wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
17419 commits 20 branches 302 tags 153 MiB
Commit graph

8328 commits

Author SHA1 Message Date
FdaSilvaYY
c7d13c138c Constify X509|X509_CRL|X509_REVOKED_get_ext 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
7569362ebb Constify ... X509|X509_CRL|X509_REVOKED|_get_ext*() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
fdaf7beec5 Constify ... 
X509_REVOKED_get0_extensions
X509_check_private_key

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
84de54b91e Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ... 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
a6a283b394 Constify i2s_ASN1_INTEGER, X509V3_get_d2i 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
333ed02c8a Constify input parameters of methods : 
- X509_NAME_entry_count, X509_ATTRIBUTE_count
 - X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
d3d5dc607a Enforce and explicit some const casting 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
e83f154f6c Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT. 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
dbf89a9b94 Constify ASN1_buf_print 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
08275a29c1 Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co... 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
0aa25a68c0 Constify SXNET_add_id_* 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
25d57dc71b Constify EC_KEY_*_oct2priv() input buffer 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
c17dd597ac Constify CMS_decrypt_set1_key input buffer 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
FdaSilvaYY
b4bb825fff Constify engine/eng_cnf.c internal method. 
simplify and reindent some related code.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
Jakub Zelenka
c1054bb4d2 Add EVP_ENCODE_CTX_copy 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1344)
 2016-07-24 19:23:00 +01:00
Richard Levitte
f46c2597ab Properly initialise the internal proxy certificate path length cache 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-23 11:35:30 +02:00
Richard Levitte
9961cb7768 Make it possible for external code to flag a certificate as a proxy one. 
This adds the function X509_set_proxy_flag(), which sets the internal flag
EXFLAG_PROXY on a given X509 structure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-23 11:35:23 +02:00
Dr. Stephen Henson
626aa24849 Use newest CRL. 
If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.

RT#4615

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-22 16:13:56 +01:00
Dr. Stephen Henson
0ed26acce3 Fix OOB read in TS_OBJ_print_bio(). 
TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-07-22 15:15:17 +01:00
Kurt Roeckx
1618679ac4 Cast to an unsigned type before negating 
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in type
'long'; cast to an unsigned type to negate this value to itself

Found using afl

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1325
 2016-07-20 19:25:16 +02:00
Kurt Roeckx
69588edbaa Check for errors allocating the error strings. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
 2016-07-20 19:20:53 +02:00
Dr. Stephen Henson
8cc44d970c Don't allocate r/s in DSA_SIG and ECDSA_SIG 
To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().

RT#4590

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-07-20 14:02:54 +01:00
Dr. Stephen Henson
23dd0c9f8d fix crypto-mdebug build 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-20 12:41:31 +01:00
FdaSilvaYY
e8aa8b6c8f Fix a few if(, for(, while( inside code. 
Fix some indentation at the same time

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)
 2016-07-20 07:21:53 -04:00
FdaSilvaYY
1c72f70df4 Use more X509_REQ_get0_pubkey & X509_get0_pubkey 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)
 2016-07-20 01:35:38 -04:00
Todd Short
415e7c488e OCSP_request_add0_id() inconsistent error return 
There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed

This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289)
 2016-07-20 01:24:57 -04:00
Richard Levitte
963f043d04 make update 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2016-07-19 23:49:54 +02:00
Richard Levitte
c2e4e5d248 Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead 
That way, we have a way to check if the init function was successful
or not.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2016-07-19 23:49:54 +02:00
Rich Salz
aebb9aac48 RT4593: Add space after comma (doc nits) 
Update find-doc-nits to find errors in SYNOPSIS (the most common
place where they were missing).

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-07-19 09:29:53 -04:00
mrpre
02f730b347 Cleanup after sk_push fail 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1281)
 2016-07-19 07:27:47 -04:00
Dr. Stephen Henson
ad72d9fdf7 Check and print out boolean type properly. 
If underlying type is boolean don't check field is NULL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-19 02:33:05 +01:00
Dr. Stephen Henson
3cea73a7fc Fix print of ASN.1 BIGNUM type. 
The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-18 17:53:05 +01:00
Matt Caswell
3c49b2e0cd Fix mingw build 
Mingw builds on Travis were failing because INT_MAX was undeclared.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-18 10:47:07 +01:00
Andy Polyakov
9515accaf9 aes/asm/aesfx-sparcv9.pl: switch to fshiftorx to improve single-block 
and short-input performance.

[Fix bug in misaligned output handling.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-07-16 23:38:44 +02:00
Andy Polyakov
8604a6e0e5 SPARC assembly pack: enforce V8+ ABI constraints. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-07-16 23:37:37 +02:00
Andy Polyakov
365f95ad53 evp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-16 23:37:31 +02:00
Andy Polyakov
d41de45a33 aes/asm/aesfx-sparcv9.pl: add "teaser" CBC and CTR subroutines. 
[Also optimize aligaddr usage in single-block subroutines.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-16 23:37:18 +02:00
Kurt Roeckx
5e3553c2de Return error when trying to print invalid ASN1 integer 
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1322
 2016-07-16 21:51:49 +02:00
Andy Polyakov
1fa0e5f8f1 crypto/LPdir_win.c: rationalize temporary allocations. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-07-16 20:31:12 +02:00
Andy Polyakov
46ea8e610d crypto/LPdir_win.c: harmonize with o_fopen.c. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-07-16 20:30:35 +02:00
Miroslav Franc
563c1ec618 fix memory leaks 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1313)
 2016-07-16 12:32:34 -04:00
Richard Levitte
28e90f69fb Remove the silly CVS markers from LPdir_*.c 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-16 07:58:23 +02:00
Richard Levitte
42306f9a93 Add back lost copyright and license text in LPdir_win.c 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-16 07:58:23 +02:00
Richard Levitte
8918a954bf Fix: dummy definition of rand_hw_seed() should also return int 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-07-15 18:00:02 +02:00
Richard Levitte
b8a7bd83e6 Fix ASN.1 private encode of EC_KEY to not change the input key 
RT#4611

Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-07-15 15:14:44 +02:00
Dr. Stephen Henson
d166ed8c11 check return values for EVP_Digest*() APIs 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-07-15 14:09:05 +01:00
Andy Polyakov
9c940446f6 crypto/x86[_64]cpuid.pl: add OPENSSL_ia32_rd[rand|seed]_bytes. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-07-15 13:20:52 +02:00
Dr. Stephen Henson
02fb7cfeb2 Add OCSP accessors. 
RT#4605

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-13 14:41:58 +01:00
Viktor Dukhovni
5ae4ceb92c Perform DANE-EE(3) name checks by default 
In light of potential UKS (unknown key share) attacks on some
applications, primarily browsers, despite RFC761, name checks are
by default applied with DANE-EE(3) TLSA records.  Applications for
which UKS is not a problem can optionally disable DANE-EE(3) name
checks via the new SSL_CTX_dane_set_flags() and friends.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-07-12 10:16:34 -04:00
Dr. Stephen Henson
5bd5dcd496 Add nameConstraints commonName checking. 
New hostname checking function asn1_valid_host()

Check commonName entries against nameConstraints: any CN components in
EE certificate which look like hostnames are checked against
nameConstraints.

Note that RFC5280 et al only require checking subject alt name against
DNS name constraints.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-07-11 23:30:04 +01:00