Commit graph

16632 commits

Author SHA1 Message Date
Andy Polyakov
c6b77c16a6 MIPS64 assembly pack: add Poly1305 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 20:27:52 +02:00
Andy Polyakov
6646f69f31 Configure: replace which() with IPC::Cmd::can_run.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 20:22:39 +02:00
Andy Polyakov
c3ad47f501 windows-makefile.tmpl: minor adjustments.
- some Perl versions are allergic to missing ';';
- don't stop if del fails;
- omit unused environment variable;

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-10 20:20:40 +02:00
Andy Polyakov
6d8b3dce7c util/mkdef.pl: omit ordinals from Windows DLLs.
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-10 20:20:21 +02:00
Dr. Stephen Henson
981b5bb8ef Typo.
RT#4538

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-10 16:39:52 +01:00
Richard Levitte
6d53100f6e Fix the docs for ERR_remove_thread_state and ERR_remove_state
Don't primarly recommend using OPENSSL_thread_stop(), as that's a last
resort.  Instead, recommend leaving it to automatic mechanisms.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-10 13:12:01 +02:00
Richard Levitte
21e001747d Restore the ERR_remove_thread_state() API and make it a no-op
The ERR_remove_thread_state() API is restored to take a pointer
argument, but does nothing more.  ERR_remove_state() is also made into
a no-op.  Both functions are deprecated and users are recommended to
use OPENSSL_thread_stop() instead.

Documentation is changed to reflect this.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-10 11:31:05 +02:00
Richard Levitte
06aa885d0c Have [.VMS]openssl_{startup,shutdown}.com depend on respective *.in
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-10 11:28:00 +02:00
Richard Levitte
ee7fb55e88 Fix VMS/openssl_{startup,shutddown}.com.in
They were using the wrong variables.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-10 11:28:00 +02:00
Andy Polyakov
f58a0acb79 Configure: adhere to $(CROSS_COMPILE)ranlib.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 09:15:10 +02:00
Andy Polyakov
c145d19771 Configure: make it work with Perl 5.10.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 09:13:05 +02:00
Andy Polyakov
c21c7830ac IRIX fixes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 08:44:51 +02:00
Richard Levitte
59a56c4cf0 Add NULL check in i2d_PrivateKey()
Originally submitted by Kurt Cancemi <kurt@x64architecture.com>

Closes RT#4533

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 22:29:13 +02:00
David Benjamin
f7aa318552 Don't send signature algorithms when client_version is below TLS 1.2.
Per RFC 5246,

    Note: this extension is not meaningful for TLS versions prior to 1.2.
    Clients MUST NOT offer it if they are offering prior versions.
    However, even if clients do offer it, the rules specified in [TLSEXT]
    require servers to ignore extensions they do not understand.

Although second sentence would suggest that there would be no interop
problems in always offering the extension, WebRTC has reported issues
with Bouncy Castle on < TLS 1.2 ClientHellos that still include
signature_algorithms. See also
https://bugs.chromium.org/p/webrtc/issues/detail?id=4223

RT#4390

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-09 17:46:23 +01:00
Matt Caswell
3105d69535 Fix BIO_eof() for BIO pairs
BIO_eof() was always returning true when using a BIO pair. It should only
be true if the peer BIO is empty and has been shutdown.

RT#1215

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-09 17:05:16 +01:00
Hansruedi Patzen
2e66d3d674 Fix: failed to open config file if not specified when using CA commands
Issue was introduced in
a0a82324f9

This patch fixes an issue which causes the 'openssl ca' commands to
fail if '-config' is not specified even if it says so otherwise.
Problem is that the default config is not loaded and the conf variable
is NULL which causes an exception.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-09 16:55:47 +02:00
Richard Levitte
e817315702 VMS: support VERBOSE and V in descrip.mms
With Unixly Makefiles as well as with nmake, make variables are
transferred to the shell running the commands as envinronment
variables.  This principle doesn't apply with MMS, so we must
explicitely define VERBOSE as commands when it's needed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-09 16:11:36 +02:00
Dr. Stephen Henson
be6bdab6f8 Recognise VERBOSE and V as well as HARNESS_VERBOSE
PR#4462

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-09 14:08:25 +01:00
Rich Salz
191c0e2e87 Missing credit in CHANGES
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-09 08:56:35 -04:00
Andrea Grandi
447402e628 Fix error in the loop of ECDH
The tests was incorrectly repeated multiple times when using the
async_jobs options

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 10:32:18 +01:00
Matt Caswell
fbdf0299dc Free any existing SRTP connection profile
When setting a new SRTP connection profile using
SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() we should
free any existing profile first to avoid a memory leak.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-09 10:25:34 +01:00
Andy Polyakov
9921b7b6a2 Configurations/windows-makefile.tmpl: expand environments early.
If environment variables are not explanded early enough, expanded
strings are passed with single backslash to C compiler, e.g.
C:\Program Files, which effectively results in OpenSSL looking for
engines and certificates in C:Program Files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-09 10:40:56 +02:00
FdaSilvaYY
dccd20d1b5 fix tab-space mixed indentation
No code change

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:09:55 +01:00
J Mohan Rao Arisankala
e0d32e98f0 fix check
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:06:06 +01:00
J Mohan Rao Arisankala
cb1d435cac few missing allocation failure checks and releases on error paths
- Missing checks for allocation failure.
- releasing memory in few missing error paths

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:06:06 +01:00
Ben Laurie
5cf14ce074 memset() doesn't take NULL.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-07 18:28:07 +01:00
Ben Laurie
c38bb72797 Add fuzzing!
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-07 18:13:54 +01:00
Dr. Stephen Henson
049f5bbce3 Constify PKCS12_newpass()
PR#4449

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-06 21:21:54 +01:00
Jeffrey Walton
c95a8b4eb5 Add documentation of PKCS12_newpass()
PR#4478

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-06 21:21:43 +01:00
Dr. Stephen Henson
d800d0f45b Tidy up PKCS12_newpass() fix memory leaks.
PR#4466

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-06 21:19:36 +01:00
Dr. Stephen Henson
708cf5ded2 Only set CMS parameter when encrypting
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-06 21:12:29 +01:00
isnotnick
ec5b56f3c5 RT3513: req doesn't display attributes using utf8string
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-06 15:58:24 +02:00
Andy Polyakov
4b16fa791d README.PERL: clarify "matching" Perl requirement on Windows.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-06 09:49:39 +02:00
Andy Polyakov
3992e8c023 poly1305/asm/poly1305-x86_64.pl: contain symbols within shared lib.
We don't need it, but external users might find it handy.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-06 09:48:15 +02:00
Andy Polyakov
284116575d poly1305/asm/poly1305-x86_64.pl: make it cross-compile.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-06 09:46:39 +02:00
Andy Polyakov
3732f12c66 testlib/OpenSSL/Test.pm: address 5.10 warnings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-06 09:44:50 +02:00
Andy Polyakov
9a2d2fb338 test/evp_test.c: exercise different combinations of data misalignment.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-06 09:41:24 +02:00
Dr. Stephen Henson
c0aa8c2748 Use default ASN.1 for SEED.
The default ASN.1 handling can be used for SEED. This also makes
CMS work with SEED.

PR#4504

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 23:59:01 +01:00
Dr. Stephen Henson
5ff73fb230 typo
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 23:52:52 +01:00
Rich Salz
4a8e9c22f4 Move 3DES from HIGH to MEDIUM
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-05 17:31:53 -04:00
Dr. Stephen Henson
3fd60dc422 Always try to set ASN.1 parameters for CMS.
Try to set the ASN.1 parameters for CMS encryption even if the IV
length is zero as the underlying cipher should still set the type.

This will correctly result in errors if an attempt is made to use
an unsupported cipher type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 22:30:23 +01:00
Sergio Garcia Murillo
50b4a9ba13 GH356: Change assert to normal error
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 17:27:30 -04:00
Matt Caswell
fc7f190c73 Handle no async jobs in libssl
If the application has limited the size of the async pool using
ASYNC_init_thread() then we could run out of jobs while trying to start a
libssl io operation. However libssl was failing to handle this and treating
it like a fatal error. It should not be fatal...we just need to retry when
there are jobs available again.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-05 19:39:14 +01:00
Emilia Kasper
0eadff033f Document inversion ladder in curve25519
This demystifies two for-loops that do nothing. They were used to write
the ladder in a unified way. Now that the ladder is otherwise commented,
remove the dead loops.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 18:51:53 +02:00
Rich Salz
fb37410ee0 Script changed; update the generated file.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-05 11:34:31 -04:00
Matt Caswell
485b78ddaa Improve heartbeats coding style
Based on an orignal commit by GitHub user BertramScharpf. Rebased and
updated to take account of all the updates since this was first raised.

GH PR#62

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 16:30:35 +01:00
Rich Salz
e8b7c0c472 Tweak generated warning lines.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-05 11:06:04 -04:00
J Mohan Rao Arisankala
c3d93da03b remove unused macros in list -disabled
list -disabled was checking OPENSSL_NO_SSL/OPENSSL_NO_TLS, which are
not used to disable SSL/TLS respectively.
Building with these macros wrongly show as SSL/TLS disabled, hence
removing this code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-05 14:25:41 +01:00
FdaSilvaYY
d5e8679684 Fix spelling
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1021
2016-05-05 14:13:38 +02:00
Dr. Stephen Henson
9d103dbb6f support embed in ASN.1 print
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-04 20:09:02 +01:00