Commit graph

14183 commits

Author SHA1 Message Date
Dr. Stephen Henson
94e84f5e95 header includes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Dr. Stephen Henson
69d492eac8 Document X509_get0_subject_key_id()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Dr. Stephen Henson
d19a50c9fb New function X509_get0_subject_key_id()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Dr. Stephen Henson
2c81e476fa Make X509 opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Dr. Stephen Henson
7e4188326b Avoid structure access in crypto/ts
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Emilia Kasper
6a12a5740b PACKET: simplify
Get rid of the third field that is no longer needed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 20:42:18 +02:00
Emilia Kasper
e9fa092efc Remove ssl_put_cipher_by_char
Since SSLv3, a CipherSuite is always 2 bytes. The only place where we
need 3-byte ciphers is SSLv2-compatible ClientHello processing.

So, remove the ssl_put_cipher_by_char indirection.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 20:34:25 +02:00
Emilia Kasper
21b0fa9118 Document BUF_strnlen
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:52:41 +02:00
Emilia Kasper
58e3457a82 BUF_strdup and friends: update docs
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:51:53 +02:00
Emilia Kasper
de8883e11b BUF_strndup: tidy
Fix comment, add another overflow check, tidy style

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:51:18 +02:00
Alessandro Ghedini
110f7b37de Make BUF_strndup() read-safe on arbitrary inputs
BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.

Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.

The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:50:53 +02:00
Rich Salz
db9defdfe3 GH398: Add mingw cross-compile, etc.
For all release branches.  It adds travis build support. If you don't
have a config file it uses the default (because we enabled travis for the
project), which uses ruby/rake/rakefiles, and you get confusing "build
still failing" messages.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-22 13:42:03 -04:00
Dr. Stephen Henson
2aa707c6ac Fix path in comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 16:47:09 +01:00
Dr. Stephen Henson
8bbda94c6e make depend
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 16:37:07 +01:00
Dr. Stephen Henson
1e898fb0f5 Move certificate request and CRL routines to x509 dir.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 16:35:55 +01:00
Dr. Stephen Henson
0d0099ea3b Move functions.
Move various functions tagged onto t_x509.c to more appropriate places.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 16:05:33 +01:00
Dr. Stephen Henson
035014cd22 Update SEE ALSO sections.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:42:20 +01:00
Dr. Stephen Henson
dd332cea9f Document signature accessors.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:42:20 +01:00
Dr. Stephen Henson
047dd81efe Extension parsing and encoding docs.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
d8db9a0df5 Document i2d_re_X509_REQ_tbs() and i2d_re_X509_CRL_tbs().
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
73a7e8de17 Document X509_REVOKED functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
94eae38011 Document X509 sign and verify functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
e7fabc5ea5 Document X509 public key functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
5571ea886f Document X509 name get and set functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
5f74a40540 Document X509 version functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
7880e14318 Use accessors in X509_REQ_print().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 13:08:05 +01:00
Dr. Stephen Henson
32f5c25164 Use accessor functions in X509_CRL_print().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 13:07:46 +01:00
Dr. Stephen Henson
1f143e08a5 New accessor X509_REQ_get_X509_PUBKEY()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 13:07:22 +01:00
Dr. Stephen Henson
835911b845 Additional X509_CRL accessors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 13:07:06 +01:00
Dr. Stephen Henson
75ef61d705 typo
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:00:03 +01:00
Dr. Stephen Henson
40ffdc9cfa Add comments to x509_int.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-22 12:28:45 +01:00
Dr. Stephen Henson
dc29030ab6 Add accessors for X509_REVOKED.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-22 12:28:45 +01:00
Dr. Stephen Henson
a9732d04fa Add accessors for request and CRL signatures
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-22 12:28:45 +01:00
Rich Salz
18cd23df8a Remove "noise" comments from TS files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-22 00:40:31 -04:00
David Woodhouse
ff03599a2f RT3479: Add UTF8 support to BIO_read_filename()
If we use BIO_new_file(), on Windows it'll jump through hoops to work
around their unusual charset/Unicode handling. it'll convert a UTF-8
filename to UCS-16LE and attempt to use _wfopen().

If you use BIO_read_filename(), it doesn't do this. Shouldn't it be
consistent?

It would certainly be nice if SSL_use_certificate_chain_file() worked.

Also made BIO_C_SET_FILENAME work (rsalz)

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-21 17:30:54 -04:00
Gunnar Kudrjavets
4cd94416a4 RT3823: Improve the robustness of event logging
There are a couple of minor fixes here:

1) Handle the case when RegisterEventSource() fails (which it may for
various reasons) and do the work of logging the event only if it succeeds.

2) Handle the case when ReportEvent() fails and do our best in debug builds
to at least attempt somehow indicate that something has gone wrong. The
typical situation would be someone running tools like DbMon, DBWin32,
DebugView or just having the debugger attached. The intent is to make sure
that at least some data will be captured so that we can save hours and days
of debugging time.

3) Minor fix to change the MessageBox() flag to MB_ICONERROR. Though the
value of MB_ICONERROR is the same value as MB_ICONSTOP, the intent is
better conveyed by using MB_ICONERROR.

Testing performed:

1) Clean compilation for debug-VC-WIN32 and VC-WIN32.

2) Good test results (nmake -f ms\ntdll.mak test) for debug-VC-WIN32 and
VC-WIN32.

3) Stepped through relevant changes using WinDBG and exercised the impacted
code paths.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-21 14:29:41 -04:00
Matt Caswell
7788638777 GOST PKCS12 support
Changes required to add GOST support to PKCS12

Based on a patch provided by Dmitry Belyavsky <beldmit@gmail.com>

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-21 10:34:55 +01:00
Matt Caswell
eeb1c3976c Add GOST extensions to PKCS#5
GOST extends PKCS5 PBES2/PBKDF2 with some additional GOST specific PRFs.

Based on a patch provided by Dmitry Belyavsky <beldmit@gmail.com>

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-21 10:30:49 +01:00
Matt Caswell
bf95cde287 Fix SRP memory leaks
There were some memory leaks in the creation of an SRP verifier (both on
successful completion and also on some error paths).

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-21 10:17:58 +01:00
Matt Caswell
dfd6211ce3 Fix -srpvfile option in srp command line
The -srpvfile option was broken in the srp command line app. Using it would
always result in "-dbfile and -configfile cannot be specified together."
The error message is also wrong because the option is "-srpvfile" not
"-dbfile", so that has been fixed too.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-21 10:17:58 +01:00
Dr. Stephen Henson
4e7e623012 Make SRP work with -www
PR#3817

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-20 14:19:49 +01:00
Dr. Stephen Henson
f1c412c9e6 Handle SSL_ERROR_WANT_X509_LOOKUP
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-20 14:19:49 +01:00
Dr. Stephen Henson
01a4e8764d remove unneeded includes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 12:50:56 +01:00
Dr. Stephen Henson
37f3a3b327 make no-dh work
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 12:50:55 +01:00
Dr. Stephen Henson
8f463dbddd Move EVP_PKEY_METHOD into private headers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 03:46:16 +01:00
Richard Levitte
777ae7c4ee Simplify Simple.pm further, and make it more verbose
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 02:15:49 +02:00
Richard Levitte
c9f6be4ead Correct srp test
There actually is a "srp" feature to check the availability on

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 02:06:51 +02:00
Richard Levitte
17979f5526 Correct jpake test
There actually is a "jpake" feature to check the availability on

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 02:06:51 +02:00
Richard Levitte
6ff4211781 Correct sha tests
These tests were checking for specific sha variants, when they should
just check if "sha" is disabled.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 02:06:51 +02:00
Richard Levitte
7f990b0ee3 Correct whirlpool test
It depended on 'openssl no-wp', which always exited with code 0, so
this test would never be performed, and this, I never discovered that
the program it's supposed to run was misspellt.  Furthermore, the
feature to check is 'whirlpool', not 'wp'.

All corrected.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 02:06:51 +02:00