Commit graph

749 commits

Author SHA1 Message Date
FdaSilvaYY
4aed8756d8 Improve some error management code in CT
Separate invalid input case from any internal (malloc) failure

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-05 17:45:58 +01:00
FdaSilvaYY
e57036f2bf Fix some memory error handling in CT
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-05 17:45:58 +01:00
Dr. Stephen Henson
c2d551c019 Reorganise asn1.h and add comments.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-05 01:19:00 +01:00
Kurt Roeckx
dd850bcb39 Add old locking constants back
Fixes #1260

Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1266
2016-07-01 17:02:33 +02:00
Kurt Roeckx
453bff2267 Make CRYPTO_num_locks() return 1
malloc(0) might return NULL and code for the old callbacks might fail,
instead just say they should allocate 1 entry.

Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1266
2016-07-01 17:02:33 +02:00
Viktor Szakats
533bf1df55 ssl.h: spelling in comment
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1275)
2016-07-01 10:40:13 -04:00
FdaSilvaYY
c0c9c0c026 Constify a bit more OPENSSL_sk_ API
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1244)
2016-06-30 12:58:21 -04:00
Matt Caswell
fb5b14b420 Add some compat macros for removed tmp RSA functions/macros
Commit 361a119 removed all ciphersuites that could support temporary
RSA keys, therefore the associated functions were removed. We should have
"no-op" compatibility macros for these.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-30 15:47:00 +01:00
FdaSilvaYY
02e112a885 Whitespace cleanup in crypto
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
FdaSilvaYY
9d22666eb8 Spelling
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
Andy Polyakov
e0685d2473 rsa/rsa_lib.c: const-ify RSA_get0_engine().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-27 23:31:55 +02:00
Rich Salz
6f4a6a5cd4 RT4586: Remove RSA_memory_lock; unused, not needed
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-06-27 07:39:53 -04:00
Matt Caswell
1aca3618ff Fix some OPENSSL_API_COMPAT values
There are 3 OPENSSL_API_COMPAT values that are incorrect in the header
files, and one inconsistency between the header and the .c

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-27 11:28:29 +01:00
Ben Laurie
24bf6f3c7f Deal with API changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-24 14:40:33 +01:00
Matt Caswell
a6211814c4 Add a getter to obtain the HMAC_CTX md
As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md.

GitHub Issue #1152

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-06-24 13:22:40 +01:00
FdaSilvaYY
3c82e437bb Add checks on sk_TYPE_push() returned result
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 14:03:29 +01:00
FdaSilvaYY
687b486859 Rework error handling from asn1_do_lock method.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 14:00:47 +01:00
Andy Polyakov
eeac54ef6d crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-22 20:20:37 +02:00
FdaSilvaYY
f430ba31ac Spelling... and more spelling
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1245)
2016-06-22 00:26:10 +02:00
Richard Levitte
d0ba7bc8a0 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Richard Levitte
c8223538cb Check that the subject name in a proxy cert complies to RFC 3820
The subject name MUST be the same as the issuer name, with a single CN
entry added.

RT#1852

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Dr. Matthias St. Pierre
54f24e3ed4 RT3925: Remove trailing semi from macro
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-20 15:08:23 -04:00
huangqinjin
14f4656058 doc and comment fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1233)
2016-06-20 09:53:21 -04:00
Emilia Kasper
9267c11bb5 Make DSA_SIG and ECDSA_SIG getters const.
Reorder arguments to follow convention.

Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0.

This complements GH1193 which adds non-const setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 14:58:36 +02:00
Matt Caswell
1dcb8ca2a4 Use a STACK_OF(OPENSSL_CSTRING) for const char * stacks
Better than losing the const qualifier.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
6b44f2597e OpenBSD has intypes.h
Update e_os2.h so that inttypes.h is included.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
ac94c8fdb9 Improve const correctness for stacks of EVP_MD
EVP_MDs are always const, so stacks of them should be too. This silences
a warning about type punning on OpenBSD.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
98370c2dd7 constify SRP
Add const qualifiers to lots of SRP stuff. This started out as an effort
to silence some "type-punning" warnings on OpenBSD...but the fix was to
have proper const correctness in SRP.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Rich Salz
d3b64b89ed Fix GCC build; make update; fix number re-use
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 15:48:03 -04:00
Nathaniel McCallum
ebad0b0beb Add EVP_PKEY_get0_hmac() function
Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)
2016-06-16 13:33:47 -04:00
Matt Caswell
cf3404fcc7 Change the return type of EVP_EncodeUpdate
Previously EVP_EncodeUpdate returned a void. However there are a couple
of error conditions that can occur. Therefore the return type has been
changed to an int, with 0 indicating error and 1 indicating success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-16 09:50:48 +01:00
Richard Levitte
fd809cfdbd Constify the parameter getters for RSA, DSA and DH
Including documentation changes

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 20:09:27 +02:00
FdaSilvaYY
c8f717fe87 Constify input buffers of some X509V3 and X509_PURPOSE -related methods
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
82643254d6 Constify X509_TRUST_add method.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
fa3a84422d Constify some input buffers in asn1
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
dc423f898e Constify CMS_get0_type input
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
472f727c55 Constify UI
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
82af00fbdd Constify PKCS12_create, PKCS12_add_key, PKCS12_add_safe.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
Rich Salz
cda3ae5bd0 RT4562: Fix misleading doc on OPENSSL_config
Also changed the code to use "appname" not "filename"

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-14 12:30:37 -04:00
Peter Mosmans
b4b576d3b7 RT3454: Re-enable nistp-64_gcc_128 on windows
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-13 18:33:02 -04:00
TJ Saunders
1d454d58a8 Forgot to update the setter argument ordering in the public headers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
TJ Saunders
6a571a18dd Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.
SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given
the R and S values, and the data to be signed, by the client.  Thus in order
to validate these signatures, SSH2 implementations will digest and sign
the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects.

Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting
those R and S values in these objects, which makes using OpenSSL for such
SSH2 implementations much more difficult.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
Rich Salz
6670d55a84 Make a2i_ipadd an internal function
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-09 17:15:42 -04:00
Jeffrey Walton
2a7de0fd5d Fixes to get -ansi working
Various fixes to get the following to compile:

./config no-asm -ansi -D_DEFAULT_SOURCE

RT4479
RT4480

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 20:18:04 +01:00
Rich Salz
e417070c9f Add some accessor API's
GH1098: Add X509_get_pathlen() (and a test)
GH1097:  Add SSL_is_dtls() function.

Documented.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 11:37:06 -04:00
Matt Caswell
30b967651c Add SSL_CTX_get_tlsext_status_type()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-07 17:05:52 +01:00
Alessandro Ghedini
4300aaf351 Add SSL_get_tlsext_status_type() method
The tlsext_status_type field in SSL is used by e.g. OpenResty to determine
if the client requested the certificate status, but SSL is now opaque.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-07 17:05:52 +01:00
Matt Caswell
5584f65a10 Deprecate the flags that switch off constant time
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
off the constant time implementation for RSA, DSA and DH have been made
no-ops and deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-06 11:09:06 +01:00
FdaSilvaYY
3470795171 Constify X509V3_EXT_*_conf*
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
009951d24d Constify ASN1_generate_nconf
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00