Commit graph

13530 commits

Author SHA1 Message Date
Matt Caswell
b86d7dca69 Sanity check EVP_EncodeUpdate buffer len
There was already a sanity check to ensure the passed buffer length is not
zero. Extend this to ensure that it also not negative. Thanks to Kevin
Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 23:12:39 +01:00
Matt Caswell
c826988109 Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 23:12:39 +01:00
Matt Caswell
873fb39f20 Sanity check DES_enc_write buffer length
Add a sanity check to DES_enc_write to ensure the buffer length provided
is not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot
Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 23:12:39 +01:00
Rich Salz
895cba195a free cleanup 12
Don't check for NULL before calling free function.  This gets:
        NAME_CONSTRAINTS_free GENERAL_SUBTREE_free ECDSA_METHOD_free
        JPAKE_CTX_free OCSP_REQ_CTX_free SCT_free SRP_VBASE_free
        SRP_gN_free SRP_user_pwd_free TXT_DB_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 18:10:52 -04:00
Matt Caswell
b0696f8b0b make update
Run make update following previous header file changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-30 23:00:44 +01:00
Rich Salz
4b45c6e52b free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Rich Salz
68dc682499 In apps, malloc or die
No point in proceeding if you're out of memory.  So change
*all* OPENSSL_malloc calls in apps to use the new routine which
prints a message and exits.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:48:31 -04:00
Rich Salz
222561fe8e free NULL cleanup 5a
Don't check for NULL before calling a free routine.  This gets X509_.*free:
    x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
    X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
    X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:33:59 -04:00
Rich Salz
2ace745022 free NULL cleanup 8
Do not check for NULL before calling a free routine.  This addresses:
    ASN1_BIT_STRING_free ASN1_GENERALIZEDTIME_free ASN1_INTEGER_free
    ASN1_OBJECT_free ASN1_OCTET_STRING_free ASN1_PCTX_free ASN1_SCTX_free
    ASN1_STRING_clear_free ASN1_STRING_free ASN1_TYPE_free
    ASN1_UTCTIME_free M_ASN1_free_of

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 11:31:07 -04:00
Rich Salz
5a80d9fbfe Fix bug, "what mode" test was wrong.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-30 11:31:07 -04:00
Matt Caswell
a3ed492f58 Fix windows build
The big apps cleanup broke the windows build. This commit
fixes some miscellaneous issues so that it builds again.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 11:35:18 +01:00
Matt Caswell
fb45690275 Remove redundant includes from dtls1.h
There were a set of includes in dtls1.h which are now redundant due to the
libssl opaque work. This commit removes those includes, which also has the
effect of resolving one issue preventing building on windows (i.e. the
include of winsock.h)

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 11:34:51 +01:00
Rich Salz
995101d654 Add HTTP GET support to OCSP server
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-29 17:37:04 -04:00
Rich Salz
db4c08f019 Rewrite parse_name
Remove need for multiple arrays, parse the X509 name
one RDN at a time.  Thanks to Andy for careful review.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-29 14:50:00 -04:00
Rich Salz
2fa45e6ee7 use isxdigit and apps_tohex
Replace ad-hoc ascii->hex with isxdigit and new app_tohex.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-29 14:15:50 -04:00
Rich Salz
ecf3a1fb18 Remove needless bio_err argument
Many functions had a BIO* parameter, and it was always called
with bio_err.  Remove the param and just use bio_err.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-29 11:27:08 -04:00
Rich Salz
bea6cd3e1c Make "make rehash" quiet
Don't complain about missing config file.
(Got the right env var name this time)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 21:48:44 -04:00
Rich Salz
2d29e2df0c realloc of NULL is like malloc
ANSI C, and OpenSSL's malloc wrapper do this, also.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 16:34:52 -04:00
Rich Salz
b196e7d936 remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00
Rich Salz
3e47caff48 ERR_ cleanup
Remove ERR_[gs]et_implementation as they were not undocumented and
useless (the data structure was opaque).

Halve the number of lock/unlock calls in almost all ERR_
functions by letting the caller of get_hash or int_thread_set
able to lock.  Very useful when looping, such as adding errors,
or when getting the hash and immediately doing a lookup on it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 10:50:54 -04:00
Richard Levitte
0223ca0987 Allow for types with leading underscore when checking error macros.
We have an increasing number of function declarations starting with
'__owur'.  Unfortunately, util/ck_errf.pl fails to detect them.  A
simple change fixes that issue.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-04-28 14:34:58 +02:00
Emilia Kasper
5956b110e3 NISTZ256: owur'ize.
__owur'ize static methods to catch calling errors within the module.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-28 12:49:40 +02:00
Emilia Kasper
6038354cf8 NISTZ256: use EC_POINT API and check errors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 19:44:43 +02:00
Rich Salz
31b222da1e CRYPTO_mem_leaks should ignore it's BIO argument.
CRYPTO_mem_leaks takes a BIO* argument.  It's not a leak if that
argument hasn't been free'd.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 12:29:39 -04:00
Emilia Kasper
a4d5269e6d NISTZ256: don't swallow malloc errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 18:03:38 +02:00
Emilia Kasper
4446044a79 NISTZ256: set Z_is_one to boolean 0/1 as is customary.
Cosmetic, no real effect.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 16:49:25 +02:00
Emilia Kasper
e22d2199e2 Error checking and memory leak fixes in NISTZ256.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 16:21:48 +02:00
Emilia Kasper
2f5997b7b9 Fix Wmaybe-uninitialized: initialize variable
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 16:17:27 +02:00
Richard Levitte
9e842a5292 Fix the check of test apps in util/mk1mf.pl
The previous check assumed that the variables for each test app, ending
with TEST would be indication enough.  Experience showed that this isn't
the best way.  Instead, simply look for the EXE variable in test/Makefile.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 15:55:53 +02:00
Richard Levitte
4c1408962a Small fixes after the Big apps cleanup
This fixes util/mk1mf.pl, which was looking for old variable names from
apps/Makefile.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 11:02:36 +02:00
Rich Salz
57d5edada7 Add readline (etc) support
Compile with -DREADLINE and the appropriate library.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-26 23:45:12 -04:00
Rich Salz
1bb2daead8 Simplify parse_yesno; remove local variable
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-04-26 21:28:38 -04:00
Rich Salz
bc2f5803cc Fix typo in help & comment formatting
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-04-26 21:23:43 -04:00
Rich Salz
ce6766de69 Fix error message
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-04-26 16:43:18 -04:00
Rich Salz
88806cfc61 Fix main build breakage.
A variable declaration got dropped during a merge.
And if a compiler inlines strcmp() and you put a strcmp in an
assert message, the resultant stringification exceeds ANSI string
limits.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-04-26 13:12:04 -04:00
Rich Salz
2f58faad66 Remove the special list-xxxx commands
There's a new "list" command, which takes a flag to say what
to list.  Removing the old hacky commands.  Re-ordered some
functions to remove some needless declarations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-26 10:31:48 -04:00
Rich Salz
5d307e7b5a RT2962: add -keytab and -krb5svc flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 23:08:00 -04:00
Rich Salz
a194ee7b9a Free malloc data on encoding errors.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 22:55:36 -04:00
Rich Salz
46aa607867 apps-cleanup: the doc fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 16:07:28 -04:00
Rich Salz
f92beb98de Quote HTML entities in s_server output
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 16:06:19 -04:00
Rich Salz
c6724060e2 RT2206: Add -issuer flag to ocsp command
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 16:04:42 -04:00
Rich Salz
239f2771e1 Remove EFENCE support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 16:03:07 -04:00
Rich Salz
d8c25de595 RT2451: Add telnet to s_client -starttls
Also add -xmpphost and -smtphost flags.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 16:01:21 -04:00
Rich Salz
6ba8a5b77a Add -nocommands to s_client.
Add flag to disable the 'command letters' from s_client.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 15:58:22 -04:00
Rich Salz
333b070ec0 fewer NO_ENGINE #ifdef's
Make setup_engine be a dummy if NO_ENGINE is enabled.
The option is not enabled if NO_ENGINE is enabled, so the one "wasted"
variable just sits there. Removes some variables and code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 15:41:29 -04:00
Rich Salz
c54cc2b15d Add missing BIO_flush() calls
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 09:26:48 -04:00
Rich Salz
7e1b748570 Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb24
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 15:26:15 -04:00
Emilia Kasper
53dd4ddf71 Fix error checking and memory leaks in NISTZ256 precomputation.
Thanks to Brian Smith for reporting these issues.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-24 17:45:13 +02:00
Emilia Kasper
c028254b12 Correctly set Z_is_one on the return value in the NISTZ256 implementation.
Also add a few comments about constant-timeness.

Thanks to Brian Smith for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-24 17:33:21 +02:00
Loganaden Velvindron
8031d26b0c Fix CRYPTO_strdup
The function CRYPTO_strdup (aka OPENSSL_strdup) fails to check the return
value from CRYPTO_malloc to see if it is NULL before attempting to use it.
This patch adds a NULL check.

RT3786

Signed-off-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 37b0cf936744d9edb99b5dd82cae78a7eac6ad60)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 20d21389c8b6f5b754573ffb6a4dc4f3986f2ca4)
2015-04-22 17:18:59 +01:00