Commit graph

17488 commits

Author SHA1 Message Date
Kurt Roeckx
6c1f368d88 Fix typo of BN_zero()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:17:44 +02:00
Richard Levitte
ef8938c3e8 Forgotten make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 16:14:41 +02:00
Richard J. Moore
3c8537765c Const the ex data stuff too to fix warnings
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:13:27 +02:00
Richard J. Moore
4a9a0d9bcb Const EC_KEY_dup
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:13:27 +02:00
Wim Lewis
505aee296d Additional CMS content types from RFC 4073, RFC 5083, and RFC 5084.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1355)
2016-08-01 09:33:12 -04:00
FdaSilvaYY
0930e07d1e Useless allocation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
fd4b0c0832 Fix some style issues
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
55b09fe69a Add missing help string
Fix an error message

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
70c4e15612 Fix some awkward tests
Add some explanatory comments
Discard some useless parenthesis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
5f986ed32d Merge some conditional blocks of code.
Fix an #if check about rsa_count...

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
4d82c58b97 Simplify default inits, add const qualifiers
Simplify some loops to reuse k variable

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
8829ce3020 Cast to right type, simplify array args
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
3331e43b16 Fix sharing of two static variables
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
c5baa26663 ECDH test is only one operation to run
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
19075d58a7 Fix three missing global declarations.
Fix compilation without SIGALRM.
It don't link because of remaning alarm(0); call.

Convert engine_id variable to local one

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
Richard Levitte
2a600d7afd Fix return values of do_passwd() in apps/passwd.c
do_passwd() was returning 0 on success and 1 on failure.  However,
those values were interpreted the other way around.  The fix that
makes the most sense is to change what do_passwd() returns.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 15:16:27 +02:00
Matt Caswell
febb096c4c Fix bad result in i2b_PVK()
The function i2b_PVK() was returning a bad pointer causing subsequent
crashes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 12:11:21 +01:00
Matt Caswell
1e7c159d0d Fix param order in RSA_get0_key
Some calls to RSA_get0_key had the parameters in the wrong order causing a
failure.

GitHub Issue #1368

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 12:10:11 +01:00
Ben Laurie
68e71e9d00 Include what we use.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 11:30:33 +01:00
Ben Laurie
3260adf190 peer_tmp doesn't exist if no-ec no-dh.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 11:30:33 +01:00
Ben Laurie
620c6ad312 Fix various no-*s.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 11:30:33 +01:00
Andy Polyakov
087d3e8993 crypto/ui/ui_openssl.c: UTF-y Windows code path.
Windows never composes UTF-8 strings as result of user interaction
such as input query. The only way to compose one is programmatic
conversion from WCHAR string, which in turn can be picked up with
ReadConsoleW.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 10:10:28 +02:00
Andy Polyakov
4e155ec47e apps/openssl.c: UTF-y Windows argv.
Windows never composes UTF-8 strings as result of user interaction
such as passing command-line argument. The only way to compose one
is programmatic conversion from WCHAR string, which in turn can be
picked up on command line.

[For reference, why not wmain, it's not an option on MinGW.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 09:52:06 +02:00
Andy Polyakov
e72769aa41 Configurations/00-base-templates.conf: harmonize BASE_Windows.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 09:51:30 +02:00
Andy Polyakov
9c7ce40bfb Configurations/unix-Makefile.tmpl: add LC_ALL=C to unify messages.
RT#4138

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-31 17:08:02 +02:00
Andy Polyakov
abdb460d8a evp/bio_enc.c: perform enc_read operation without using overlapping buffers.
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-31 17:03:21 +02:00
Andy Polyakov
382bb0b294 test/smcont.txt: trigger assertion in bio_enc.c.
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-31 17:03:17 +02:00
Andy Polyakov
83151b73a4 evp/evp_enc.c: make assert error message more readable
and add EVPerr(PARTIALLY_OVERLAPPED)

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-31 17:03:11 +02:00
Richard J. Moore
e1f02308ae Fix the docs too
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-30 15:19:24 -04:00
Richard J. Moore
22293ea1cc Ignore the serial number for now and just do the rest.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-30 15:19:24 -04:00
Richard J. Moore
1421aeadd7 Make some more X509 functions const.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-30 15:19:24 -04:00
Viktor Szakats
e5452d40be rsa.c: fix incorrect guard for pvk-* options
This update syncs the #if guard protecting the pvk-* options
with the rest of the source handling those options. Also fix
some nearby whitespace.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1365)
2016-07-30 10:46:22 -04:00
Matt Caswell
58c27c207d Fix crash as a result of MULTIBLOCK
The MULTIBLOCK code uses a "jumbo" sized write buffer which it allocates
and then frees later. Pipelining however introduced multiple pipelines. It
keeps track of how many pipelines are initialised using numwpipes.
Unfortunately the MULTIBLOCK code was not updating this when in deallocated
its buffers, leading to a buffer being marked as initialised but set to
NULL.

RT#4618

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-30 11:46:20 +01:00
Matt Caswell
0fae81501a Fix bogus warnings
Fix some bogus "may be used uninitialized" warnings on some compilers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-30 10:38:28 +01:00
Dr. Stephen Henson
44c248b5ac print out MAC algorithm
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 23:25:47 +01:00
Dr. Stephen Henson
e032117db2 Fix CRL time comparison.
Thanks to David Benjamin <davidben@google.com> for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 18:47:57 +01:00
Matt Caswell
e040a42e44 Update the SSL_set_bio()/SSL_set0_rbio()/SSL_set0_wbio() docs
Update the documentation for the newly renamed and modified SSL_set0_rbio()
and SSL_set0_wbio() functions. State that they should be preferred over
SSL_set_bio(). Attempt to document the ownership rules for SSL_set_bio().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
65e2d67254 Simplify and rename SSL_set_rbio() and SSL_set_wbio()
SSL_set_rbio() and SSL_set_wbio() are new functions in 1.1.0 and really
should be called SSL_set0_rbio() and SSL_set0_wbio(). The old
implementation was not consistent with what "set0" means though as there
were special cases around what happens if the rbio and wbio are the same.
We were only ever taking one reference on the BIO, and checking everywhere
whether the rbio and wbio are the same so as not to double free.

A better approach is to rename the functions to SSL_set0_rbio() and
SSL_set0_wbio(). If an existing BIO is present it is *always* freed
regardless of whether the rbio and wbio are the same or not. It is
therefore the callers responsibility to ensure that a reference is taken
for *each* usage, i.e. one for the rbio and one for the wbio.

The legacy function SSL_set_bio() takes both the rbio and wbio in one go
and sets them both. We can wrap up the old behaviour in the implementation
of that function, i.e. previously if the rbio and wbio are the same in the
call to this function then the caller only needed to ensure one reference
was passed. This behaviour is retained by internally upping the ref count.

This commit was inspired by BoringSSL commit f715c423224.

RT#4572

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
9a7169870e Add some SSL BIO tests
This adds some simple SSL BIO tests that check for pushing and popping of
BIOs into the chain. These tests would have caught the bugs fixed in the
previous three commits, if combined with a crypto-mdebug build.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
b46fe860fe Fix BIO_pop for SSL BIOs
The BIO_pop implementation assumes that the rbio still equals the next BIO
in the chain. While this would normally be the case, it is possible that it
could have been changed directly by the application. It also does not
properly cater for the scenario where the buffering BIO is still in place
for the write BIO.

Most of the existing BIO_pop code for SSL BIOs can be replaced by a single
call to SSL_set_bio(). This is equivalent to the existing code but
additionally handles the scenario where the rbio has been changed or the
buffering BIO is still in place.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
eddef30589 Fix BIO_push ref counting for SSL BIO
When pushing a BIO onto an SSL BIO we set the rbio and wbio for the SSL
object to be the BIO that has been pushed. Therefore we need to up the ref
count for that BIO. The existing code was uping the ref count on the wrong
BIO.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
8e3854ac88 Don't double free the write bio
When setting the read bio we free up any old existing one. However this can
lead to a double free if the existing one is the same as the write bio.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
7fb4c82035 Add a test for SSL_set_bio()
The SSL_set_bio() function has some complicated ownership rules. This adds a
test to make sure it all works as expected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
0647719d80 Make the checks for an SSLv2 style record stricter
SSLv2 is no longer supported in 1.1.0, however we *do* still accept an SSLv2
style ClientHello, as long as we then subsequently negotiate a protocol
version >= SSLv3. The record format for SSLv2 style ClientHellos is quite
different to SSLv3+. We only accept this format in the first record of an
initial ClientHello. Previously we checked this by confirming
s->first_packet is set and s->server is true. However, this really only
tells us that we are dealing with an initial ClientHello, not that it is
the first record (s->first_packet is badly named...it really means this is
the first message). To check this is the first record of the initial
ClientHello we should also check that we've not received any data yet
(s->init_num == 0), and that we've not had any empty records.

GitHub Issue #1298

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-07-29 12:42:40 +01:00
Rich Salz
1a62777163 Various doc fixes.
Cannot nest B<> tags
Document "openssl speed" command.
Fix doc nits: missing NAME/SYNOPSIS stuff

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-07-28 17:00:05 -04:00
Emilia Kasper
29df3061b3 Add memory sanitizer config, and run on travis.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-28 21:43:27 +02:00
Dr. Stephen Henson
976ef6adcc Note cipher BIO write errors too.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 22:42:31 +01:00
David Benjamin
e125c12f57 Use sk_CONF_VALUE_pop_free in do_ext_nconf error path.
8605abf135 fixed the nval leak, but it
used free instead of pop_free. nval owns its contents, so it should be
freed with pop_free. See the pop_free call a few lines down.

This is a no-op as, in this codepath, we must have nval == NULL or
sk_CONF_VALUE_num(nval) == 0. In those cases, free and pop_free are
identical. However, variables should be freed consistently.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1351)
2016-07-26 16:03:42 -04:00
Kurt Roeckx
abdb0c7b4e Skip non-existing files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1324
2016-07-26 21:01:05 +02:00
Kurt Roeckx
5a3a546678 Add Hurd shared extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1345
2016-07-26 21:00:03 +02:00