Commit graph

16648 commits

Author SHA1 Message Date
Richard Levitte
2036fd5046 Document the enhancements for DEPEND and INCLUDE and use a better example
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-25 18:06:06 +02:00
Richard Levitte
8d34daf0ce Build system: add include directories and dependencies for generators
In the case of generating a file like this:

    GENERATE[foo.S]=mkfoo.pl arg1 arg2

the 'mkfoo.pl' generator itself might need to include other files,
such as perl modules within our source tree.  We can reuse already
existing syntax for it, like this:

    INCLUDE[mkfoo.pl]=module/path

or:

    DEPEND[mkfoo.pl]=modules/mymodule.pm

This change implements the support for such constructs, and for the
DEPEND statement, for any value that indicates a perl module (.pm
file), it will automatically infer an INCLUDE statement for its
directory, just like it does for C header files, so you won't have do
write this:

    DEPEND[mkfoo.pl]=modules/mymodule.pm
    INCLUDE[mkfoo.pl]=modules

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-25 18:06:06 +02:00
Rich Salz
79356a83b7 Fix NULL deref in apps/pkcs7
Thanks to Brian Carpenter for finding and reporting this.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-25 11:44:24 -04:00
Viktor Dukhovni
1755d46012 API compat macros for renamed X509_STORE_CTX functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-25 07:46:10 -04:00
Andy Polyakov
670ad0fbf6 s390x assembly pack: cache capability query results.
IBM argues that in certain scenarios capability query is really
expensive. At the same time it's asserted that query results can
be safely cached, because disabling CPACF is incompatible with
reboot-free operation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-04-25 11:53:45 +02:00
Andy Polyakov
299ccadcdb crypto/sparc_arch.h: reserve more SPARCv9 capability bits.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-25 11:50:54 +02:00
Andy Polyakov
a82a9f71ad chacha/asm/chacha-ppc.pl: get misalignment corner case right on big-endian.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-25 11:48:44 +02:00
Kazuki Yamaguchi
acde647fb0 Fix EC_KEY_set_private_key() to call key->group->meth->set_private()
Fix a bug introduced by 6903e2e7e9 (Extended EC_METHOD customisation
support., 2016-02-01). key->meth->set_private() is wrongly called where
it should call key->group->meth->set_private().

PR#4517

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-23 04:24:27 +01:00
Dr. Stephen Henson
9f13d4dd5e add test for CVE-2016-2109
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-23 00:29:04 +01:00
Dr. Stephen Henson
53e409db61 In d2i_test return error for malloc failure.
Bad ASN.1 data should never be able to trigger a malloc failure so return
an error in d2i_test if a malloc failure occurs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-23 00:29:03 +01:00
Dr. Stephen Henson
c62981390d Harden ASN.1 BIO handling of large amounts of data.
If the ASN.1 BIO is presented with a large length field read it in
chunks of increasing size checking for EOF on each read. This prevents
small files allocating excessive amounts of data.

CVE-2016-2109

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-23 00:26:43 +01:00
Richard Levitte
ddc606c914 Warn when doing an out-of-source build and finding in-source build artifacts
The reason to warn is that configuration *may* pick up on
configuration header files that are in the source tree, that might be
for a wildly different configuration than what is expected in the
current out-of-source configuration.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-22 18:20:47 +02:00
Viktor Dukhovni
e2ab7fb343 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-22 10:41:57 -04:00
Viktor Dukhovni
9f6b22b814 Enabled DANE only when at least one TLSA RR was added
It is up to the caller of SSL_dane_tlsa_add() to take appropriate
action when no records are added successfully or adding some records
triggers an internal error (negative return value).

With this change the caller can continue with PKIX if desired when
none of the TLSA records are usable, or take some appropriate action
if DANE is required.

Also fixed the internal ssl_dane_dup() function to properly initialize
the TLSA RR stack in the target SSL handle.  Errors in ssl_dane_dup()
are no longer ignored.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-22 10:41:57 -04:00
Matt Caswell
ee85fc1dd6 Don't set peer_tmp until we have finished constructing it
If we fail halfway through constructing the peer_tmp EVP_PKEY but we have
already stored it in s->s3->peer_tmp then if anything tries to use it then
it will likely fail. This was causing s_client to core dump in the
sslskewith0p test. s_client was trying to print out the connection
parameters that it had negotiated so far. Arguably s_client should not do
that if the connection has failed...but given it is existing functionality
it's easier to fix libssl.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-22 15:37:17 +01:00
Dr. Stephen Henson
48c1e15ceb Extensions to d2i_test.
Using ASN1_ITEM tables in d2i_test: this then uses consistent names and
makes it easier to extend.

Add bio, reencode and compare tests.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-22 15:00:36 +01:00
Matt Caswell
f0483bf7d2 Fix capi engine for no-dsa
The capi engine was failing to compile on Windows if the no-dsa option
was selected.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 14:42:15 +01:00
Matt Caswell
54c010ab80 Fix no-dsa on Windows/VMS
The no-dsa option was failing on Windows because some symbols were not
correctly flagged in libcrypto.num. Problem found due to the new symbol
consistency test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 14:42:15 +01:00
Matt Caswell
04e381ff17 Fix the indentation of OPENSSL_NO_STDIO in pem.h
Some pre-processor macros were incorrectly indented

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 14:42:15 +01:00
Matt Caswell
b04e5c12c2 Fix no-cmac on Windows/VMS
no-cmac was failing on Windows/VMS due to libcrypto.num not marking the
CMAC functions properly. Found due to the new symbol consistency test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 14:39:30 +01:00
Rich Salz
596d6b7e1c Unified copyright for test recipes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 07:58:47 -04:00
Richard Levitte
3f8f728278 Add a best effort test to check shared library consistency
Our main development platforms are of the Unix family, which doesn't
have the same strictness regarding a shared library being consistent
with the contents of the ld script (.map file, on Linux and Solaris)
as Windows is with the contents of the .def file or VMS is with the
linker symb_vector option.

To eliminate surprises, we therefore need to make sure to check that
the contents of the .map file is matched with the shared library, at
least to check that the shared library isn't missing any symbols that
should be present.

This test isn't absolutely perfect, as it will only check the symbols
that would be present on Linux / Solaris and will therefore miss those
that would only appear on Windows or VMS.  On the other hand, those
platform specific are few and far apart in time, so it's not likely
they will pose a problem.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-22 12:55:48 +02:00
Dr. Stephen Henson
2ac7753c10 Fix CRYPTO_clear_realloc() bug.
If allocation in CRYPTO_clear_realloc() fails don't free up the original
buffer: this is consistent with the behaviour of realloc(3) and is expected
in other places in OpenSSL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-21 23:56:44 +01:00
Richard Levitte
e38bd9489a Update the Configurations READMEs
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-04-22 00:18:01 +02:00
Matt Caswell
5951e840d9 Fix no-ocsp on Windows (and probably VMS)
The ocsp.h file did not have appropriate guards causing link failures on
Windows.

GH Issue 900

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 17:03:02 +01:00
Matt Caswell
5d94e5b65a Remove some unneccessary assignments to argc
openssl.c and ts.c assign the value of opt_num_rest() to argc, but then
only use the value once.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Matt Caswell
3ad4af89cf Remove some unused argc assignments
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Matt Caswell
dfefe7ec1e Fix a missing return value check in v3_addr
All other instances of extract_min_max are checked for an error return,
except this one.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Matt Caswell
bcc31778e3 Add missing return value check in pkcs8 app
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Matt Caswell
e69f2a223c Add missing return value checks
Also correct the return value from the the "prime" application

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Matt Caswell
46da5f9ca9 Fix missing break in option parsing
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Matt Caswell
56e253477d Remove some dead code
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Matt Caswell
d278284e74 Fix some code maintenance issues
Various instances of variables being written to, but then never read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Davide Galassi
a043d0b91d BIO socket connect failure was not handled correctly.
The state was always set to BIO_CONN_S_OK.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 21:26:01 +02:00
Michel
098a23828f Fix missing IDEA renames (windows build)
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 14:48:54 -04:00
Rich Salz
c2f312f5c2 Copyright consolidation script
With Richard Levitte.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 14:47:18 -04:00
Richard Levitte
9bf6eff7fe Travis: _srcdist, not _srcdir
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-20 18:39:01 +02:00
Matt Caswell
00deac3ef6 Fix no-ui on Windows
Ensure public functions have appropriate guards in header files.

GH Issue 899

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 16:49:27 +01:00
Rich Salz
ac3d0e1377 Copyright consolidation; .pm and Configure
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:40:05 -04:00
Rich Salz
3fb2cf1ad1 Update copyright; generated files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:33:15 -04:00
Richard Levitte
45c6e23c97 Remove --classic build entirely
The Unix build was the last to retain the classic build scheme.  The
new unified scheme has matured enough, even though some details may
need polishing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 16:04:56 +02:00
Matt Caswell
f863ad0c59 Fix no-sock on Windows
Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_SOCK

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:46 +01:00
Matt Caswell
2469e76b30 Include winsock2.h even if compiling no-sock
We need the struct timeval definition from winsock2.h even if we're not
going to call any socket functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:46 +01:00
Matt Caswell
d6e03b7077 Don't use select on Windows
Windows "select" only works for sockets so don't use it to wait for async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:46 +01:00
Matt Caswell
505f74ca34 Cascade no-dgram from no-sock in Configure not e_os.h
e_os.h was defining OPENSSL_NO_DGRAM if OPENSSL_NO_SOCK was defined.
This causes link problems on Windows because the generated .def files
still contain the DGRAM symbols even though they have not been compiled.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:46 +01:00
Matt Caswell
9fb80e3ceb Fix no-dgram on Windows
Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_DGRAM

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:45 +01:00
Rich Salz
e0a651945c Copyright consolidation: perl files
Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:45:40 -04:00
Rainer Jung
ecba1fb386 Fix warnings installing pod files
Fixes some links in the pod files

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-20 13:27:24 +01:00
Andy Polyakov
3acfc40a7e Configurations: fix typo in 50-masm.conf.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:55:17 +02:00
Andy Polyakov
6944565bd5 evp/aes_aes.c: engage Fujitsu SPARC64 X AES support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:57:43 +02:00