Commit graph

336 commits

Author SHA1 Message Date
Cristian Stoica
8ac2d1abb3 speed.c: simplify aggregation of rsa --multi results
CLA: trivial

Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1377)
2017-02-10 11:59:33 +01:00
Todd Short
9d6fcd4295 Cleanup EVP_CIPH/EP_CTRL duplicate defines
Remove duplicate defines from EVP source files.
Most of them were in evp.h, which is always included.
Add new ones evp_int.h
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK is now always defined in evp.h, so
remove conditionals on it

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2201)
2017-01-24 18:47:10 +01:00
Nicola Tuveri
86ff6cc6b2 Handle "int_ctx_new:unsupported algorithm" error
Calling EVP_PKEY_CTX_new_id(curve_NID, NULL) causes an error for most
curves that are implemented through the EC low-level API, and in the
last commit we call it for every curve to avoid treating X25519 as a
special case.

Last commit code already handles correctly this failure, but does not
remove these events from the thread error queue, thus some
false-positive warnings are printed at the end of execution.

This commit ensures that the error queue is clean, without flushing
other errors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
b756d694b6 Do not handle R_EC_X25519 as a special case
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
79438087fe Remove leftover KDF pointer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
9bffdebc38 Use CRYPTO_memcmp for comparing derived secrets
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
f7d984ddd4 Reintroduce preliminary sanity check in ECDH speed and remove further checks in the benchmark loop.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
db1dd9368a Remove ECDH_EVP_derive_key wrapper function
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
2e4c3b5caa More coding style fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
29dd15b18d Run util/openssl-format-source against apps/speed.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
cc98e63938 bugfix: calculate outlen for each curve
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
dfdd45f72c Handle EVP_PKEY_derive errors and fix coding style issues
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
c29c7aadb9 Fix coding style and remove some stale code/comments
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
ed7377dba9 Use EVP interface for ECDH in apps/speed.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Richard Levitte
b85bf63952 apps: remove some #ifndef clutter
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1643)
2016-10-19 19:49:43 +02:00
Richard Levitte
dd1abd4462 If an engine comes up explicitely, it must also come down explicitely
In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it's a built in engine), we end up returning
an invalid reference.

Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1643)
2016-10-19 17:44:08 +02:00
FdaSilvaYY
44c83ebd70 Constify command options
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1694)
2016-10-14 18:25:50 +02:00
David Benjamin
609b0852e4 Remove trailing whitespace from some files.
The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:

  find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'

Then bn_prime.h was excluded since this is a generated file.

Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:21 +01:00
FdaSilvaYY
fb2141c773 Fix loopargs_t object duplication into ASYNC context
Code was relying on an implicit data-sharing through duplication of
loopargs_t pointer-members made by ASYNC_start_job().

Now share structure address instead of structure content.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 15:03:51 +01:00
FdaSilvaYY
e5972607a1 Allow to run all speed test when async_jobs active
... without any interruption.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1468)
2016-08-19 10:52:13 -04:00
FdaSilvaYY
d6073e27eb Small nits and cleanups
using util/openssl-format-source on s_derver, s_client, ca.c, speed.c only...

Fix/merge some #ifndef

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:09:19 +01:00
FdaSilvaYY
cfd451d47f Improve error message
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:09:19 +01:00
Cristian Stoica
358558eba8 speed.c: use size_t instead of int to match function signatures
Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1378)
2016-08-08 11:17:11 -04:00
FdaSilvaYY
700b814549 Fix some style issues...
extra spacing and 80 cols

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1366)
2016-08-02 09:59:23 +02:00
FdaSilvaYY
0930e07d1e Useless allocation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
fd4b0c0832 Fix some style issues
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
55b09fe69a Add missing help string
Fix an error message

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
70c4e15612 Fix some awkward tests
Add some explanatory comments
Discard some useless parenthesis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
5f986ed32d Merge some conditional blocks of code.
Fix an #if check about rsa_count...

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
4d82c58b97 Simplify default inits, add const qualifiers
Simplify some loops to reuse k variable

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
8829ce3020 Cast to right type, simplify array args
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
3331e43b16 Fix sharing of two static variables
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
c5baa26663 ECDH test is only one operation to run
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
FdaSilvaYY
19075d58a7 Fix three missing global declarations.
Fix compilation without SIGALRM.
It don't link because of remaning alarm(0); call.

Convert engine_id variable to local one

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1342)
2016-08-01 09:32:03 -04:00
Dr. Stephen Henson
d166ed8c11 check return values for EVP_Digest*() APIs
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-15 14:09:05 +01:00
Matt Caswell
f219a1b048 Revert "RT4526: Call TerminateProcess, not ExitProcess"
This reverts commit 9c1a9ccf65.

TerminateProcess is asynchronous, so the code as written in the above
commit is not correct. It is also probably not needed in the speed
case. Reverting in order to figure out the correct solution.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-16 17:37:37 +01:00
Rich Salz
9c1a9ccf65 RT4526: Call TerminateProcess, not ExitProcess
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-15 13:38:51 -04:00
Cristian Stoica
dab1f5fe4b speed.c: fix segfault with unrecognized algorithms
When an unrecognized algorithm is given on command line together with
-async_jobs, speed_main will jump to clean-up and run
ASYNC_cleanup_thread without calling ASYNC_init_thread first.

Example:
openssl speed -async_jobs 4 ras2048

Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1084)
2016-05-31 10:14:45 -04:00
Rich Salz
846e33c729 Copyright consolidation 01/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-17 14:19:19 -04:00
Andrea Grandi
447402e628 Fix error in the loop of ECDH
The tests was incorrectly repeated multiple times when using the
async_jobs options

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 10:32:18 +01:00
Rich Salz
9021a5dfb3 Rename some lowercase API's
Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 08:22:00 -04:00
Ben Laurie
402ec2f52c Signed/unsigned compare.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-18 10:21:56 +01:00
Matt Caswell
5158c763f5 Remove OPENSSL_NO_AES guards
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Matt Caswell
f3cd81d653 Deprecate RAND_cleanup() and make it a no-op
RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
b22234deeb Fix conditional compile logic in speed.c
The conditional compile logic wasn't quite right in speed.c for when
both OPENSSL_NO_DSA and OPENSSL_NO_EC are defined.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Andrea Grandi
570c0716e3 Add a check of the FD_SETSIZE before the call to select()
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-06 09:09:51 +01:00
Matt Caswell
83ae8124de Fix no-dsa
Misc fixes for no-dsa.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 14:28:56 +00:00
Matt Caswell
96bea0002b Fix no-des
Numerous fixes for no-des.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 17:07:11 +00:00
Rich Salz
1fbab1dc6f Remove Netware and OS/2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 17:06:57 -04:00
Andrea Grandi
2ea9260496 Fix names of the #define used for platform specific code
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 21:04:09 -05:00
Andrea Grandi
363a1fc602 Add empty line after local variables
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 21:04:09 -05:00
Andrea Grandi
564e10294a Fix error with wait set of fds for the select()
It also makes the call to select blocking to reduce CPU usage

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 21:04:08 -05:00
Matt Caswell
667867cced Add a function to detect if we have async or not
Add the ASYNC_is_capable() function and use it in speed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:23:42 +00:00
Andrea Grandi
1e61392296 Add support to ASYNC_WAIT_CTX to speed
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 16:27:25 +00:00
Andrea Grandi
b283968327 Remove unnecessary memset() to 0 and check for NULL before OPENSSL_free()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 16:27:25 +00:00
Andrea Grandi
0ff4343575 Fix the error with RSA and the daysnc engine in async mode.
Move RSA struct in the job local struct.
The change is applied also to other crypto operations (e.g. DSA) to
make things consistent.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 16:27:25 +00:00
Andrea Grandi
8b0b80d923 Add support for async jobs in OpenSSL speed
Summary of the changes:

* Move the calls to the crypto operations inside wrapper functions.
  This is required because ASYNC_start_job takes a function as an argument.

* Add new function run_benchmark() that manages the jobs for all the operations.
  In the POSIX case it uses a select() to receive the events from the engine
  and resume the jobs that are paused, while in the WIN case it uses PeekNamedPipe()

* Add new option argument async_jobs to enable and specify the number of async jobs

Example:
  openssl speed -engine dasync -elapsed -async_jobs 32 rsa2048

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 16:27:24 +00:00
Dr. Stephen Henson
db50c1da19 add ecdhx25519 option to speed
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Rich Salz
a773b52a61 Remove unused parameters from internal functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 13:39:44 -05:00
Andy Polyakov
6d9843e7f5 apps/speed.c: initialize c[D_GHASH][i].
RT#4230

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 11:43:02 +01:00
Rich Salz
b59e1bed7d RT3755: Remove duplicate #include
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-31 09:42:53 -05:00
Corinna Vinschen
8d35ceb98f Use POSIX functions on Cygwin, not Win32 function
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-18 16:16:00 +01:00
Richard Levitte
6c2ff56ec6 Adapt all EVP_CIPHER users for it becoming opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
846ec07d90 Adapt all EVP_CIPHER_CTX users for it becoming opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Dr. Stephen Henson
fb29bb5926 remove ecdsa.h header
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
30243c9523 remove ecdh.h header
Remove redundant ecdh.h header and any references to it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Richard Levitte
bf7c68177b Adapt the rest of the source to the opaque HMAC_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
cc9d6655a1 Have the few apps that accessed EVP_MD directly use accessors instead
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
fa0c23de83 Adapt HMAC to the EVP_MD_CTX changes
This change required some special treatment, as HMAC is intertwined
with EVP_MD.  For now, all local HMAC_CTX variables MUST be
initialised with HMAC_CTX_EMPTY, or whatever happens to be on the
stack will be mistaken for actual pointers to EVP_MD_CTX.  This will
change as soon as HMAC_CTX becomes opaque.

Also, since HMAC_CTX_init() can fail now, its return type changes from
void to int, and it will return 0 on failure, 1 on success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:36:57 +01:00
Rich Salz
b0700d2c8d Replace "SSLeay" in API with OpenSSL
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 17:21:42 -04:00
Matt Caswell
a0a82324f9 Centralise loading default apps config file
Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.

RT#4085
RT#4086

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-12 22:31:00 +01:00
Andy Polyakov
db40a14ecb Fix -Wshadow warnings in mingw builds.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:05:55 +02:00
Richard Levitte
f5349f8ca5 Small typo
OPENSSL_NO_ECA changed to OPENSSL_NO_EC

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 00:46:44 +02:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Emilia Kasper
08a721ac61 apps/speed.c: fix memory leak
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-01 20:01:55 +02:00
Tim Hudson
dfba17b4f3 Restore previous behaviour of only running one algorithm when -evp alg is used.
Submitted by: Eric Young <eay@pobox.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-17 22:20:06 +10:00
Tim Hudson
686e344918 restore usage of -elapsed that was disabled in the ifdef reorg
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-17 22:16:39 +10:00
Rich Salz
fd682e4cdd GH365: Missing #ifdef rename.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-10 12:17:53 -04:00
Rich Salz
7768e116dc Use bio_err not stderr in apps.
Except for VMS startup code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-09 12:48:55 -04:00
Rich Salz
9c3bcfa027 Standardize handling of #ifdef'd options.
Here are the "rules" for handling flags that depend on #ifdef:

- Do not ifdef the enum.  Only ifdef the OPTIONS table.  All ifdef'd
  entries appear at the end; by convention "engine" is last.  This
  ensures that at run-time, the flag will never be recognized/allowed.
  The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
  disable it; leave the "case OPT_xxx:" and "break" statements outside
  the ifdef/ifndef.  See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
  OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
  and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
  for example.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-02 12:40:24 -04:00
Richard Levitte
296f54ee21 Restore module loading
The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-05-29 12:41:50 +02:00
Kurt Cancemi
7786005d0d Add missing terminating NULL to speed_options table.
This would cause memory corruption in opt_init() because it relies on the
terminating NULL.

RT#3842

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-11 12:09:52 +01:00
Rich Salz
86885c2895 Use "==0" instead of "!strcmp" etc
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-06 22:37:53 -04:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00
Dr. Stephen Henson
bdcb1a2cf5 more OSSL_NELEM cases
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-04 13:03:49 +01:00
Rich Salz
b548a1f11c free null cleanup finale
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Matt Caswell
c826988109 Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 23:12:39 +01:00
Rich Salz
68dc682499 In apps, malloc or die
No point in proceeding if you're out of memory.  So change
*all* OPENSSL_malloc calls in apps to use the new routine which
prints a message and exits.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:48:31 -04:00
Rich Salz
b196e7d936 remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00
Rich Salz
333b070ec0 fewer NO_ENGINE #ifdef's
Make setup_engine be a dummy if NO_ENGINE is enabled.
The option is not enabled if NO_ENGINE is enabled, so the one "wasted"
variable just sits there. Removes some variables and code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 15:41:29 -04:00
Rich Salz
7e1b748570 Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb24
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 15:26:15 -04:00
Viktor Dukhovni
61986d32f3 Code style: space after 'if'
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-16 13:44:59 -04:00
Rich Salz
8fdc3734c0 free NULL cleanup.
This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-25 18:35:24 -04:00
Matt Caswell
266483d2f5 RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:38:07 +00:00
Rich Salz
d64070838e free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 23:17:16 -04:00
Rich Salz
10bf4fc2c3 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Matt Caswell
918bb86529 Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-05 09:09:57 +00:00
Rich Salz
6f91b017bb Live code cleanup: remove #if 1 stuff
For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:54:20 -05:00
Dr. Stephen Henson
a283d2a80a Remove OPENSSL_NO_HMAC
Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 12:16:58 +00:00
Rich Salz
75d0ebef2a Dead code clean: #if 0 removal in apps
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-30 14:52:57 -05:00