bias in final subtraction.
Performance penalty varies from platform to platform, and even with
key length. For rsa2048 sign it was observed to be 4% for Sandy
Bridge and 7% on Broadwell.
CVE-2016-0702
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Performance penalty is 2% on Linux and 5% on Windows.
CVE-2016-0702
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Performance penalty varies from platform to platform, and even
key length. For rsa2048 sign it was observed to reach almost 10%.
CVE-2016-0702
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
In the BN_hex2bn function the number of hex digits is calculated using
an int value |i|. Later |bn_expand| is called with a value of |i * 4|.
For large values of |i| this can result in |bn_expand| not allocating any
memory because |i * 4| is negative. This leaves ret->d as NULL leading
to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this
case memory is allocated to ret->d, but it is insufficiently sized
leading to heap corruption. A similar issue exists in BN_dec2bn.
This could have security consequences if BN_hex2bn/BN_dec2bn is ever
called by user applications with very large untrusted hex/dec data. This is
anticipated to be a rare occurrence.
All OpenSSL internal usage of this function uses data that is not expected
to be untrusted, e.g. config file data or application command line
arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be a rare.
Issue reported by Guido Vranken.
CVE-2016-0797
Reviewed-by: Andy Polyakov <appro@openssl.org>
Clarify that the "cleanup" routing does not get called if you invoke
ASYNC_WAIT_CTX_clear_fd() directly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Implementation experience has shown that the original plan for async wait
fds was too simplistic. Originally the async logic created a pipe internally
and user/engine code could then get access to it via API calls. It is more
flexible if the engine is able to create its own fd and provide it to the
async code.
Another issue is that there can be a lot of churn in the fd value within
the context of (say) a single SSL connection leading to continually adding
and removing fds from (say) epoll. It is better if we can provide some
stability of the fd value across a whole SSL connection. This is
problematic because an engine has no concept of an SSL connection.
This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a
proxy for an SSL connection down at the engine layer.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Add a flag to EC_METHOD for curves which do not support signing.
New function EC_KEY_can_sign() returns 1 is key can be used for signing.
Return an explicit error is an attempt is made to sign with
no signing curves.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
In some cases the EC_POINT and EC_KEY BIGNUM components are suboptimal
or inappropriate. Add an "custom_data" field which curves can populate with
a custom structure to suit their needs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Extract compression form in EC_KEY_oct2key() instead of manually in the
ASN.1 code. For custom curves do not assume the initial octet is the
compression form: it isn't for X25519 et al.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Add support for optional overrides of various private key operations
in EC_METHOD.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they
wont be used and EdDSA may use a different format.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
In EC_KEY_priv2buf(), check for pbuf sanity.
If invoked with NULL, gracefully returns the key length.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
- In error paths, EVP_MD_CTX allocated by the callee is not released.
- Checking method before accessing
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
We are using strcmp() as the cmp_func, where in the EDK2 environment
strcmp actually ends up being the external AsciiStrCmp() function —
an EFI library function defined with the Microsoft ABI.
This means that we can't just assign function pointers to it, since
in GCC-hosted builds the ABI of any function *not* explicitly marked
EFIAPI is the native SysV ABI.
Arguably this stupidity ought to be resolved on the UEFI side, but in
the general case that would mean that we need to provide ABI-compatible
wrappers for *all* the "standard" functions, just in case they're used
like this.
And in fact we already have a workaround here for DEC C. So instead of
playing games with casting function pointers, it's nicer just to use a
simple function to wrap the strcmp() call. That cleans up the DEC C
workaround, *and* it works around the UEFI bogosity at the same time.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.
Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.
These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.
Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.
CVE-2016-0799
Issue reported by Guido Vranken.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Simplifies calling code. Also fixed up any !ptr tests that were
nearby, turning them into NULL tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.
Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.
Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.
In Apache, the seed directive is known as SSLSRPUnknownUserSeed.
To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.
Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Different assembler versions disagree on how to interpret #-1 as
argument to vmov.i64, as 0xffffffffffffffff or 0x00000000ffffffff.
So replace it with something they can't disagree on.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The entire contents of <internal/bn_conf.h> are unwanted in the UEFI
build because we have to do it differently there. To support building
for both 32-bit and 64-bit platforms without re-running the OpenSSL
Configure script, the EDK2 environment defines THIRTY_TWO_BIT or
SIXTY_FOUR_BIT for itself according to the target platform.
The current setup is broken, though. It checks for OPENSSL_SYS_UEFI but
before it's actually defined, since opensslconf.h hasn't yet been
included.
Let's fix that by including opensslconf.h. And also let's move the
bn_conf.h doesn't even need to *exist* in the UEFI build environment.
This is also GH PR736.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
This takes us away from the idea that we know exactly how our static
libraries are going to get used. Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.
On the other hand, we also have greater control of when the shared
library cflags. They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.
With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Depending on Makefile meant that a new attempt to rebuild the Makefile
with "new" dependency data was done all the time, uncontrolled. Better
to depend on configdata.pm, which truly only changes with reconfiguration.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Remove old code that handled various invalid DSA formats in ancient
software.
This also fixes a double free bug when parsing malformed DSA private keys.
Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.
CVE-2016-0705
Reviewed-by: Emilia Käsper <emilia@openssl.org>
This silences the memory sanitizer. All fields were already correctly
initialized but the struct padding wasn't, causing an uninitialized read
warning.
Reviewed-by: Tim Hudson <tjh@openssl.org>
The engine DSOs were named as if they were shared libraries, and could
end up having all sorts of fancy names:
Cygwin: cygFOO.dll
Mingw: FOOeay32.dll
Unix: libFOO.so / libFOO.sl / libFOO.dylib / ...
This may be confusing, since they look like libraries one should link
with at link time, when they're just DSOs.
It's therefore time to rename them, and do it consistently on all
platforms:
Cygwin & Mingw: FOO.dll
Unix: FOO.{so,sl,dylib,...}
Interestingly enough, the MSVC and VMS builds always did it this way.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Then it can pass around the information where it belongs. The
Makefile templates pick it up along with other target data, the
DSO module gets to pick up the information through
crypto/include/internal/dso_conf.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
Adding uplink and applink to some builds was done by "magic", the
configuration for "mingw" only had a macro definition, the Configure
would react to its presence by adding the uplink source files to
cpuid_asm_src, and crypto/build.info inherited dance to get it
compiled, and Makefile.shared made sure applink.o would be
appropriately linked in. That was a lot under the hood.
To replace this, we create a few template configurations in
Configurations/00-base-templates.conf, inherit one of them in the
"mingw" configuration, the rest is just about refering to the
$target{apps_aux_src} / $target{apps_obj} in the right places.
Reviewed-by: Andy Polyakov <appro@openssl.org>
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was. Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The windows thread stop code was erroneously not just deleting the thread
local variable on thread stop, but also deleting the thread local *key*
(thus removing thread local data for *all* threads in one go!).
Reviewed-by: Rich Salz <rsalz@openssl.org>
