Commit graph

11568 commits

Author SHA1 Message Date
Matt Caswell
87cd297d14 Fixed missing return value checks.
Added various missing return value checks in tls1_change_cipher_state.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-27 15:18:21 +00:00
Matt Caswell
195f6302bb Fix missing return value checks.
Fixed various missing return value checks in ssl3_send_newsession_ticket.
Also a mem leak on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Conflicts:
	ssl/s3_srvr.c
2015-02-27 15:18:20 +00:00
Matt Caswell
8f51c206b3 Fix evp_extra_test.c with no-ec
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a988036259)
2015-02-26 23:34:54 +00:00
Matt Caswell
f2aff60f6f Update the SHA* documentation
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit f7812493a0)
2015-02-25 22:57:19 +00:00
Rainer Jung
fbabc6c06e Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using
the extract-names.pl script.

RT#3718

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-25 20:47:42 +00:00
Matt Caswell
bfb14d724b Fix some minor documentation issues
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
4d2207f097 Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
b42e4a9f6b Add dire warnings about the "reuse" capability of the d2i_* functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
78a6b77976 Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
ba5d0113e8 Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
f747572547 Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Conflicts:
	crypto/evp/Makefile
	test/Makefile
2015-02-25 17:21:58 +00:00
Dr. Stephen Henson
36b619a06e Document -no_explicit
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 384dee5124)
2015-02-24 15:28:38 +00:00
Andy Polyakov
13c1807041 Fix crash in SPARC T4 XTS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 775b669de3)
2015-02-24 10:12:57 +01:00
Andy Polyakov
f243def213 sha/asm/sha1-586.pl: fix typo.
The typo doesn't affect supported configuration, only unsupported masm.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 3372c4fffa)
2015-02-22 19:22:09 +01:00
Dr. Stephen Henson
1f956f9cda typo
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 15b5d6585d)
2015-02-22 14:44:21 +00:00
Edgar Pek
98e6f07901 Fix null-pointer dereference
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit bcfa19a8d1)
2015-02-22 13:23:53 +01:00
Kurt Roeckx
f95519538a Fix memory leak
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit edac5dc220)
2015-02-22 13:23:53 +01:00
Doug Hogan
79e2e927e6 Avoid a double-free in an error path.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 1549a26520)
2015-02-22 13:23:52 +01:00
Richard Levitte
7f3563b576 Restore -DTERMIO/-DTERMIOS on Windows platforms.
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically.  Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration.  The answer is to restore those macro definitions for
the affected configuration targets.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ba4bdee718)

Conflicts:
	Configure
2015-02-22 09:38:20 +01:00
Richard Levitte
458a55af16 Assume TERMIOS is default, remove TERMIO on all Linux.
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux.  For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.

crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 64e6bf64b3)

Conflicts:
	Configure
	crypto/ui/ui_openssl.c
2015-02-22 08:10:29 +01:00
Richard Levitte
681da86ebb Transfer a fix from 1.0.1
manually picked from e7b85bc402
Reviewed-by: Stephen Henson <steve@openssl.org>

(cherry picked from commit 774ccae63c)
2015-02-13 13:40:47 +01:00
Rich Salz
872f91c403 RT3684: rand_egd needs stddef.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-12 14:23:28 -05:00
Graeme Perrow
ee1ccd0a41 RT3670: Check return from BUF_MEM_grow_clean
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b0333e697c)
2015-02-12 13:01:33 -05:00
Eric Dequin
62bfff2d99 Missing OPENSSL_free on error path.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 1d2932de4c)
2015-02-12 11:15:29 -05:00
Emilia Kasper
95929797a0 Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 0923e7df9e)
2015-02-10 15:36:03 +01:00
Andy Polyakov
bcfaa4eeee objects/obj_xref.h: revert reformat.
obj_xref.h was erroneously restored to pre-reformat state.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 08:55:30 +01:00
Andy Polyakov
cb43fd0467 Bring objects.pl output even closer to new format.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 849037169d)
2015-02-09 16:00:25 +01:00
Dr. Stephen Henson
ba25221226 Fix memory leak reporting.
Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 9c7a780bbe)
2015-02-09 13:01:15 +00:00
Andy Polyakov
506805e708 Harmonize objects.pl output with new format.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce3862319)
2015-02-09 09:57:23 +01:00
Matt Caswell
04222b630e Fix error handling in ssltest
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ae632974f9)
2015-02-06 10:08:58 +00:00
Rich Salz
16064539ad Fixed bad formatting in crypto/des/spr.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06ea9)
2015-02-05 09:45:25 -05:00
Dr. Stephen Henson
75c77a71fa Make objxref.pl output in correct format
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6922ddee1b)
2015-02-04 13:35:35 +00:00
Dr. Stephen Henson
3b740cebd5 Preliminary ASN1_TIME documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a724e79ed7)
2015-02-03 16:50:29 +00:00
Dr. Stephen Henson
f17a4ad7d7 Check PKCS#8 pkey field is valid before cleansing.
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9de)
2015-02-03 14:02:12 +00:00
Andy Polyakov
79e0285755 cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5da05a26f2)
2015-02-02 15:29:10 +01:00
Andy Polyakov
8d5d455988 modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
on affected platforms (PowerPC and AArch64).

For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b2991c081a)
2015-01-30 16:38:42 +01:00
Richard Levitte
1d5668c258 VMS exit codes weren't handled well enough and were unclear
Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit e00ab250c8)
2015-01-30 14:47:37 +01:00
Richard Levitte
bc1544d8c5 dso_vms needs to add the .EXE extension if there is none already
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit be7b1097e2)
2015-01-30 05:02:56 +01:00
Matt Caswell
6ca1dc9737 Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8507474564)
2015-01-27 14:30:25 +00:00
Matt Caswell
0ed9ca21ae Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit f400241251)
2015-01-27 14:30:25 +00:00
Matt Caswell
11b32d6e29 Make DTLS always act as if read_ahead is set. The actual value of read_ahead
is ignored for DTLS.

RT#3657

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8dd4ad0ff5)
2015-01-27 14:30:25 +00:00
Rich Salz
63ac16ccac Remove obsolete support for old code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 3d0cf91807)
2015-01-26 11:06:28 -05:00
Rich Salz
db7cb7ab9a Remove unused eng_rsax and related asm file
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-26 10:46:26 -05:00
Rich Salz
6d09851694 Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit abdd677125)
2015-01-25 21:12:01 -05:00
Kurt Roeckx
63c1d16bb8 Fix segfault with empty fields as last in the config.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-24 14:52:58 +01:00
Dr. Stephen Henson
6fa805f516 FIPS build fixes.
PR#3673

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 00:12:39 +00:00
Matt Caswell
06aab26874 Prepare for 1.0.2a-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-01-22 16:16:24 +00:00
Matt Caswell
4ac0329582 Prepare for 1.0.2 release
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-01-22 16:12:26 +00:00
Matt Caswell
51e647f6e5 make update
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-01-22 16:12:26 +00:00
Matt Caswell
ba7e998d5b Updates to CHANGES for 1.0.2
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2015-01-22 15:14:15 +00:00