wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15721 commits 20 branches 302 tags 153 MiB
Commit graph

292 commits

Author SHA1 Message Date
Richard Levitte
a80e33b991 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 
With no more symlinks, there's no need for those variables, or the links
target.  This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.

Also, removed METHTEST from test/Makefile.  It looks like an old test that's
forgotten...

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory 
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-03-31 20:16:01 +02:00
Rich Salz
c5ba2d9904 free NULL cleanup 
EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-03-28 10:54:15 -04:00
Rich Salz
d64070838e free NULL cleanup 
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-24 23:17:16 -04:00
Dr. Stephen Henson
86d20cb6fd make depend 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-24 12:05:05 +00:00
Dr. Stephen Henson
27af42f9ac Move some EVP internals to evp_int.h 
Move EVP internals to evp_int.h, remove -Ievp hack from crypto/Makefile

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-24 12:03:36 +00:00
Dr. Stephen Henson
5fe736e5fc Move some ASN.1 internals to asn1_int.h 
Move ASN.1 internals used across multiple directories into new internal
header file asn1_int.h remove crypto/Makefile hack which allowed other
directories to include "asn1_locl.h"

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-24 12:03:36 +00:00
Rich Salz
0dfb9398bb free NULL cleanup 
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-24 07:52:24 -04:00
Matt Caswell
6aa8dab2bb Fix dh_pub_encode 
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-03-12 09:22:56 +00:00
Dr. Stephen Henson
a8ae0891d4 Cleanse PKCS#8 private key components. 
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-03-08 16:27:55 +00:00
Matt Caswell
918bb86529 Unchecked malloc fixes 
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-03-05 09:09:57 +00:00
Kurt Roeckx
edac5dc220 Fix memory leak 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-02-22 13:18:24 +01:00
Doug Hogan
1549a26520 Avoid a double-free in an error path. 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-02-22 13:17:40 +01:00
Rich Salz
dfb56425b6 Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp 
And an uncompiled C++ test file.
Also remove srp_lcl.h, with help from Richard.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-02-03 11:20:56 -05:00
Richard Levitte
c6ef15c494 clang on Linux x86_64 complains about unreachable code. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-01-29 01:54:09 +01:00
Rich Salz
a00ae6c46e OPENSSL_NO_xxx cleanup: many removals 
The following compile options (#ifdef's) are removed:
    OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
    OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
    OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
    OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY

This diff is big because of updating the indents on preprocessor lines.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-27 10:06:22 -05:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:09 +00:00
Matt Caswell
dbd87ffc21 indent has problems with comments that are on the right hand side of a line. 
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:08 +00:00
Matt Caswell
e636e2acd7 Fix source where indent will not be able to cope 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:06 +00:00
Rich Salz
4b618848f9 Cleanup OPENSSL_NO_xxx, part 1 
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
	OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
	OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-14 15:57:28 -05:00
Rich Salz
6d23cf9744 RT3548: Remove unsupported platforms 
This last one for this ticket.  Removes WIN16.
So long, MS_CALLBACK and MS_FAR.  We won't miss you.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-12 17:30:54 -05:00
Andy Polyakov
e464403d0b Fix irix-cc build. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-01-07 18:39:39 +01:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-30 22:10:26 +00:00
Matt Caswell
53e95716f5 Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED 
Introduce use of DECLARE_DEPRECATED

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-12-18 19:57:14 +00:00
Matt Caswell
5bafb04d2e Remove redundant OPENSSL_NO_DEPRECATED suppression 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-12-18 19:57:05 +00:00
Rich Salz
5cf37957fb RT3543: Remove #ifdef LINT 
I also replaced some exit/return wrappers in various
programs (from main) to standardize on return.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-10 17:31:04 -05:00
Matt Caswell
829ccf6ab6 Implement internally opaque bn access from dh 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:40:32 +00:00
Dr. Stephen Henson
73e45b2dd1 remove OPENSSL_FIPSAPI 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
1bfffe9bd0 Remove FIPS module code from crypto/dh 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
f072785eb4 Remove fipscanister build functionality from makefiles. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-11-28 18:32:43 -05:00
Rich Salz
df8c39d522 RT3549: Remove obsolete files in crypto 
Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-10-01 16:05:47 -04:00
Dr. Stephen Henson
2514fa79ac Add functions returning security bits. 
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
 2014-03-28 14:49:04 +00:00
Andy Polyakov
53e5161231 dh_check.c: check BN_CTX_get's return value. 2014-03-06 14:19:37 +01:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Ben Laurie
a0aaa5660a Fix compile errors. 2013-08-21 04:21:42 +01:00
Dr. Stephen Henson
bd59f2b91d CMS RFC2631 X9.42 DH enveloped data support. 2013-08-05 16:23:13 +01:00
Dr. Stephen Henson
dc1ce3bc64 Add KDF for DH. 
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
 2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
3909087801 Extend DH parameter generation support. 
Add support for DH parameter generation using DSA methods including
FIPS 186-3.
 2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
d3cc91eee2 Enhance DH dup functions. 
Make DHparams_dup work properly with X9.42 DH parameters.
 2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
c9577ab5ea If present print j, seed and counter values for DH 2013-08-05 15:45:00 +01:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
84b6e277d4 make update 2011-12-27 14:46:03 +00:00
Dr. Stephen Henson
afb14cda8c Initial experimental support for X9.42 DH parameter format to handle 
RFC5114 parameters and X9.42 DH public and private keys.
 2011-12-07 00:32:34 +00:00
Dr. Stephen Henson
0798170966 Update DH_check() to peform sensible checks when q parameter is present. 2011-12-01 17:27:36 +00:00
Dr. Stephen Henson
28ff14779e Correct some parameter values. 2011-12-01 17:26:58 +00:00
Dr. Stephen Henson
20bee9684d Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest. 2011-11-13 14:07:36 +00:00
Dr. Stephen Henson
cd366cf7ec print out subgroup order if present 2011-10-11 17:44:26 +00:00
Bodo Möller
ae53b299fa make update 2011-09-05 09:46:15 +00:00
Dr. Stephen Henson
4960411e1f Add flags for DH FIPS method. 
Update/fix prototypes in fips.h
 2011-06-08 15:53:08 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in 
the FIPS capable OpenSSL.
 2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
74fac927b0 Return errors instead of aborting when selftest fails. 2011-04-22 11:12:56 +00:00
Dr. Stephen Henson
31360957fb DH keys have an (until now) unused 'q' parameter. When creating 
from DSA copy q across and if q present generate DH key in the
correct range.
 2011-04-07 15:01:48 +00:00
Richard Levitte
c6dbe90895 make update 2011-03-24 22:59:02 +00:00
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
bc91494e06 New SP 800-56A compliant version of DH_compute_key(). 2011-03-08 19:07:26 +00:00
Dr. Stephen Henson
b7056b6414 Update dependencies. 2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
14ae26f2e4 Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files 
that use it.
 2011-02-03 17:00:24 +00:00
Dr. Stephen Henson
83c3410b94 FIPS DH changes: selftest checks and key range checks. 2011-01-26 15:47:19 +00:00
Dr. Stephen Henson
fa1ba589f3 Add algorithm specific signature printing. An individual ASN1 method can 
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
 2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
f4274da164 PR: 1644 
Submitted by: steve@openssl.org

Fix to make DHparams_dup() et al work in C++.

For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
 2009-09-06 15:49:46 +00:00
Dr. Stephen Henson
c55d27ac33 Make update. 2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Lutz Jänicke
5f0477f47b Typos 
PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>
 2007-09-24 11:22:58 +00:00
Nils Larsch
442cbb062d check correct pointer before freeing it (Coverity CID 79,86) 2007-04-02 20:29:40 +00:00
Bodo Möller
bd31fb2145 Change to mitigate branch prediction attacks 
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2007-03-28 00:15:28 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Mark J. Cox
c2cccfc585 Initialise ctx to NULL to avoid uninitialized free, noticed by 
Steve Kiernan
 2006-09-29 08:21:41 +00:00
Bodo Möller
5e3225cc44 Introduce limits to prevent malicious keys being able to 
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
 2006-09-28 13:45:34 +00:00
Dr. Stephen Henson
5c95c2ac23 Fix various error codes to match functions. 2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
8bdcef40e4 New function to dup EVP_PKEY_CTX. This will be needed to make new signing 
functions and EVP_MD_CTX_copy work properly.
 2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
eaff5a1412 Use size_t for new crypto size parameters. 2006-05-24 12:33:46 +00:00
Dr. Stephen Henson
c20276e4ae Fix (most) WIN32 warnings and errors. 2006-04-17 12:08:22 +00:00
Dr. Stephen Henson
b010b7c434 Use more flexible method of determining output length, by setting &outlen 
value of the passed output buffer is NULL.

The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all
cases where the output length may depend on the operation or the parameters
associated with it.
 2006-04-15 18:50:56 +00:00
Dr. Stephen Henson
ffb1ac674c Complete key derivation support. 2006-04-13 20:16:56 +00:00
Dr. Stephen Henson
3be34589e8 Update dependencies. 2006-04-13 13:00:45 +00:00
Dr. Stephen Henson
d87e615209 Add key derivation support. 2006-04-13 12:56:41 +00:00
Dr. Stephen Henson
52c11dce31 Typo. 2006-04-13 00:26:05 +00:00
Dr. Stephen Henson
3ba0885a3e Extend DH ASN1 method, add DH EVP_PKEY_METHOD. 2006-04-12 23:51:24 +00:00
Dr. Stephen Henson
4c97a04e2e PKCS#3 DH PKCS#8 ASN1 support. 2006-04-12 23:06:10 +00:00
Dr. Stephen Henson
ceb4678956 Extend DH ASN1 method to support public key encode/decode and parameter 
utilities.
 2006-04-12 17:14:48 +00:00
Dr. Stephen Henson
0b33dac310 New function to retrieve ASN1 info on public key algorithms. New command 
line option to print out info.
 2006-04-04 18:16:03 +00:00
Dr. Stephen Henson
3e4585c8fd New utility pkeyparam. Enhance and bugfix algorithm specific parameter 
functions to support it.
 2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
d82e2718e2 Add information and pem strings. Update dependencies. 2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to 
initialize it. Initial support for application added public key ASN1.
 2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
1b593194be Move algorithm specific print code from crypto/asn1/t_pkey.c to separate 
*_prn.c files in each algorithm directory.
 2006-03-22 13:34:19 +00:00
Dr. Stephen Henson
adbc603d24 DH EVP_PKEY_ASN1_METHOD, doesn't do much (yet?). 2006-03-20 18:37:40 +00:00
Dr. Stephen Henson
6f81892e6b Transfer parameter handling and key comparison to algorithm methods. 2006-03-20 17:56:05 +00:00
Nils Larsch
47d5566646 fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end() 2006-03-13 23:14:57 +00:00
Dr. Stephen Henson
15ac971681 Update filenames in makefiles. 2006-02-04 01:45:59 +00:00
Dr. Stephen Henson
244847591f Extend callback function to support print customization. 2005-09-01 20:42:52 +00:00
Ben Laurie
bf3d6c0c9b Make D-H safer, include well-known primes. 2005-08-21 16:00:17 +00:00