Commit graph

12598 commits

Author SHA1 Message Date
Matt Caswell
5784a52145 Implement internally opaque bn access from ec
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:47 +00:00
Matt Caswell
c0d4390194 Implement internally opaque bn access from dsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:41 +00:00
Matt Caswell
829ccf6ab6 Implement internally opaque bn access from dh
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:32 +00:00
Matt Caswell
76b2a02274 Implement internally opaque bn access from asn1
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:26 +00:00
Matt Caswell
7a5233118c Prepare exptest for bn opaquify
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:19 +00:00
Matt Caswell
85bcf27ccc Prepare for bn opaquify. Implement internal helper functions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Matt Caswell
dd703de022 Remove internal bn dependancies from speed.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:39:38 +00:00
Geoff Thorpe
e52a3c3d14 Include <openssl/foo.h> instead of "foo.h"
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.

Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Matt Caswell
41bf250130 Fixed memory leak in the event of a failure of BUF_MEM_grow
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-08 16:43:25 +00:00
Matt Caswell
76e6509085 Fix memory leak in SSL_new if errors occur.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-08 16:42:59 +00:00
Dr. Stephen Henson
7bca0a1db5 Remove fips directories from mkfiles.pl
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 14:01:47 +00:00
Dr. Stephen Henson
71a5f534f1 Remove references to deleted fips directory from Makefile.org
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
73e45b2dd1 remove OPENSSL_FIPSAPI
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
b2ecc05a9a remove FIPS_*_SIZE_T
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
916e56208b remove FIPS module code from crypto/evp
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
ebdf37e4b1 remove FIPS module code from crypto/bn
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1c98de6d81 remove FIPS module code from crypto/ecdh
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
dbfbe10a1f remove FIPS module code from crypto/ecdsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1bfffe9bd0 Remove FIPS module code from crypto/dh
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
fce8311cae remove FIPS module code from crypto/dsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
8d73db288f remove FIPS module code from crypto/rsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
05417a3476 Remove FIPS error library from openssl.ec mkerr.pl
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
cc2f1045d1 make depend
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
4fa579c58d Remove fips.h reference.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9 Remove fips_constseg references.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
85129ab579 remove another FIPSCANISTER reference
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
b3da6f496b remove unnecessary OPENSSL_FIPS reference
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
c603c723ce Remove OPENSSL_FIPSCANISTER code.
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:16 +00:00
Dr. Stephen Henson
225fce8a98 Remove FIPSCANISTERINTERNAL reference.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:54 +00:00
Dr. Stephen Henson
a42366a406 Remove fips utility build rules from test/Makefile
The fips test utilities are only build if an FIPS module is being
built from source. As this isn't done in master these are redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:48 +00:00
Dr. Stephen Henson
f072785eb4 Remove fipscanister build functionality from makefiles.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Dr. Stephen Henson
78c990c156 Remove fipscanister from Configure, delete fips directory
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:18:43 +00:00
Dr. Stephen Henson
00b4ee7664 Remove some unnecessary OPENSSL_FIPS references
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:18:43 +00:00
Matt Caswell
0c1bd7f03f Add CHANGES entry for OCB
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:29:11 +00:00
Matt Caswell
3feb63054a Added OPENSSL_NO_OCB guards
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:29:03 +00:00
Matt Caswell
e4bbee9633 Add documentation for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:56 +00:00
Matt Caswell
d827c5edb5 Add tests for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:47 +00:00
Matt Caswell
e6b336efa3 Add EVP support for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:34 +00:00
Matt Caswell
c857a80c9d Add support for OCB mode as per RFC7253
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:27:56 +00:00
Emilia Kasper
376e2ca3e3 Clarify the return values for SSL_get_shared_curve.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-05 18:31:21 +01:00
Emilia Kasper
740580c2b2 Add extra checks for odd-length EC curve lists.
Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
be extra careful and add guards against off-by-one reads.

Also, drive-by replace inexplicable double-negation with an explicit comparison.

Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-05 16:57:58 +01:00
Emilia Kasper
33d5ba8629 Reject elliptic curve lists of odd lengths.
The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.

Thanks to Felix Groebert of the Google Security Team for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-05 16:32:39 +01:00
Emilia Kasper
f50ffd10fa Fix broken build
Add includes missing from commit 33eab3f6af

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-12-05 16:18:20 +01:00
Kurt Roeckx
33eab3f6af Replace GOST_R_MALLOC_FAILURE and GOST_R_NO_MEMORY with ERR_R_MALLOC_FAILURE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Kurt Roeckx
f6fa7c5347 capi_get_provname: Check return values
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Jonas Maebe
f5905ba341 ssl_create_cipher_list: check whether push onto cipherstack succeeds
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Jonas Maebe
b3b966fb87 ssl_cert_dup: Fix memory leak
Always use goto err on failure and call ssl_cert_free() on the error path so all
fields and "ret" itself are freed

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Kurt Roeckx
6c42b39c95 dtls1_new: free s on error path
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Jonas Maebe
241e2dc936 dtls1_heartbeat: check for NULL after allocating s->cert->ctypes
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Jonas Maebe
d15f5df70d dtls1_process_heartbeat: check for NULL after allocating buffer
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00