Commit graph

7426 commits

Author SHA1 Message Date
Corinna Vinschen
8d35ceb98f Use POSIX functions on Cygwin, not Win32 function
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-18 16:16:00 +01:00
Rich Salz
213f60bf17 Accessor update; fix API, document one.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-17 16:58:36 -05:00
Rich Salz
ee6d9f4eb6 Remove some old makefile targets
Remove lint, tags, dclean, tests.
This is prep for a new makedepend scheme.
This is temporary pending unified makefile, and might help it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-17 14:47:32 -05:00
Rich Salz
9e5cd4bac7 Add some accessors.
Author: Remi Gacogne <rgacogne-github@coredump.fr>
GH334: Add an OCSP_SINGLERESP_get0_id() accessor to the OCSP_CERTID of
a OCSP_SINGLERESP. It is possible to do it the other way around using
OCSP_resp_find(), but this is more efficient when you have a tree indexed
by OCSP_CERTID, like haproxy does. (This is also RT4251)

Author: Marek Klein <kleinmrk@gmail.com>
GH556: OCSP_resp_get_produced_at() accessor to the producedAt of a
OCSP_BASICRESP
GH555: TS_STATUS_INFO_get_status(), TS_STATUS_INFO_get_text() and
TS_STATUS_INFO_get_failure_info() accessors for a TS_STATUS_INFO

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-17 10:38:03 -05:00
Rich Salz
0b3a231efd RT4247: Add missing patch
Missed the camellia EVP update.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-17 09:18:43 -05:00
Viktor Dukhovni
0982ecaaee Empty SNI names are not valid
While empty inputs to SSL_set1_host() clear the reference identifier
list.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-16 17:15:28 -05:00
Rich Salz
ecdd0ff733 RT4247: Fix EVP_CIPHER_CTX opaque on sparc
Via Rainer Jung

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-15 22:47:01 -05:00
Dr. Stephen Henson
c864e7611f Add lookup_certs for a trusted stack.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-15 22:37:18 +00:00
Zi Lin
9f9a39267f NGX-2040 - fix wildcard match on punycode/IDNA DNS names
- bugfix: should not treat '--' as invalid domain substring.
- '-' should not be the first letter of a domain

Signed-off-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-15 14:46:58 -05:00
Viktor Dukhovni
497ecc0d7d Cosmetic polish for last-resort depth 0 check
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-14 15:12:24 -05:00
Viktor Dukhovni
bdcadca24e Fix last-resort depth 0 check when the chain has multiple certificates
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-14 14:40:50 -05:00
Benjamin Kaduk
0423f812dc Add a no-egd option to disable EGD-related code
The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-14 13:02:51 -05:00
Viktor Dukhovni
311f27852a Always initialize X509_STORE_CTX get_crl pointer
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-14 12:29:16 -05:00
Rich Salz
2c52ac9bfe Call single parent free_comp routine.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-13 22:01:02 -05:00
Viktor Dukhovni
b098dcae66 Fix double-free bugs in EC group precomputation state
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 19:58:57 -05:00
Viktor Dukhovni
126d686400 Fix nistp512 typos, should be nistp521
Note, this now compiles, but fails tests, so further remediation
is required.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-13 17:47:23 -05:00
Rich Salz
e69aa8000e Add missing #ifdef's to fix build break
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-13 16:39:37 -05:00
Rich Salz
3aef36ffef Add CRYPTO_EX_DATA; remove EC_EXTRA_DATA
Add CRYPTO_EX_DATA add EndC_KEY_[gs]et_method, From Roumen Petrov.
Had to add various exdata calls to init/copy/free the exdata.
Had to remove const from some EC functions because exdata isn't
const-correct. :(
Also remove EC_EXTRA_DATA and use a union to hold the possible
pre-computed values and an enum to tell which value is in the
union. (Rich Salz)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-13 14:32:59 -05:00
Viktor Dukhovni
bdb1d0c24b Fix DES_LONG breakage
For some strange reason opensslconf.h was only defining DES_LONG
when included via des.h, but that's exceedingly fragile (as a
result of include guards the include via des.h might not actually
process the content again).

Ripped out the nesting constraint, now always define OSSL_DES_LONG
if not already defined.  Note, this could just be DES_LONG, but
trying to avoid exposing DES_LONG in places where it has never been
seen before, so it is up to des.h to actually define DES_LONG as
OSSL_DES_LONG.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 12:37:48 -05:00
Richard Levitte
b97c8c0ef2 After EVP_CIPHER turned opaque, e_rc5.c needs to include evp_int.h
We missed this one because rc5 is disabled by default.

Notified by The Doctor <doctor@doctor.nl2k.ab.ca>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 17:46:07 +01:00
Rich Salz
d10dac1187 Move Makefiles to Makefile.in
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-12 16:26:56 -05:00
Richard Levitte
512fdfdf7f Remove unused internal macros
The M_EVP_* macros related to EVP_CIPHER / EVP_CIPHER_CTX are not
public, and are unused.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:58:29 +01:00
Richard Levitte
ff4b7fafb3 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:58:29 +01:00
Richard Levitte
6c2ff56ec6 Adapt all EVP_CIPHER users for it becoming opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
3dcb9e4e0f EVP_CIPHER_CTX_new_cipher_data was a temporary measure, not needed any more
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
39e8d0ce73 Adapt all engines that need it to opaque EVP_CIPHER
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
6435f0f6c6 Adapt builtin cipher implementations to opaque EVP_CIPHER
They all stop including evp_locl.h, so we also take care of their
adaptation to opaque EVP_CIPHER_CTX, as was promised in an earlier
commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
135727abe0 Adapt the internal EVP routines to opaque EVP_CIPHER
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
e79f877333 Make EVP_CIPHER opaque and add creator/destructor/accessor/writer functions
We follow the method used for EVP_MD.
Also, move all the internal EVP_CIPHER building macros from evp_locl.h
to evp_int.h.  This will benefit our builtin EVP_CIPHERs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
480d33237d Remove EVP_CIPHER_CTX_flags, it's only confusing
EVP_CIPHER_CTX_flags was returning the flags of its associated
EVP_CIPHER.  However, EVP_CIPHER_CTX has flags of its own, so this
function is quite confusing and therefore error prone.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
846ec07d90 Adapt all EVP_CIPHER_CTX users for it becoming opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
936166aff2 Adapt cipher implementations to opaque EVP_CIPHER_CTX
Note: there's a larger number of implementations in crypto/evp/ that
aren't affected because they include evp_locl.h.  They will be handled
in a separate commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
c0ca39bdd6 Adapt the internal EVP routines to opaque EVP_CIPHER_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
83b0634702 Add accessors and writers for EVP_CIPHER_CTX
New functions:

- EVP_CIPHER_CTX_encrypting()
- EVP_CIPHER_CTX_iv()
- EVP_CIPHER_CTX_iv_noconst()
- EVP_CIPHER_CTX_original_iv()
- EVP_CIPHER_CTX_buf_noconst()
- EVP_CIPHER_CTX_num()
- EVP_CIPHER_CTX_set_num()
- EVP_CIPHER_CTX_cipher_data()
- EVP_CIPHER_CTX_new_cipher_data()

Note that the accessors / writers for iv, buf and num may go away, as
those rather belong in the implementation's own structure (cipher_data)
when the implementation would affect them (that would be the case when
they are flagged EVP_CIPH_CUSTOM_IV or EVP_CIPH_FLAG_CUSTOM_CIPHER).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
8baf9968df Make EVP_CIPHER_CTX opaque and renew the creator / destructor functions
Following the method used for EVP_MD_CTX and HMAC_CTX,
EVP_CIPHER_CTX_init and EVP_CIPHER_CTX_cleanup are joined together
into one function, EVP_CIPHER_CTX_reset, with EVP_CIPHER_CTX_init kept
as an alias.
EVP_CIPHER_CTX_cleanup fills no purpose of its own any more and is
therefore removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Pascal Cuoq
96e25c499b Function pop_info() returned a dangling pointer
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 20:30:37 +01:00
Dr. Stephen Henson
89d6aa10a2 Use ossl_inline and DEFINE_LHASH_OF
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:42 +00:00
Dr. Stephen Henson
2a056de832 Add lh_doall_arg inlining
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
63c75cd688 Add lh_doall inlining
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
62d0577e0d Add lh_new() inlining
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
e6b5c341b9 Inline LHASH_OF
Make LHASH_OF use static inline functions.

Add new lh_get_down_load and lh_set_down_load functions and their
typesafe inline equivalents.

Make lh_error a function instead of a macro.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
4e482ae6ff Add memory leak return value.
Make CRYPTO_mem_leaks() and CRYPTO_mem_leaks_fp() return a status value.
Update documentation. Don't abort() if there are leaks.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-11 02:41:16 +00:00
Viktor Dukhovni
c2e27310c7 Enable/disable crypto-mdebug just like other features
Also always abort() on leak failure.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-11 02:41:16 +00:00
Viktor Dukhovni
aea145e399 Regenerate SSL record/statem error strings
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-10 20:18:05 -05:00
Rich Salz
d594199bb4 RT41897: Add an CRYPTO_secure_actual_size
This is already documented, I just forgot to include the code :)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-09 19:13:15 -05:00
Rich Salz
6ac11bd0b9 Fix no CRYPTO_MDEBUG build (windows)
In order for mkdep to find #ifdef'd functions, they must be
wrapped (in the header file) with
        #ifndef OPENSSL_NO_...
So do that for various CRYPTO_mem_debug... things.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-08 14:35:04 -05:00
Viktor Dukhovni
8707e3be0c Update comment as bn_dup_expand is gone
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-08 12:53:39 -05:00
Viktor Dukhovni
60d8edbc09 Fix some typos in comments
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 20:53:23 -05:00
Viktor Dukhovni
98186eb4e4 Backwards-compatibility subject to OPENSSL_API_COMPAT
Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 20:53:18 -05:00
Richard Levitte
0c1badc8af Remove all remaining traces if PEM_Seal
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-08 01:18:55 +01:00
Rich Salz
ebd8df0ed8 Fix build-break; 'make update'
Commit bbd86bf542 broke certain builds.
Commit 0674427f71 missing 'make update'

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 15:40:08 -05:00
Rich Salz
bbd86bf542 mem functions cleanup
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
        (Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 15:14:18 -05:00
Richard Levitte
0674427f71 Remove crypto/pem/pem_seal.c
It's functionality appears unused.  If we're wrong, we will revert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-07 21:06:34 +01:00
Viktor Dukhovni
170b735820 DANE support for X509_verify_cert()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 13:48:59 -05:00
Dr. Stephen Henson
a8eba56ef6 use more descriptive name DEFINE_STACK_OF_CONST
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
4a1f3f2741 Only declare stacks in headers
Don't define stacks in C source files: it causes warnings
about unused functions in some compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
8588571572 Rename DECLARE*STACK_OF to DEFINE*STACK_OF
Applications wishing to include their own stacks now just need to include

DEFINE_STACK_OF(foo)

in a header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
4a640fb6c3 Fix declarations and constification for inline stack.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Rich Salz
700b4a4ae7 Remove more (rest?) of FIPS build stuff.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-06 12:07:26 -05:00
Viktor Dukhovni
919ba00942 DANE support structures, constructructors and accessors
Also tweak some of the code in demos/bio, to enable interactive
testing of BIO_s_accept's use of SSL_dup.  Changed the sconnect
client to authenticate the server, which now exercises the new
SSL_set1_host() function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-05 19:31:49 -05:00
Viktor Dukhovni
e29c73c93b Fix X509_STORE_CTX_cleanup()
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-03 18:45:05 -05:00
Viktor Dukhovni
0e7abc9037 Drop incorrect id == -1 case from X509_check_trust
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-03 17:21:40 -05:00
Viktor Dukhovni
d9b8b89bec X509_verify_cert() cleanup
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-03 17:21:16 -05:00
Richard Levitte
6aa0ba4bb2 Fix a possible memleak
If there's a failure allocating md_data, the destination pctx will have
a shared pointer with the source EVP_MD_CTX, which will lead to problems
when either the source or the destination is freed.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-02 20:39:24 +01:00
Dr. Stephen Henson
8382fd3a93 Use X509_get0_pubkey where appropriate
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-31 18:44:46 +00:00
Richard Levitte
3dc9589cc8 Fix some missing or faulty header file inclusions
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-30 14:54:29 +01:00
Dr. Stephen Henson
72245f340c Check for missing DSA parameters.
If DSA parameters are absent return -1 (for unknown) in DSA_security_bits.

If parameters are absent when a certificate is set in an SSL/SSL_CTX
structure this will reject the certificate by default. This will cause DSA
certificates which omit parameters to be rejected but that is never (?)
done in practice.

Thanks to Brian 'geeknik' Carpenter for reporting this issue.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-12-30 13:34:53 +00:00
Ben Laurie
33bed28b39 Fix no-engine.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-29 12:52:06 +00:00
Kurt Roeckx
933d108516 Avoid using a dangling pointer when removing the last item
When it's the last item that is removed int_thread_hash == hash and we would
still call int_thread_release(&hash) while hash is already freed.  So
int_thread_release would compare that dangling pointer to NULL which is
undefined behaviour.  Instead do already what int_thread_release() would do,
and make the call do nothing instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4155, MR: #1519
2015-12-23 20:36:32 +01:00
Rich Salz
4fae386cb0 Cleanup CRYPTO_{push,pop}_info
Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 09:11:07 -05:00
Rich Salz
c99de0533d Rename *_realloc_clean to *_clear_realloc
Just like *_clear_free routines.  Previously undocumented, used
a half-dozen times within OpenSSL source.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 07:32:51 -05:00
Kurt Roeckx
f5d97098a4 Also change the non-debug versions to use size_t
Reviewed-by: Richard Levitte <levitte@openssl.org>
MR: #1518
2015-12-22 12:55:11 +01:00
David Benjamin
679d87515d Fix memory leak in DSA redo case.
Found by clang scan-build.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>

RT: #4184, MR: #1496
2015-12-22 11:05:51 +01:00
Andy Polyakov
b859d70d4a bn/asm/bn-c64xplus.asm: update commentary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-22 10:30:03 +01:00
Andy Polyakov
cfe670732b sha/asm/sha256-armv4.pl: one of "universal" flags combination didn't compile.
(and unify table address calculation in ARMv8 code path).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-21 13:41:47 +01:00
Matt Caswell
79caf5d323 Fix URLs mangled by reformat
Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-19 20:33:00 +00:00
Richard Levitte
31384753c7 Remove the "eay" c-file-style indicators
Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-18 13:08:40 +01:00
Richard Levitte
ff8428561a Modify the lower level memory allocation routines to take size_t
We've been using int for the size for a long time, it's about time...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-17 08:24:26 +01:00
Rich Salz
33eaf4c27e mem-cleanup, cont'd.
Remove LEVITTE_DEBUG_MEM.
Remove {OPENSSL,CRYPTO}_remalloc.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-16 22:23:57 -05:00
Rich Salz
3b089ca21b Rename sec_mem to mem_sec, like other files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 22:09:39 -05:00
Rich Salz
7644a9aef8 Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 16:14:49 -05:00
Dr. Stephen Henson
2c61a5ecca Constify EC_KEY in ECDH_compute_key.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
981bd8a2f2 New EC functions.
New functions EC_POINT_point2buf and EC_KEY_key2buf which encode
a point and allocate a buffer in one call.

New function EC_KEY_oct2key() which sets public key in an EC_KEY
structure from an encoded point.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Matt Caswell
19a86b0301 Fix build on Solaris
Solaris builds were failing during async compilation because the .o files
created from compiling the corresponding .c files held in async/arch were
ending up in the top level async directory. Consequently the link fails
because it can't find the .o files.

Thanks to Richard Levitte for pointing me in the right direction on this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-15 23:40:22 +00:00
Rich Salz
2ab9687479 Remove GMP engine.
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-12-15 07:59:56 -05:00
Dr. Stephen Henson
6745fcf627 make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
c01ff880d4 New function X509_get0_pubkey
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
2872dbe1c4 Add EVP_PKEY_get0_* functions.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
2986ecdc08 Extend EVP_PKEY_copy_parameters()
Make EVP_PKEY_copy_parameters() work if the destination has no type
(e.g. if obtained from EVP_PKEY_new()) or the underlying key is NULL.
This is useful where we want to copy the parameters from an existing
key to a new key.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Emilia Kasper
d911097d7c Fix a ** 0 mod 1 = 0 for real this time.
Commit 2b0180c37f attempted to do this but
only hit one of many BN_mod_exp codepaths. Fix remaining variants and add
a test for each method.

Thanks to Hanno Boeck for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-14 17:39:39 +01:00
Andy Polyakov
81eae077ce crpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-14 16:09:25 +01:00
Andy Polyakov
2688d99989 crypto/ppccap.c: add SIGILL-free processor capability detection code.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-14 16:08:49 +01:00
Andy Polyakov
b974943234 x86_64 assembly pack: tune clang version detection even further.
RT#4171

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-13 22:18:18 +01:00
Andy Polyakov
22c2e80f89 Configure: add framework for ChaCha and Poly1305 assembly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 20:56:50 +01:00
Ben Laurie
6c3b566497 Remove no longer existant structure member and direct references to EVP_MD_CTX internals.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 14:59:10 +00:00
Ben Laurie
4eacfadedc Fix (incorrect) uninitialised variable warning.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 12:44:46 +00:00
Matt Caswell
7a93c85826 Fix compile failure with no-threads
The async code was causing a compile failure if no-threads was used.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-12 14:26:22 +00:00
Andy Polyakov
30a5f32227 evp/e_chacha20_poly1305.c: TLS interop fixes.
Thanks to: David Benjamin of Chromuim.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 21:07:51 +01:00
Ben Laurie
94d6151236 Make no-dh work, plus other no-dh problems found by Richard.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 18:38:38 +00:00
Richard Levitte
6ebe8dac3e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:35 +01:00
Richard Levitte
601ab3151f Adapt PEM routines to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Richard Levitte
b518d2d5f8 Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Richard Levitte
a0be4fd17b Make EVP_ENCODE_CTX opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Rob Stradling
ba67253db1 Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

GH: #495, MR: #1435
2015-12-10 19:27:40 +01:00
Matt Caswell
b0cae88cc2 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 14:21:59 +00:00
Andy Polyakov
02dc0b82ab evp/e_aes.c: wire hardware-assisted block function to OCB.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:11:46 +01:00
Andy Polyakov
bd30091c97 x86[_64] assembly pack: add optimized AES-NI OCB subroutines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:11:26 +01:00
Andy Polyakov
44bf7119d6 modes/ocb128.c: fix overstep.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:36:25 +01:00
Andy Polyakov
48f1484555 Configure: make no-chacha and no-poly1305 work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:50 +01:00
Andy Polyakov
bd3385d845 evp/c_allc.c: wire ChaCha20-Poly1305 and add tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:03:41 +01:00
Andy Polyakov
bd989745b7 crypto/evp: add e_chacha20_poly1305.c.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:00:29 +01:00
Andy Polyakov
f6b9427923 evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.
In such case it would be EVP_CIPHER.cleanup's reponsibility to wipe
EVP_CIPHEX_CTX.cipher_data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:00:05 +01:00
Andy Polyakov
72bb2f64fc Add ChaCha20-Poly1305 and ChaCha20 NIDs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 11:59:49 +01:00
Andy Polyakov
7dcb21869b Add reference ChaCha20 and Poly1305 implementations.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-10 11:58:56 +01:00
Dr. Stephen Henson
a0ffedaf7b make default_ec_key_meth static
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-10 04:00:09 +00:00
Dr. Stephen Henson
8b8689aefa remove ECDSA error line
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
91e7bcc264 Use NULL comparison
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
77d0d10db7 set standard EC method in eng_openssl
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
3c4e064e78 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
62690c6acf remove ecdsa.h header references.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
f8d7d2d6df EC_KEY_METHOD accessors.
Set of accessors to set and get each field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
a200a817ad Top level ECDSA sign/verify redirection.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
7d711cbc33 Engine EC_KEY_METHOD functionality.
Rename ENGINE _EC_KEY functions to _EC.
Add support for EC_KEY_METHOD in ENGINE_set_default et al. Copy
ec_meth.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
1eb97c3ecd remove ECDSA_METHOD from ENGINE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
cf517a6d3d add ECDSA_size to ec_asn1.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
c535979126 remove errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
f84f31fc36 remove crypto/ecdsa
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
8c6ef7869a add sign/verify methods
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
6e73d12e76 return errors for unsupported operations
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
6a774a6625 Remove reference to ECDSA_OpenSSL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
bd3602eb89 Move and adapt ECDSA sign and verify functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
7236e3c8f7 Add ECDSA_SIG accessor.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
8c661f76b6 make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
c0efda00e9 extend EC_KEY_METHOD for signing support
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
6a47db4502 adapt ossl_ecdsa.c to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
714b2abb29 move ECDSA_SIG definition
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
0a6f1d9733 Move ECDSA implementation to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
2d3d00dcd8 Move ECDSA_SIG ASN.1 to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
3475bc9675 Add set methods.
Add set_group, set_public and set_private methods. An EC_KEY_METHOD can use
these to perform any appropriate operation when the key components are set,
such as caching data in some more convenient ENGINE specific format or
returning an error if the parameters are invalid or the operation is
not supported.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
ea0392b921 EC_KEY_METHOD copy support
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
0d6ff6d3d1 EC_KEY_METHOD init and finish support
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
5196641617 ENGINE fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
30243c9523 remove ecdh.h header
Remove redundant ecdh.h header and any references to it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
fe74cc0432 remove ECDH error loading
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
d3bcab845e Remove crypto/ecdh update Makefile.org
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
f517ffbb83 remove ECDH_METHOD from ENGINE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
53e3189d0c make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
a22a7e7089 Add compute key support to EC_KEY_METHOD
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
647b223875 Adapt ecdh_compute_key
Rename ecdh_compute_key into ossl_ecdh_compute_key and modify it
to use EC error codes. Remove superfluous old ECDH functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
168e8374ee move ECDH implementation to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00