wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12686 commits 20 branches 302 tags 153 MiB
Commit graph

12686 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
73e45b2dd1 remove OPENSSL_FIPSAPI 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
b2ecc05a9a remove FIPS_*_SIZE_T 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
916e56208b remove FIPS module code from crypto/evp 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
ebdf37e4b1 remove FIPS module code from crypto/bn 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1c98de6d81 remove FIPS module code from crypto/ecdh 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
dbfbe10a1f remove FIPS module code from crypto/ecdsa 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1bfffe9bd0 Remove FIPS module code from crypto/dh 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
fce8311cae remove FIPS module code from crypto/dsa 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
8d73db288f remove FIPS module code from crypto/rsa 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
05417a3476 Remove FIPS error library from openssl.ec mkerr.pl 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
cc2f1045d1 make depend 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
4fa579c58d Remove fips.h reference. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9 Remove fips_constseg references. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
85129ab579 remove another FIPSCANISTER reference 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
b3da6f496b remove unnecessary OPENSSL_FIPS reference 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:37 +00:00
Dr. Stephen Henson
c603c723ce Remove OPENSSL_FIPSCANISTER code. 
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:16 +00:00
Dr. Stephen Henson
225fce8a98 Remove FIPSCANISTERINTERNAL reference. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:23:54 +00:00
Dr. Stephen Henson
a42366a406 Remove fips utility build rules from test/Makefile 
The fips test utilities are only build if an FIPS module is being
built from source. As this isn't done in master these are redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:23:48 +00:00
Dr. Stephen Henson
f072785eb4 Remove fipscanister build functionality from makefiles. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:23:45 +00:00
Dr. Stephen Henson
78c990c156 Remove fipscanister from Configure, delete fips directory 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:18:43 +00:00
Dr. Stephen Henson
00b4ee7664 Remove some unnecessary OPENSSL_FIPS references 
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:18:43 +00:00
Matt Caswell
0c1bd7f03f Add CHANGES entry for OCB 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:29:11 +00:00
Matt Caswell
3feb63054a Added OPENSSL_NO_OCB guards 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:29:03 +00:00
Matt Caswell
e4bbee9633 Add documentation for OCB mode 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:28:56 +00:00
Matt Caswell
d827c5edb5 Add tests for OCB mode 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:28:47 +00:00
Matt Caswell
e6b336efa3 Add EVP support for OCB mode 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:28:34 +00:00
Matt Caswell
c857a80c9d Add support for OCB mode as per RFC7253 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 10:27:56 +00:00
Emilia Kasper
376e2ca3e3 Clarify the return values for SSL_get_shared_curve. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-05 18:31:21 +01:00
Emilia Kasper
740580c2b2 Add extra checks for odd-length EC curve lists. 
Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
be extra careful and add guards against off-by-one reads.

Also, drive-by replace inexplicable double-negation with an explicit comparison.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-05 16:57:58 +01:00
Emilia Kasper
33d5ba8629 Reject elliptic curve lists of odd lengths. 
The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.

Thanks to Felix Groebert of the Google Security Team for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-05 16:32:39 +01:00
Emilia Kasper
f50ffd10fa Fix broken build 
Add includes missing from commit 33eab3f6af

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
 2014-12-05 16:18:20 +01:00
Kurt Roeckx
33eab3f6af Replace GOST_R_MALLOC_FAILURE and GOST_R_NO_MEMORY with ERR_R_MALLOC_FAILURE 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Kurt Roeckx
f6fa7c5347 capi_get_provname: Check return values 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
f5905ba341 ssl_create_cipher_list: check whether push onto cipherstack succeeds 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
b3b966fb87 ssl_cert_dup: Fix memory leak 
Always use goto err on failure and call ssl_cert_free() on the error path so all
fields and "ret" itself are freed

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Kurt Roeckx
6c42b39c95 dtls1_new: free s on error path 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
241e2dc936 dtls1_heartbeat: check for NULL after allocating s->cert->ctypes 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
d15f5df70d dtls1_process_heartbeat: check for NULL after allocating buffer 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
b1a08ac71f capi_get_key: check for NULL after allocating key 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
8607322765 capi_cert_get_fname: check for NULL after allocating wfname 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
e2140501fd capi_get_provname: free name on error if it was malloc'ed 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
0716f9e405 pkey_gost_mac_keygen: check for NULL after allocating keydata 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
787e992965 pkey_gost_ctrl: check for NULL after allocating pctx->shared_ukm 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:43 +01:00
Kurt Roeckx
12478cc449 Update changes to indicate that SSLv2 support has been removed 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-04 15:51:28 +01:00
Matt Caswell
71c16698fa Remove incorrect code inadvertently introduced through commit 59669b6ab. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-04 14:17:50 +00:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support 
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 11:55:03 +01:00
Rich Salz
616f71e486 New location on website for binaries. 
Reviewed-by: Bodo Moeller <bodo@openssl.org>
 2014-12-03 10:55:31 -05:00
Matt Caswell
4bb8eb9ce4 Remove "#if 0" code 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-03 09:25:00 +00:00
Matt Caswell
047f21593e Only use the fallback mtu after 2 unsuccessful retransmissions if it is less 
than the mtu we are already using

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-03 09:24:53 +00:00
Matt Caswell
464ce92026 Updates to s_client and s_server to remove the constant 28 (for IPv4 header 
and UDP header) when setting an mtu. This constant is not always correct (e.g.
if using IPv6). Use the new DTLS_CTRL functions instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-03 09:24:41 +00:00