Commit graph

8015 commits

Author SHA1 Message Date
Matt Caswell
446ba8de9a Ensure we check i2d_X509 return val
The i2d_X509() function can return a negative value on error. Therefore
we should make sure we check it.

Issue reported by Yuan Jochen Kang.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-26 14:29:54 +01:00
Andy Polyakov
dc3c5067cd crypto/poly1305/asm: chase overflow bit on x86 and ARM platforms.
Even though no test could be found to trigger this, paper-n-pencil
estimate suggests that x86 and ARM inner loop lazy reductions can
loose a bit in H4>>*5+H0 step.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-25 22:56:09 +02:00
Viktor Dukhovni
51227177b1 Added missing X509_STORE_CTX_set_error_depth() accessor
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-25 15:26:04 -04:00
Andy Polyakov
670ad0fbf6 s390x assembly pack: cache capability query results.
IBM argues that in certain scenarios capability query is really
expensive. At the same time it's asserted that query results can
be safely cached, because disabling CPACF is incompatible with
reboot-free operation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-04-25 11:53:45 +02:00
Andy Polyakov
299ccadcdb crypto/sparc_arch.h: reserve more SPARCv9 capability bits.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-25 11:50:54 +02:00
Andy Polyakov
a82a9f71ad chacha/asm/chacha-ppc.pl: get misalignment corner case right on big-endian.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-25 11:48:44 +02:00
Kazuki Yamaguchi
acde647fb0 Fix EC_KEY_set_private_key() to call key->group->meth->set_private()
Fix a bug introduced by 6903e2e7e9 (Extended EC_METHOD customisation
support., 2016-02-01). key->meth->set_private() is wrongly called where
it should call key->group->meth->set_private().

PR#4517

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-23 04:24:27 +01:00
Dr. Stephen Henson
c62981390d Harden ASN.1 BIO handling of large amounts of data.
If the ASN.1 BIO is presented with a large length field read it in
chunks of increasing size checking for EOF on each read. This prevents
small files allocating excessive amounts of data.

CVE-2016-2109

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-23 00:26:43 +01:00
Dr. Stephen Henson
2ac7753c10 Fix CRYPTO_clear_realloc() bug.
If allocation in CRYPTO_clear_realloc() fails don't free up the original
buffer: this is consistent with the behaviour of realloc(3) and is expected
in other places in OpenSSL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-21 23:56:44 +01:00
Matt Caswell
dfefe7ec1e Fix a missing return value check in v3_addr
All other instances of extract_min_max are checked for an error return,
except this one.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Matt Caswell
d278284e74 Fix some code maintenance issues
Various instances of variables being written to, but then never read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Davide Galassi
a043d0b91d BIO socket connect failure was not handled correctly.
The state was always set to BIO_CONN_S_OK.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 21:26:01 +02:00
Michel
098a23828f Fix missing IDEA renames (windows build)
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 14:48:54 -04:00
Rich Salz
3fb2cf1ad1 Update copyright; generated files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:33:15 -04:00
Richard Levitte
45c6e23c97 Remove --classic build entirely
The Unix build was the last to retain the classic build scheme.  The
new unified scheme has matured enough, even though some details may
need polishing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 16:04:56 +02:00
Rich Salz
e0a651945c Copyright consolidation: perl files
Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:45:40 -04:00
Andy Polyakov
6944565bd5 evp/aes_aes.c: engage Fujitsu SPARC64 X AES support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:57:43 +02:00
Andy Polyakov
4400f6c61e sparcv9cap.c: add Fujitsu SPARC64 X AES capability detection.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:57:37 +02:00
Andy Polyakov
fb65020b37 Add AES assembly module for Fujitsu SPARC64 X/X+.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:57:20 +02:00
Andy Polyakov
d405aa2ff2 perlasm/x86_64-xlate.pl: make latest ml64 work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:51:33 +02:00
Andy Polyakov
6ca3e6e779 poly1305/asm/poly1305-x86_64.pl: not all assemblers manage << in constants.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:51:27 +02:00
Matt Caswell
235f932930 Unsigned chars can't be negative
Fix a problem where an unsigned char was being checked to see if it was
negative.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 15:12:58 +01:00
Matt Caswell
36c6f0ad0f Fix PKCS7 memory leak
Commit f0e0fd51f was a bit over-zealous in removing a call to
X509_STORE_CTX_cleanup(). The call in question was in a loop and was
required to cleanup resources used on each iteration of the loop. Removing
this resulted in a memory leak.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 14:59:23 +01:00
Rich Salz
14f051a0ae Make string_to_hex/hex_to_string public
Give the API new names, document it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 09:02:11 -04:00
Rich Salz
9021a5dfb3 Rename some lowercase API's
Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 08:22:00 -04:00
Ben Laurie
a97d19d9e5 Free methods on destroy.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-18 10:21:56 +01:00
Ben Laurie
913954768f Free engine on error.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-18 10:21:56 +01:00
Ben Laurie
04630522c2 Opacity.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-18 10:21:56 +01:00
Richard Levitte
d32f5d8733 Restore OCSP_basic_verify() error return semantics
Recently, OCSP_basic_verify() was changed to always return 0 on error,
when it would previously return 0 on error and < 0 on fatal error.
This restores the previous semantics back.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-17 23:22:45 +02:00
Dr. Stephen Henson
4dba585f79 Add X509_STORE_CTX_set0_untrusted function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-16 18:26:19 +01:00
Richard Levitte
64a1385a83 Small OCSP fixup
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-16 12:57:09 +02:00
Rich Salz
f0e0fd51fd Make many X509_xxx types opaque.
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-15 13:21:43 -04:00
Matt Caswell
1ee7b8b97c Fix ex_data locks issue
Travis identified a problem with freeing the ex_data locks which wasn't
quite right in ff2344052. Trying to fix it identified a further problem:
the ex_data locks are cleaned up by OPENSSL_cleanup(), which is called
explicitly by CRYPTO_mem_leaks(), but then later the BIO passed to
CRYPTO_mem_leaks() is freed. An attempt is then made to use the ex_data
lock already freed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-04-14 22:15:32 +01:00
Matt Caswell
c3a64b5278 The err_cleanup() funtion is internal so shouldn't be exported
Running a "make update" wanted to add err_cleanup to libcrypto.num which
is wrong.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 13:50:36 +01:00
Matt Caswell
ff2344052b Ensure all locks are properly cleaned up
Some locks were not being properly cleaned up during close down.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 13:19:04 +01:00
Shlomi Fish
085b386065 Fix the spelling of "implement".
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-14 08:15:27 -04:00
Viktor Dukhovni
bdcd660e33 Bugfix: in asn1parse avoid erroneous len after a sub-sequence
Introduced in:

    commit 79c7f74d6c
    Author: Ben Laurie <ben@links.org>
    Date:   Tue Mar 29 19:37:57 2016 +0100

    Fix buffer overrun in ASN1_parse().

Problem input:

    https://tools.ietf.org/html/draft-ietf-curdle-pkix-eddsa-00#section-8.1
    -----BEGIN PUBLIC KEY-----
    MC0wCAYDK2VkCgECAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE=
    -----END PUBLIC KEY-----

Previously:

        0:d=0  hl=2 l=  45 cons: SEQUENCE
        2:d=1  hl=2 l=   8 cons: SEQUENCE
        4:d=2  hl=2 l=   3 prim: OBJECT            :1.3.101.100
        9:d=2  hl=2 l=   1 prim: ENUMERATED        :02
    Error in encoding
    140735164989440:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:148:

Now:

    0:d=0  hl=2 l=  45 cons: SEQUENCE
    2:d=1  hl=2 l=   8 cons: SEQUENCE
    4:d=2  hl=2 l=   3 prim: OBJECT            :1.3.101.100
    9:d=2  hl=2 l=   1 prim: ENUMERATED        :02
   12:d=1  hl=2 l=  33 prim: BIT STRING
      0000 - 00 19 bf 44 09 69 84 cd-fe 85 41 ba c1 67 dc 3b   ...D.i....A..g.;
      0010 - 96 c8 50 86 aa 30 b6 b6-cb 0c 5c 38 ad 70 31 66   ..P..0....\8.p1f
      0020 - e1                                                .

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 02:41:30 -04:00
Matt Caswell
d064e6ab52 Remove OPENSSL_NO_SHA guards
no-sha is no longer an option so remove OPENSSL_NO_SHA guards.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Matt Caswell
5158c763f5 Remove OPENSSL_NO_AES guards
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Rich Salz
a48eaf7118 Need err_load_crypto_strings_int declared.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 16:22:58 -04:00
Dr. Stephen Henson
a535fe12f6 Remove check_defer()
The check_defer() function was used to ensure that EVP_cleanup() was always
called before OBJ_cleanup(). The new cleanup code ensures this so it is
no longer needed.

Remove obj_cleanup() call in OID config module: it is not needed
any more either.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:05:07 +01:00
Richard Levitte
13524b112e Move a declaration that's private to libcrypto
Don't expose purely libcrypto internal symbols, even to libssl.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:23:47 +02:00
Andy Polyakov
e0e532823f PPC assebmly pack: initial POWER9 support tidbits.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 12:09:46 +02:00
Andy Polyakov
b9077d85b0 chacha/asm/chacha-armv8.pl: fix intermittent build failures.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 12:07:31 +02:00
Richard Levitte
5a5c0b953f Remake the way dynamic zlib is loaded
Instead of absolute hard coding of the libz library name, have it use
the macro LIBZ, which is set to defaults we know in case it's
undefined.

This allows our configuration to set something that's sane on current
or older platforms, and allows the user to override it by defining
LIBZ themselves.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 11:36:46 +02:00
Matt Caswell
b3599dbb6a Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:59:03 +01:00
Matt Caswell
342c21cd8b Rename lots of *_intern or *_internal function to int_*
There was a lot of naming inconsistency, so we try and standardise on
one form.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:34 +01:00
Matt Caswell
cbf6959fe8 Deprecate CONF_modules_free() and make it a no-op
CONF_modules_free() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
6d4fb1d59e Deprecate ENGINE_cleanup() and make it a no-op
ENGINE_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
7b8cc9b345 Deprecate OBJ_cleanup() and make it a no-op
OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
22c84afa77 Deprecate EVP_cleanup() and make it a no-op
EVP_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
62d876ad17 Deprecate BIO_sock_cleanup() and make it a no-op
BIO_sock_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
a5e3ac13d6 Deprecate CRYPTO_cleanup_all_ex_data() and make it a no-op
CRYPTO_cleanup_all_ex_data() should not be called expicitly - we should
leave auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
f3cd81d653 Deprecate RAND_cleanup() and make it a no-op
RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
6827cb3610 Deprecate ERR_free_strings() and make it a no-op
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
02a247e0fa Deprecate COMP_zlib_cleanup() and make it a no-op
COMP_zlib_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
3012e65039 Fix the no-posix-io option
Fix a compile failure with no-posix-io

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-04-11 14:33:44 +01:00
Richard Levitte
2d897ae4d8 BIO: respect opening in text mode
When a file is opened with BIO_new_file(), make sure that the internal
mode TEXT vs BINARY setting reflects what's given in the mode string.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-04-11 14:57:34 +02:00
Emilia Kasper
cdbf577973 Disable some sanitizer checks without PEDANTIC
Code without PEDANTIC has intentional "undefined" behaviour. To get best
coverage for both PEDANTIC and non-PEDANTIC codepaths, run the sanitizer
builds in two different configurations:
1) Without PEDANTIC but with alignment checks disabled.
2) With PEDANTIC.

To not overload Travis too much, run one build with clang and the other
with gcc (chosen at random).

Also remove a micro-optimization in CAST code to be able to
-fsanitize=shift. Whether shift sanitization is meaningful for crypto or
an obstacle is debatable but since this appears to be the only offender,
we might as well keep the check for now.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-10 01:50:45 +02:00
Matt Caswell
0263b99288 Add documentation for following DH and DH_METHOD opacity
A number of new functions have been added following the DH and DH_METHOD
opacity commits. This commit provides documentation for those functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Matt Caswell
998f2cb8c4 Fix double free bug in error path
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Matt Caswell
17e01abbb0 Make DH_METHOD opaque
Move the dh_method structure into an internal header file and provide
relevant accessors for the internal fields.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Matt Caswell
0aeddcfa61 Make DH opaque
Move the dh_st structure into an internal header file and provide
relevant accessors for the internal fields.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Rich Salz
b9aec69ace Add SSL_DANE typedef for consistency.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-08 09:30:23 -04:00
Andy Polyakov
20b88bb160 PPC assembly pack: remove branch hints.
As it turns out branch hints grew as kind of a misconception. In
addition their interpretation by GNU assembler is affected by
assembler flags and can end up with opposite meaning on different
processors. As we have to loose quite a lot on misinterprerations,
especially on newer processors, we just omit them altogether.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-04-07 21:27:24 +02:00
Andy Polyakov
463a7b8cb0 Clean-up *_DEBUG options.
Since NDEBUG is defined unconditionally on command line for release
builds, we can omit *_DEBUG options in favour of effective "all-on"
in debug builds exercised though CI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 21:18:00 +02:00
Andy Polyakov
800b299b0a bio/bss_file.c: since VS2015 one can't tell apart own and "alien" FILE
pointers, except for minimal std[in|out|err].

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-07 21:08:08 +02:00
Viktor Dukhovni
a4ccf06808 make update
Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 14:41:34 -04:00
Viktor Dukhovni
43341433a8 Suppress CT callback as appropriate
Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates.  Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records.  Also skip SCT processing
when the chain is fails verification.

Move and consolidate CT callbacks from libcrypto to libssl.  We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.

Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information.  When printing SCTs, print the
validation status if set and not valid.

Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 14:41:34 -04:00
Richard Levitte
b72c912137 Make the RSA_METHOD structure opaque
Move rsa_meth_st away from public headers.
Add RSA_METHOD creator/destructor functions.
Add RSA_METHOD accessor/writer functions.
Adapt all other source to use the creator, destructor, accessors and writers.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-06 16:19:20 +02:00
Richard Levitte
9862e9aa98 Make the RSA structure opaque
Move rsa_st away from public headers.
Add accessor/writer functions for the public RSA data.
Adapt all other source to use the accessors and writers.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-06 16:19:17 +02:00
Matt Caswell
3e41ac3528 Fix no-ocsp
Misc fixes for no-ocsp

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 14:57:45 +01:00
Matt Caswell
7626fbf2ef Remove some OPENSSL_NO_ASYNC guards in init
When config'd with "no-async" the ASYNC_NULL implementation is used, so
async symbols still exist. We should still init the NULL implementation so
that when we get the async ctx it is NULL rather than undefined.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 14:51:42 +01:00
Andy Polyakov
ad7c9c9faf Configure: add BLAKE_DEBUG to --strict-warnings set.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 12:29:02 +02:00
Rich Salz
e771eea6d8 Revert "various spelling fixes"
This reverts commit 620d540bd4.
It wasn't reviewed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 16:11:43 -04:00
FdaSilvaYY
620d540bd4 various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 15:06:32 -04:00
FdaSilvaYY
c5137473bd Use X509_REQ_get0_pubkey
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 20:38:14 +02:00
FdaSilvaYY
97458daade Add X509_REQ_get0_pubkey method
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 20:38:11 +02:00
FdaSilvaYY
0517538d1a Fix two leaks in X509_REQ_to_X509
Issue #182

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 19:02:51 +02:00
Andy Polyakov
4b8736a22e crypto/poly1305: don't break carry chains.
RT#4483

[poly1305-armv4.pl: remove redundant #ifdef __thumb2__]
[poly1305-ppc*.pl: presumably more accurate benchmark results]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-04 16:56:20 +02:00
Emilia Kasper
1400f013e1 Fix memory leaks in ASN.1
These leaks affect 1.1.0 dev branch only; introduced around commit
f93ad22f6a

Found with LibFuzzer

Reviewed-by: Ben Laurie <ben@openssl.org>
2016-04-04 13:26:06 +02:00
Richard Levitte
adb4076ae0 Don't shadow known symbols write, read, puts, gets
It was harmless in this case, but best avoid the annoying warnings.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-04 00:26:12 +02:00
Viktor Dukhovni
fbb82a60dc Move peer chain security checks into x509_vfy.c
A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level.  For verification of SSL peers, this
is automatically set from the SSL security level.  Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.

The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.

New verify(1) tests added to check enforcement of chain signature
and public key security levels.  Also added new tests of enforcement
of the verify_depth limit.

Updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-03 11:35:35 -04:00
Viktor Dukhovni
70dd3c6593 Tidy up x509_vfy callback handling
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-03 11:35:19 -04:00
Matt Caswell
aa05e7caea Rename get/set_app_data to get0/set0_app_data
Also fixed a style issue

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
a517f7fcdc Various DSA opacity fixups
Numerous fixups based on feedback of the DSA opacity changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
6e9fa57c6d Make DSA_METHOD opaque
Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
1258396d73 Make the DSA structure opaque
Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Kirill Marinushkin
d3e6d6bcdf moved structure bio_buf_mem_st from headers to bss_mem.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-02 16:57:07 -04:00
Kirill Marinushkin
fc9755ee0d sizeof() updated to cover coding style
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-02 16:57:07 -04:00
Kirill Marinushkin
9fe9d0461e Optimized BIO mem read - without reallocation
Currently on every BIO mem read operation the remaining data is reallocated.
This commit solves the issue.
BIO mem structure includes additional pointer to the read position.
On every read the pointer moves instead of reallocating the memory for the remaining data.
Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer.
Also the flag is added to rewind the read pointer without losing the data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-02 16:57:07 -04:00
Mat
6b88864310 Fix: CRYPTO_THREAD_run_once
InitOnceExecuteOnce returns nonzero on success:
MSDN: "If the function succeeds, the return value is nonzero."

So return 1 if it is nonzero, 0 others.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-02 16:56:09 -04:00
Dr. Stephen Henson
fa0a9d715e Fix X509_PUBKEY cached key handling.
Don't decode a public key in X509_PUBKEY_get0(): that is handled when
the key is parsed using x509_pubkey_decode() instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-02 17:34:27 +01:00
Andy Polyakov
1fab06a665 crypto/blake2: make lowest-level function handle multiple blocks..
This minimizes inter-block overhead. Performance gain naturally
varies from case to case, up to 10% was spotted so far. There is
one thing to recognize, given same circumstances gain would be
higher faster computational part is. Or in other words biggest
improvement coefficient would have been observed with assembly.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-31 21:34:00 +02:00
Richard Levitte
923b1857de Fix "no-ui" configuration
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-31 13:32:01 +02:00
Matt Caswell
b3895f42a9 Remove the CRYPTO_mem_leaks adjustment for the BIO
CRYPTO_mem_leaks attempts to adjust the count of bytes leaks to not
include the BIO that is being used to print the results out. However this
does not work properly. In all internal cases we switch off recording
the memory allocation during creation of the BIO so it makes no difference.
In other cases if the BIO allocates any additional memory during
construction then the adjustment will be wrong anyway. It also skips over
the BIO memory during print_leak anyway, so the BIO memory is never
added into the total. In other words this was broken in lots of ways and
has been since it was first added.

The simplest solution is just to make it the documented behaviour that
you must turn off memory logging when creating the BIO, and remove all
the adjustment stuff completely. The adjustment code was only ever in
master and never made it to a release branch so there is no loss of
functionality.

This commit also fixes a compilation failure when using
enable-crypto-mdebug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-31 00:12:47 +01:00
Ben Laurie
79c7f74d6c Fix buffer overrun in ASN1_parse().
Fix buffer overrun in asn1_get_length().

Reproducer: asn1parse-reproduce crash-6bfd417f47bc940f6984f5e639b637fd4e6074bc

Fix length calculations.

Reproducer: asn1parse-reproduce crash-1819d0e54cd2b0430626c59053e6077ef04c2ffb
Reproducer: asn1parse-reproduce crash-9969db8603e644ddc0ba3459b51eac7a2c4b729b

Make i long.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-30 20:28:44 +01:00
Richard Levitte
fcd9c8c014 Fix pointer size issues on VMS
On VMS, the C compiler can work with 32-bit and 64-bit pointers, and
the command line determines what the initial pointer size shall be.

However, there is some functionality that only works with 32-bit
pointers.  In this case, it's gethostbyname(), getservbyname() and
accompanying structures, so we need to make sure that we define our
own pointers as 32-bit ones.

Furthermore, there seems to be a bug in VMS C netdb.h, where struct
addrinfo is always defined with 32-bit pointers no matter what, but
the functions handling it are adapted to the initial pointer size.
This leads to pointer size warnings when compiling with
/POINTER_SIZE=64.  The workaround is to force struct addrinfo to be
the 64-bit variant if the initial pointer size is 64.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-30 20:25:08 +02:00
Richard Levitte
622c7e99a9 Rearrange the use of 'proto' in BIO_lookup
'proto' wasn't properly used as a fallback in all appropriate cases.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-30 18:45:33 +02:00
Dr. Stephen Henson
d2ec189fdd Remove X509_PUBKEY lock.
Cache the decoded public key when an X509_PUBKEY structure is initially
parsed so no locking is required. Ignore any decode errors.

When an application calls X509_PUBKEY_get0() subsequently it will either
get the cached key or the decode operation will be repeated which will
return an appropriate error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-30 14:01:45 +01:00
Richard Levitte
84af71a916 Break out DllMain from crypto/cryptlib.c and use it in shared libs only
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-30 11:22:42 +02:00
Richard Levitte
dcdb4028b3 Adapt bf_lbuf for opaque BIO
Also, have it always be built, even though it's only (currently) used
on VMS.  That will assure it will get the same changes as all others.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-30 04:35:14 +02:00
Viktor Dukhovni
4d9e33acb2 Require intermediate CAs to have basicConstraints CA:true.
Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing.  That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 20:54:34 -04:00
Matt Caswell
222e620baf Fix the zlib config option
The zlib config option was broken by the BIO opacity changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 23:57:25 +01:00
David Benjamin
fe56d8e8a3 RT 4393: Call EC_GROUP_order_bits in priv2opt.
The private key is a scalar and should be sized by the order, not the
degree. See RFC 5915.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-29 20:03:48 +02:00
Matt Caswell
a146ae55ba Make BIO opaque
Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
f334461fac Add functions for creating BIO_METHODs
BIO_METHODs are soon to be opaque so we need to have functions available
to set them up.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
FdaSilvaYY
1a50b8139a Fix a big leak when using stack-allocated BIO items.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-29 17:40:54 +01:00
Andy Polyakov
bbe9769ba6 poly1305/asm/poly1305-x86.pl: don't loose 59-th bit.
RT#4439

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-29 09:55:43 +02:00
Andy Polyakov
0f3ab9a34c crypto/seed: add small-footprint path.
The space saving is >5x on x86_64 at ~40% performance penalty.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 09:53:51 +02:00
Richard Levitte
828d04afe4 VMS: update the properties of symbol search
In this OpenSSL version, we deliver engines with lower case symbol
names.  The DSO symbol finder must be updated to allow for mixed case
symbols or it won't fine them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-23 19:58:12 +01:00
Rich Salz
921de151d2 Move dso.h to internal
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 09:12:11 -04:00
Rich Salz
3d8b2ec42b Remove several unused undocumented functions.
Removed the following:
    DSO_bind_var, DSO_bind_var, DSO_get_default_method,
    DSO_get_loaded_filename, DSO_get_loaded_filename, DSO_get_method,
    DSO_new_method, DSO_pathbyaddr, DSO_set_default_method, DSO_set_method,
    DSO_set_name_converter, DSO_set_name_converter

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 08:34:33 -04:00
FdaSilvaYY
de70582410 Fix error code
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-23 08:15:55 -04:00
Richard Levitte
ac722c9af0 Small fixups in DSO
- VMS configs had no dso_scheme
- Incorrect return of NULL method.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-23 08:40:56 +01:00
Rob Percival
7def9fae39 Removed unused fields of CT_POLICY_EVAL_CTX
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-22 21:58:04 -04:00
Dr. Stephen Henson
d577a69a0f remove unused references field
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-22 19:42:19 +00:00
Rich Salz
38186bfd4e Have only one DSO_METHOD_openssl
Instead of have every DSO_METHOD_xxx in all platforms, ensure that only
one DSO_METHOD_openssl is available on all platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-22 13:35:03 -04:00
Rich Salz
73decf5975 Make DSO opaque.
This was really easy.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-22 13:16:54 -04:00
Dr. Stephen Henson
29fa0a1af4 Make X509_PUBKEY opaque
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 15:28:11 +00:00
Dr. Stephen Henson
91829e456c move x_pubkey.c to crypto/x509
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 15:28:11 +00:00
David Benjamin
04f6b0fd91 RT4660: BIO_METHODs should be const.
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:49:10 -04:00
Rob Percival
367071f121 Adds s2i function for ct_precert_poison X509 extension
Allows CONF files for certificate requests to specify that a pre-
certificate should be created (see RFC6962).

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-21 13:02:12 -04:00
Steven Linsell
55327ddfc1 Fix memory leak where fdlookup linked list is not freed during
ASYNC_WAIT_CTX_free

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-21 16:57:34 +00:00
Matt Caswell
f9e5503412 Fix no-sock
Misc fixes for no-sock

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:33:59 +00:00
Dr. Stephen Henson
ac19ae151c Don't use hardcoded values for types
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-21 15:19:35 +00:00
Matt Caswell
8d9fb8c8db Fix no-seed
Fix compilation with --strict-warnings and no-seed

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-21 14:42:46 +00:00
Matt Caswell
83ae8124de Fix no-dsa
Misc fixes for no-dsa.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 14:28:56 +00:00
Andy Polyakov
b75ac3c2a3 Build system: VC-WIN64I fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 11:44:27 +01:00
Andy Polyakov
acf1525966 Windows build system: get uplink right.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 11:27:57 +01:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Viktor Dukhovni
89ff989d01 Add a comment on dane_verify() logic
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-20 21:03:47 -04:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Rich Salz
d57611ea1f ct_int.h only needed by crypto/ct
Merge ct_int.h into ct_locl.h

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-20 16:02:22 -04:00
Dr. Stephen Henson
99cccf3643 constify DSA_SIG_get0()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-20 19:56:56 +00:00
Rich Salz
01ce6f746d Move blake2_loclh to blake2 directory
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-20 15:15:08 -04:00
Dr. Stephen Henson
34c2db9b56 constify ECDSA_SIG_get0()
PR#4436

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-19 22:04:38 +00:00
Schüller Felix
c6aca19bb5 Don't free up EVP_MD_CTX.
Don't free up passed EVP_MD_CTX in ASN1_item_sign_ctx(). This
simplifies handling and retains compatiblity with previous behaviour.

PR#4446

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-03-19 01:02:02 +00:00
Richard Levitte
1c0e7dadab Correct incorrect path
In crypto, buildinf.h depends on ../configdata.pm, not ./configdata.pm

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 01:25:37 +01:00
Richard Levitte
f38526357e Implement support for no-ts
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 20:17:19 +01:00
Matt Caswell
96bea0002b Fix no-des
Numerous fixes for no-des.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 17:07:11 +00:00
Matt Caswell
b4a3aeebd9 Fix no-cmac
There were a couple of CMAC references without OPENSSL_NO_CMAC guards.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 17:07:11 +00:00
Matt Caswell
114de5b595 Ensure that no-comp functions are flagged as such
mkdef.pl was not detecting no-comp functions. This updates the header file
so that mkdef.pl detects that no-comp applies, and the functions are marked
accordingly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 12:09:27 +00:00
Matt Caswell
c4aede204e Mark OCB as an AEAD cipher
OCB is AEAD capable but was not marked as such with the
EVP_CIPH_FLAG_AEAD_CIPHER flag.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-18 12:05:29 +00:00
Matt Caswell
ffe9150b15 Fix a potential double free in EVP_DigestInit_ex
There is a potential double free in EVP_DigestInit_ex. This is believed
to be reached only as a result of programmer error - but we should fix it
anyway.

Issue reported by Guido Vranken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 11:40:00 +00:00
Rich Salz
507c7c0ed6 Fix build; CPP syntax error.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-18 07:35:18 -04:00
Rich Salz
1fbab1dc6f Remove Netware and OS/2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 17:06:57 -04:00
Rich Salz
23d38992fc Remove ultrix/mips support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 15:29:15 -04:00
Dr. Stephen Henson
4f59fd4d55 Use correct C format for keysets.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 19:08:07 +00:00
Ben Laurie
43c1fd6b64 Deal with DSA_SIG opaqueness.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-16 18:26:06 +00:00