Matt Caswell
5784a52145
Implement internally opaque bn access from ec
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:47 +00:00
Matt Caswell
c0d4390194
Implement internally opaque bn access from dsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:41 +00:00
Matt Caswell
829ccf6ab6
Implement internally opaque bn access from dh
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:32 +00:00
Matt Caswell
76b2a02274
Implement internally opaque bn access from asn1
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:26 +00:00
Matt Caswell
7a5233118c
Prepare exptest for bn opaquify
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:19 +00:00
Matt Caswell
85bcf27ccc
Prepare for bn opaquify. Implement internal helper functions.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Matt Caswell
dd703de022
Remove internal bn dependancies from speed.c
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:39:38 +00:00
Geoff Thorpe
e52a3c3d14
Include <openssl/foo.h> instead of "foo.h"
...
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.
Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Matt Caswell
41bf250130
Fixed memory leak in the event of a failure of BUF_MEM_grow
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-08 16:43:25 +00:00
Matt Caswell
76e6509085
Fix memory leak in SSL_new if errors occur.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-08 16:42:59 +00:00
Dr. Stephen Henson
7bca0a1db5
Remove fips directories from mkfiles.pl
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 14:01:47 +00:00
Dr. Stephen Henson
71a5f534f1
Remove references to deleted fips directory from Makefile.org
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
73e45b2dd1
remove OPENSSL_FIPSAPI
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
b2ecc05a9a
remove FIPS_*_SIZE_T
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
916e56208b
remove FIPS module code from crypto/evp
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
ebdf37e4b1
remove FIPS module code from crypto/bn
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1c98de6d81
remove FIPS module code from crypto/ecdh
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
dbfbe10a1f
remove FIPS module code from crypto/ecdsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1bfffe9bd0
Remove FIPS module code from crypto/dh
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
fce8311cae
remove FIPS module code from crypto/dsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
8d73db288f
remove FIPS module code from crypto/rsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
05417a3476
Remove FIPS error library from openssl.ec mkerr.pl
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
cc2f1045d1
make depend
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
4fa579c58d
Remove fips.h reference.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9
Remove fips_constseg references.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
85129ab579
remove another FIPSCANISTER reference
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
b3da6f496b
remove unnecessary OPENSSL_FIPS reference
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
c603c723ce
Remove OPENSSL_FIPSCANISTER code.
...
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:16 +00:00
Dr. Stephen Henson
225fce8a98
Remove FIPSCANISTERINTERNAL reference.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:54 +00:00
Dr. Stephen Henson
a42366a406
Remove fips utility build rules from test/Makefile
...
The fips test utilities are only build if an FIPS module is being
built from source. As this isn't done in master these are redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:48 +00:00
Dr. Stephen Henson
f072785eb4
Remove fipscanister build functionality from makefiles.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Dr. Stephen Henson
78c990c156
Remove fipscanister from Configure, delete fips directory
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:18:43 +00:00
Dr. Stephen Henson
00b4ee7664
Remove some unnecessary OPENSSL_FIPS references
...
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:18:43 +00:00
Matt Caswell
0c1bd7f03f
Add CHANGES entry for OCB
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:29:11 +00:00
Matt Caswell
3feb63054a
Added OPENSSL_NO_OCB guards
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:29:03 +00:00
Matt Caswell
e4bbee9633
Add documentation for OCB mode
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:56 +00:00
Matt Caswell
d827c5edb5
Add tests for OCB mode
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:47 +00:00
Matt Caswell
e6b336efa3
Add EVP support for OCB mode
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:34 +00:00
Matt Caswell
c857a80c9d
Add support for OCB mode as per RFC7253
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:27:56 +00:00
Emilia Kasper
376e2ca3e3
Clarify the return values for SSL_get_shared_curve.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-05 18:31:21 +01:00
Emilia Kasper
740580c2b2
Add extra checks for odd-length EC curve lists.
...
Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
be extra careful and add guards against off-by-one reads.
Also, drive-by replace inexplicable double-negation with an explicit comparison.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-05 16:57:58 +01:00
Emilia Kasper
33d5ba8629
Reject elliptic curve lists of odd lengths.
...
The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.
Thanks to Felix Groebert of the Google Security Team for reporting this issue.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-05 16:32:39 +01:00
Emilia Kasper
f50ffd10fa
Fix broken build
...
Add includes missing from commit 33eab3f6af
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-12-05 16:18:20 +01:00
Kurt Roeckx
33eab3f6af
Replace GOST_R_MALLOC_FAILURE and GOST_R_NO_MEMORY with ERR_R_MALLOC_FAILURE
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Kurt Roeckx
f6fa7c5347
capi_get_provname: Check return values
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Jonas Maebe
f5905ba341
ssl_create_cipher_list: check whether push onto cipherstack succeeds
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Jonas Maebe
b3b966fb87
ssl_cert_dup: Fix memory leak
...
Always use goto err on failure and call ssl_cert_free() on the error path so all
fields and "ret" itself are freed
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Kurt Roeckx
6c42b39c95
dtls1_new: free s on error path
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Jonas Maebe
241e2dc936
dtls1_heartbeat: check for NULL after allocating s->cert->ctypes
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00
Jonas Maebe
d15f5df70d
dtls1_process_heartbeat: check for NULL after allocating buffer
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 23:48:44 +01:00