Commit graph

14177 commits

Author SHA1 Message Date
Alessandro Ghedini
c2319cf9fc Set salt length after the malloc has succeeded
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Alessandro Ghedini
3f6c769187 Fix memory leaks and other mistakes on errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Alessandro Ghedini
8acaabec42 Replace malloc+strlcpy with strdup
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Alessandro Ghedini
4428c7dba8 Do not treat 0 return value from BIO_get_fd() as error
0 is a valid file descriptor.

RT#4068

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Alessandro Ghedini
dad0b512e6 Remove bugs/ and crypto/threads/
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 18:41:04 +02:00
Adam Eijdenberg
8cbb048c3e Clarify return values for EVP_DigestVerifyFinal.
Previous language was unclear.  New language isn't pretty but I believe
it is more accurate.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-22 18:27:48 -04:00
Richard Levitte
5212d39bd9 Only include SRP headers when OPENSSL_NO_SRP is undefined
[fixes github issue #447]

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-22 23:45:45 +02:00
Richard Levitte
489eb74090 Make Configure die when unsupported options are given
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-22 17:37:10 +02:00
Richard Levitte
8b527be2db Add an explicit list of options that can be disabled, enabled, ...
Configure has, so far, had no control at all of which 'no-' options it
can be given.  This means that, for example, someone could configure
with something absurd like 'no-stack' and then watch the build crumble
to dust...  or file a bug report.

This introduces some sanity into the possible choices.

The added list comes from looking for the explicit ones used in
Configure, and from grepping after OPENSSL_NO_ in all source files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-22 17:37:10 +02:00
Richard Levitte
15db6a40d3 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-21 23:57:29 +02:00
Richard Levitte
a0e8da5d92 Don't forget to load the CT error strings
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-21 23:57:29 +02:00
Richard Levitte
cc79f06c0a Handle CT error macros separately
Because the default error macro generator assumes the header file with
error macros is in include/openssl and therefore generates a C file
with error texts that include <openssl/{name}.h>, we need to generate
the error macros and texts for CT separately, since the CT module
doesn't follow the default criteria.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-21 23:57:29 +02:00
Matt Caswell
21cd6e006c Don't use SSLv23_server_method in an example
The function SSLv23_server_method() is an old name. New code should use
TLS_server_method() instead. Therefore don't use SSLv23_server_method() in
an example in the docs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-21 16:22:19 +01:00
Matt Caswell
3fde6c9276 Avoid undefined behaviour in PACKET_buf_init
Change the sanity check in PACKET_buf_init to check for excessive length
buffers, which should catch the interesting cases where len has been cast
from a negative value whilst avoiding any undefined behaviour.

RT#4094

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-21 16:13:53 +01:00
Richard Levitte
788d72ba02 ct_locl.h moved, reflect it in crypto/ct/Makefile
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-18 21:31:21 +02:00
Richard Levitte
338cb76220 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-18 20:35:22 +02:00
Richard Levitte
d865cb13ba Add crypto/include/internal to the directories to scan for stack declarations
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-18 20:35:22 +02:00
Richard Levitte
eb6d5f9983 Because ct_locl.h is used between modules, move it to internal headers
Rename it to ct_int.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-18 20:35:22 +02:00
Dr. Stephen Henson
76e0cd12f6 Move auto Host adding to query_responder
Check for Host header in query_responder instead of process_responder. This
also fixes a memory leak in the old code if the headers was NULL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-18 14:36:21 +01:00
Dr. Stephen Henson
bb7fc98c43 Fix memory leak with -issuer option.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-18 14:36:21 +01:00
Dr. Stephen Henson
7f3e6f8c24 set string type when embedding
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-18 12:13:54 +01:00
Manish Goregaokar
eb05f17344 Move contributing info to CONTRIBUTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-17 18:28:03 +05:30
Rich Salz
1a3ae7883f Run tests on Travis for mingw builds as well
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-16 11:20:22 -04:00
Dmitry Belyavsky
1f08d945a7 Fix error message when loading engines from config
When using command line applications errors occur when trying to
load engines specified in a config file. Introduced by commit
a0a82324f9

RT#4093

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-16 10:11:46 +01:00
Matt Caswell
8b7080b0b7 Remove Obsolete engines
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 17:02:06 +01:00
Dr. Stephen Henson
f51e5ed6b4 Fix self signed handling.
Don't mark a certificate as self signed if keyUsage is present and
certificate signing not asserted.

PR#3979

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-15 15:36:58 +01:00
Dr. Stephen Henson
34a42e1489 embed CRL serial number and signature fields
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 15:36:58 +01:00
Dr. Stephen Henson
81e4943843 embed certificate serial number and signature fields
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 15:36:58 +01:00
Dr. Stephen Henson
4392479c08 embed value field of X509_EXTENSION
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 15:36:58 +01:00
Dr. Stephen Henson
272d917deb add CHANGES entry for embed
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 15:36:58 +01:00
Dr. Stephen Henson
4002da0f52 Handle embed flag in ASN1_STRING_copy().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 15:36:57 +01:00
Emilia Kasper
f4f78ff7da PACKET: fix __owur
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-15 16:20:22 +02:00
Emilia Kasper
bbafa47b55 Appease gcc's Wmaybe-uninitialized
False positive: gcc (4.8) can't figure out the SSL_IS_DTLS logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-15 16:19:00 +02:00
Emilia Kasper
6f73d28c20 Remove EVP_CHECK_DES_KEY
Thanks to the OpenBSD community for bringing this to our attention.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-14 18:45:33 +02:00
Emilia Kasper
b84939cc96 ct_locl.h: fix some comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-14 17:19:35 +02:00
Emilia Kasper
58dd1ce91a make depend: prefer clang over makedepend
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-14 17:10:20 +02:00
Dr. Stephen Henson
4ec36aff2a RFC5753 compliance.
RFC5753 requires that we omit parameters for AES key wrap and set them
to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm
parameters so can transparently handle either form.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-13 22:57:47 +01:00
Alessandro Ghedini
6220acf887 Add Clang 3.6 and additional GCC 5 builds to travis
Follow-up to f386742.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-13 16:13:07 -04:00
Alessandro Ghedini
f386742cfb GH429: Add clang to travis
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-13 14:04:53 -04:00
Andy Polyakov
2d2a83543f testlib/OpenSSL/Test.pm: remove redundant 'cmd /c', MSWin32 Perl can take care of itself.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-13 19:48:28 +02:00
Andy Polyakov
82987e6119 Harmonize do_rehash_rule with updated test/recipies/25-test_verify.t.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-13 19:48:15 +02:00
Andy Polyakov
85833408b4 Test suite: chomp->s/\R// to harmonize with mingw 'make test'.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-13 19:48:03 +02:00
Andy Polyakov
4ada8be2a6 Test suite: minimal required to get mingw 'make test' work under Linux.
(part by Alessandro Ghedini)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-13 19:46:50 +02:00
Matt Caswell
1dce6c3f9e Rename -set-serial command to req
Previous OpenSSL versions used -set_serial, but master was using
-set-serial - so rename it back to the old version.

RT#4059

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-12 22:42:23 +01:00
Matt Caswell
a0a82324f9 Centralise loading default apps config file
Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.

RT#4085
RT#4086

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-12 22:31:00 +01:00
Matt Caswell
d175e8a6c2 Fix option name discrepancy
There used to be options -macopt and -sigopt in <=1.0.2 for the dgst
command line app. These were incorrectly spelled as -macop and -sigop in
master.

RT#4072

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-12 12:45:40 +01:00
Andy Polyakov
dc8980957b Configurations: move -Wno-pedantic-ms-format to .travis.yml.
The option is not available in older toolchains and would cause breakage.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-12 12:07:29 +02:00
Dr. Stephen Henson
af170194a8 embed OCSP_CERTID
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-11 20:33:57 +01:00
Dr. Stephen Henson
47c9a1b509 embed support for ASN1_STRING
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-11 20:33:57 +01:00
Dr. Stephen Henson
a332635ea0 Embed various OCSP fields.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-11 20:33:57 +01:00