Emilia Kasper
b597aab84e
Build fixes
...
Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 0e1c318ece
)
2014-12-17 14:31:05 +01:00
Adam Langley
4aecfd4d9f
Premaster secret handling fixes
...
From BoringSSL
- Send an alert when the client key exchange isn't correctly formatted.
- Reject overly short RSA ciphertexts to avoid a (benign) out-of-bounds memory access.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-12-17 14:01:19 +01:00
Richard Levitte
57dc72e018
Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed)
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17 10:15:09 +01:00
Richard Levitte
6dec5e1ca9
Clear warnings/errors within TLS_DEBUG code sections
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17 10:15:09 +01:00
Richard Levitte
3ddb2914b5
Clear warnings/errors within KSSL_DEBUG code sections
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17 10:15:09 +01:00
Richard Levitte
a501f647aa
Clear warnings/errors within CIPHER_DEBUG code sections
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17 10:15:09 +01:00
Richard Levitte
72b5d03b5b
Clear warnings/errors within CIPHER_DEBUG code sections
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17 10:15:09 +01:00
Richard Levitte
a93891632d
Clear warnings/errors within BN_CTX_DEBUG code sections
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17 10:15:09 +01:00
Emilia Kasper
a015758d11
Check for invalid divisors in BN_div.
...
Invalid zero-padding in the divisor could cause a division by 0.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a43bcd9e96
)
2014-12-17 10:01:04 +01:00
Matt Caswell
789da2c73d
The dtls1_output_cert_chain function no longer exists so remove it from
...
ssl_locl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-16 15:02:03 +00:00
Adam Langley
ec1af3c419
Don't set client_version to the ServerHello version.
...
The client_version needs to be preserved for the RSA key exchange.
This change also means that renegotiation will, like TLS, repeat the old
client_version rather than advertise only the final version. (Either way,
version change on renego is not allowed.) This is necessary in TLS to work
around an SChannel bug, but it's not strictly necessary in DTLS.
(From BoringSSL)
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:44:17 +00:00
Matt Caswell
db812f2d70
Add more meaningful OPENSSL_NO_ECDH error message for suite b mode
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:14:09 +00:00
Matt Caswell
ad500fdc49
Rename gost2814789t.c to gost2814789test.c. The old name caused problems
...
for dummytest if gost is compiled out, since the name of the test is not
standard (dummytest segfaults). Also the old name caused problems for git
because the executable was not in the .gitignore file
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:14:03 +00:00
Matt Caswell
fd86c2b153
Add missing OPENSSL_NO_EC guards
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:13:56 +00:00
Matt Caswell
af6e2d51bf
Add OPENSSL_NO_ECDH guards
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:13:45 +00:00
Matt Caswell
55e530265a
Remove extraneous white space, and add some braces
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 00:00:25 +00:00
Matt Caswell
1904d21123
DTLS fixes for signed/unsigned issues
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-15 23:59:50 +00:00
Rich Salz
129c81b951
RT3497: The ticket that keeps on giving.
...
Don't remove c_rehash that wasn't created by make; this script
is created by configure.
This fix brought to you by the letter "f" and
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-12-15 12:26:02 -05:00
Kurt Roeckx
995207bedc
Allow using -SSLv2 again when setting Protocol in the config.
...
RT#3625
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-15 18:09:53 +01:00
Rich Salz
56999ba589
RT3497: Fix; don't remove header files
...
Doing 'config ; make clean' broke because clean removed
header files that normal build didn't create. So don't
remove those files. Hopefully will be better addressed by
Geoff's no-symlinks patch.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-15 09:18:11 -05:00
Emilia Kasper
9669d2e1ad
Fix unused variable warning
...
The temporary variable causes unused variable warnings in opt mode with clang,
because the subsequent assert is compiled out.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-15 13:12:44 +01:00
Matt Caswell
24097938ad
Fixed memory leak if BUF_MEM_grow fails
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-12-13 00:02:20 +00:00
Rich Salz
c3f22253b1
RT1688: Add dependencies for parallel make
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-12-12 13:17:51 -05:00
Matt Caswell
fd0ba77717
make update
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Rich Salz
e03af1789f
Minor doc fixes.
...
In EVP_EncryptInit remove duplicate mention of EVP_idea_cbc()
In EVP_PKEY_CTX_ctrl.pod remove EVP_PKEY_get_default_digest_nid
since it is documented elsewhere.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-11 17:05:57 -05:00
Rich Salz
5ab65c50ef
RT3497: Clean up "dclean" targets
...
Some Makefiles had actions for "dclean" that really belonged
to the "clean" target. This is wrong because clean ends up,
well, not really cleaning everything.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-11 17:01:16 -05:00
Rich Salz
5cf37957fb
RT3543: Remove #ifdef LINT
...
I also replaced some exit/return wrappers in various
programs (from main) to standardize on return.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-10 17:31:04 -05:00
Rich Salz
a4a934119d
Remove old private pod2man
...
Include Richard's point to remove the 'sh -c' wrapper
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-10 17:10:59 -05:00
Kurt Roeckx
5b17b79a89
capi_ctrl, capi_vtrace: check for NULL after allocating and free it
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
3a7581bf5a
tree_print: check for NULL after allocating err
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
288b4e4f8f
tls1_heartbeat: check for NULL after allocating buf
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
c27dc3981c
tls1_process_heartbeat: check for NULL after allocating buffer
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
fed5b55252
SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
e9e688effb
serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:17 +01:00
Jonas Maebe
bf8e7047aa
ssl3_digest_cached_records: check for NULL after allocating s->s3->handshake_dgst
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:17 +01:00
Jonas Maebe
9052ffda91
ssl3_get_certificate_request: check for NULL after allocating s->cert->ctypes
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:17 +01:00
Jonas Maebe
d00b1d62d6
SSL_COMP_add_compression_method: exit if allocating the new compression method struct fails
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:17 +01:00
Matt Caswell
02a62d1a4a
Move bn internal functions into bn_int.h and bn_lcl.h
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:42 +00:00
Matt Caswell
e35af275d5
Update documentation following BN opaquify
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:36 +00:00
Matt Caswell
1939187922
Make bn opaque
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:27 +00:00
Matt Caswell
348d0d148a
Update apps for bn opaque change
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:19 +00:00
Matt Caswell
29e7a56d54
Disable engines that will fail to build when bn is made opaque
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:12 +00:00
Matt Caswell
2cbc8d7de5
Implement internally opaque bn access from ts
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:07 +00:00
Matt Caswell
aeb556f831
Implement internally opaque bn access from srp
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:02 +00:00
Matt Caswell
18125f7f55
Implement internally opaque bn access from rsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:57 +00:00
Matt Caswell
68c29f61a4
Implement internally opaque bn access from evp
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:52 +00:00
Matt Caswell
5784a52145
Implement internally opaque bn access from ec
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:47 +00:00
Matt Caswell
c0d4390194
Implement internally opaque bn access from dsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:41 +00:00
Matt Caswell
829ccf6ab6
Implement internally opaque bn access from dh
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:32 +00:00
Matt Caswell
76b2a02274
Implement internally opaque bn access from asn1
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:26 +00:00