Commit graph

15356 commits

Author SHA1 Message Date
Dr. Stephen Henson
59b1696c0c SSL library configuration module.
This adds support for SSL/TLS configuration using configuration modules.
Sets of command value pairs are store and can be replayed through an
SSL_CTX or SSL structure using SSL_CTX_config or SSL_config.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 15:14:14 +00:00
Rich Salz
4fae386cb0 Cleanup CRYPTO_{push,pop}_info
Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 09:11:07 -05:00
Rich Salz
c99de0533d Rename *_realloc_clean to *_clear_realloc
Just like *_clear_free routines.  Previously undocumented, used
a half-dozen times within OpenSSL source.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 07:32:51 -05:00
Kurt Roeckx
f5d97098a4 Also change the non-debug versions to use size_t
Reviewed-by: Richard Levitte <levitte@openssl.org>
MR: #1518
2015-12-22 12:55:11 +01:00
David Benjamin
679d87515d Fix memory leak in DSA redo case.
Found by clang scan-build.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>

RT: #4184, MR: #1496
2015-12-22 11:05:51 +01:00
Andy Polyakov
91cf7551a1 Configure: refine 'reconf' logic.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-22 10:32:08 +01:00
Andy Polyakov
b859d70d4a bn/asm/bn-c64xplus.asm: update commentary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-22 10:30:03 +01:00
Andy Polyakov
cfe670732b sha/asm/sha256-armv4.pl: one of "universal" flags combination didn't compile.
(and unify table address calculation in ARMv8 code path).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-21 13:41:47 +01:00
Matt Caswell
79caf5d323 Fix URLs mangled by reformat
Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-19 20:33:00 +00:00
Richard Levitte
7a64489f9e Fix the etags action line, as etags doesn't take -R
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-19 18:03:40 +01:00
Dr. Stephen Henson
bc71f91064 Remove fixed DH ciphersuites.
Remove all fixed DH ciphersuites and associated logic.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-19 16:14:51 +00:00
Dr. Stephen Henson
74a62e9629 delete unused context
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-19 15:04:17 +00:00
Rich Salz
7795475f53 Remove some L<asdf|asdf> which crept back in.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-18 14:55:37 -05:00
Rich Salz
f4d654d2f2 Remove err and prime demo's
ERR is not really a public facility; remove the demo.
prime shows how to generate a prime.  See apps.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-18 14:54:12 -05:00
Richard Levitte
31384753c7 Remove the "eay" c-file-style indicators
Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-18 13:08:40 +01:00
Matt Caswell
0d3587c7fc Add SSL_CIPHER_description() for Chacha20/Poly1305
SSL_CIPHER_description() was returning "unknown" for the encryption
in the new ChaCha20/Poly1305 TLS ciphersuites.

RT#4183

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-17 13:45:23 +00:00
Richard Levitte
ff8428561a Modify the lower level memory allocation routines to take size_t
We've been using int for the size for a long time, it's about time...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-17 08:24:26 +01:00
Rich Salz
33eaf4c27e mem-cleanup, cont'd.
Remove LEVITTE_DEBUG_MEM.
Remove {OPENSSL,CRYPTO}_remalloc.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-16 22:23:57 -05:00
Rich Salz
3b089ca21b Rename sec_mem to mem_sec, like other files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 22:09:39 -05:00
Rich Salz
2503af2684 Fix typo.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 17:58:32 -05:00
Rich Salz
2e31ef0366 Provide better "make depend" warning.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-16 17:43:41 -05:00
Ben Laurie
a7a14a23a9 Fix no-dgram.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 21:31:56 +00:00
Rich Salz
7644a9aef8 Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 16:14:49 -05:00
Dr. Stephen Henson
e4cf866322 fix for no-ec
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-16 15:22:33 +00:00
Dr. Stephen Henson
91b0d2c114 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
61dd9f7a22 Use EVP_PKEY for client side EC.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
880d9d8609 Use EVP_PKEY for server EC.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
3f3504bdaf Add ECDH/DH utility functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
44d4f8f2d7 remove unnecessary key copy
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
2c61a5ecca Constify EC_KEY in ECDH_compute_key.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
c66ce5eb23 Remove ECDH client auth code.
Remove incomplete non-functional ECDH client authentication code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
57be4444c6 Remove SSL_OP_SINGLE_ECDH_USE code.
Since auto ecdh is now always used SSL_OP_SINGLE_ECDH_USE is
redundant. Simplify associated code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
cae4136431 Use EC_KEY_key2buf and EC_oct2key in libssl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
981bd8a2f2 New EC functions.
New functions EC_POINT_point2buf and EC_KEY_key2buf which encode
a point and allocate a buffer in one call.

New function EC_KEY_oct2key() which sets public key in an EC_KEY
structure from an encoded point.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Matt Caswell
19a86b0301 Fix build on Solaris
Solaris builds were failing during async compilation because the .o files
created from compiling the corresponding .c files held in async/arch were
ending up in the top level async directory. Consequently the link fails
because it can't find the .o files.

Thanks to Richard Levitte for pointing me in the right direction on this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-15 23:40:22 +00:00
Matt Caswell
3addf183fa Fix updating via mkdef.pl
The previous commit introduced a new file format for ssleay.num and
libeay.num, i.e. the introduction of a version field. Therefore the update
capability in mkdef.pl needs updating to take account of the new format.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-15 16:46:48 +00:00
Matt Caswell
e863d92010 Don't export internal symbols
On Linux when creating the .so file we were exporting all symbols. We should
only be exporting public symbols. This commit fixes the issue. It is only
applicable to linux currently although the same technique may work for other
platforms (e.g. Solaris should work the same way).

This also adds symbol version information to our exported symbols.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-15 16:46:48 +00:00
Richard Levitte
ea09088e17 Better splitting regexp for test_ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-15 17:02:34 +01:00
Rich Salz
2ab9687479 Remove GMP engine.
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-12-15 07:59:56 -05:00
Matt Caswell
8caab744f5 Fix s_server problem with no-ec
s_server was trying to set the ECDH curve when no-ec was defined. This also
highlighted the fact that the -no_ecdhe option to s_server is broken, and
doesn't make any sense any more (ECDHE is on by default and the only way it
can be disabled is through the cipherstring). Therefore this commit removes
the option.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-15 11:26:38 +00:00
Matt Caswell
73cd6175b9 Fix no-psk compile failure
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-15 11:22:34 +00:00
Matt Caswell
bbf431cb5e Fix compile failure with no-srp
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-15 11:22:34 +00:00
Dr. Stephen Henson
0c497e96c4 Update EVP_PKEY documentation.
Add EVP_PKEY_up_ref() documentation and fix various typos.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
6745fcf627 make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
c01ff880d4 New function X509_get0_pubkey
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
2872dbe1c4 Add EVP_PKEY_get0_* functions.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
2986ecdc08 Extend EVP_PKEY_copy_parameters()
Make EVP_PKEY_copy_parameters() work if the destination has no type
(e.g. if obtained from EVP_PKEY_new()) or the underlying key is NULL.
This is useful where we want to copy the parameters from an existing
key to a new key.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Emilia Kasper
d911097d7c Fix a ** 0 mod 1 = 0 for real this time.
Commit 2b0180c37f attempted to do this but
only hit one of many BN_mod_exp codepaths. Fix remaining variants and add
a test for each method.

Thanks to Hanno Boeck for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-14 17:39:39 +01:00
Andy Polyakov
81eae077ce crpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-14 16:09:25 +01:00
Andy Polyakov
2688d99989 crypto/ppccap.c: add SIGILL-free processor capability detection code.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-14 16:08:49 +01:00