Commit graph

16832 commits

Author SHA1 Message Date
Richard Levitte
97665e1c4f Fix util/mkerr.pl
- Adjust mkerr.pl to produce the line length we used for source
  reformating.

- Have mkerr.pl keep track of preprocessor directive indentation

  Among others, do not spuriously throw away a #endif at the end of
  header files.

- Make sure mkerr.pl specifies any header inclusion correctly

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 22:03:11 +02:00
Viktor Dukhovni
f3e235ed6f Ensure verify error is set when X509_verify_cert() fails
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 15:16:37 -04:00
Viktor Dukhovni
5fba3912cc Clarify negative return from X509_verify_cert()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 15:15:24 -04:00
hesiod
872759053b Make OPENSSL_die as noreturn
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/526)
2016-05-18 13:37:01 -04:00
Richard Levitte
a37458c1bf Document the esc_2254 command line name option
RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 18:30:00 +02:00
Richard Levitte
0794b6a6a8 make update
RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 18:30:00 +02:00
Richard Levitte
bc77651098 Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()
Also adds 'esc_2254' to the possible command line name options

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 18:30:00 +02:00
Dr. Stephen Henson
52832e470f OID code tidy up.
Tidy up and simplify OBJ_dup() and OBJ_create().

Sanity check added OIDs: don't allow duplicates.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 15:33:11 +01:00
Rich Salz
9e20068958 Consolidate copyright for demos
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 09:23:31 -04:00
Matt Caswell
569d064609 Add some error messages for malloc fails
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
Matt Caswell
6ef020c988 Better checks for malloc failure in various METHOD functions
A number of the METHOD functions weren't properly handling malloc failures.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
Matt Caswell
24854e0117 Fix some malloc failures in b_addr.c
There were some unchecked calls to OPENSSL_strdup().

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
Matt Caswell
690b462126 Add some check for malloc failure in the CAPI engine
In the CAPI engine there were some unchecked calls to OPENSSL_strdup().

GH Issue #830

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
FdaSilvaYY
15b083e44e Fix ts app help message
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-18 10:44:08 +01:00
FdaSilvaYY
fba1366398 Locally declare some variables
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-18 10:44:08 +01:00
FdaSilvaYY
bde136c89f Few cleanups in s_client, s_server apps.
Discard useless static engine_id
Add a const qualifier
Fix some spelling

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-18 10:44:08 +01:00
Kazuki Yamaguchi
d2dfd4820b Fix a NULL dereference in chacha20_poly1305_init_key()
chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 11:08:55 +02:00
Rich Salz
b6cff313cb Manual fixes after copyright consolidation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 17:38:18 -04:00
Rich Salz
6ddbb4cd92 X509_STORE_CTX accessors.
Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 16:06:09 -04:00
Rich Salz
aa6bb1352b Copyright consolidation 05/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 15:38:09 -04:00
Rich Salz
b1322259d9 Copyright consolidation 09/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:53:16 -04:00
Rich Salz
2039c421b0 Copyright consolidation 08/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:34 -04:00
Rich Salz
d2e9e32018 Copyright consolidation 07/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:26 -04:00
Rich Salz
4f22f40507 Copyright consolidation 06/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:04 -04:00
Rich Salz
6286757141 Copyright consolidation 04/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:24:46 -04:00
Rich Salz
21dcbebc6e Copyright consolidation 03/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:24:17 -04:00
Rich Salz
440e5d805f Copyright consolidation 02/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:20:27 -04:00
Rich Salz
846e33c729 Copyright consolidation 01/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-17 14:19:19 -04:00
Matt Caswell
be9c8deb7d Add a comment to explain the use of |num_recs|
In the SSLV2ClientHello processing code in ssl3_get_record, the value of
|num_recs| will always be 0. This isn't obvious from the code so a comment
is added to explain it.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-17 16:37:45 +01:00
Matt Caswell
8aac5d2e5a Fix RSA dasync engine bug
When RSA went opaque a bug was introduced into the dasync engine where
the wrong function was being set for the rsa_priv_dec operation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-17 16:37:45 +01:00
Matt Caswell
de0717ebcc Use the current record offset in ssl3_get_record
The function ssl3_get_record() can obtain multiple records in one go
as long as we are set up for pipelining and all the records are app
data records. The logic in the while loop which reads in each record is
supposed to only continue looping if the last record we read was app data
and we have an app data record waiting in the buffer to be processed. It
was actually checking that the first record had app data and we have an
app data record waiting. This actually amounts to the same thing so wasn't
wrong - but it looks a bit odd because it uses the |rr| array without an
offset.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-17 16:37:45 +01:00
Matt Caswell
6da5739215 There is only one read buffer
Pipelining introduced the concept of multiple records being read in one
go. Therefore we work with an array of SSL3_RECORD objects. The pipelining
change erroneously made a change in ssl3_get_record() to apply the current
record offset to the SSL3_BUFFER we are using for reading. This is wrong -
there is only ever one read buffer. This reverts that change. In practice
this should make little difference because the code block in question is
only ever used when we are processing a single record.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-17 16:37:45 +01:00
Kurt Cancemi
5507b9610a Fix typos in apps/enc.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-17 14:38:28 +01:00
Matt Caswell
d4d7894379 Fix some out of date comments
Fix various references to s3_clnt.c and s3_srvr.c which don't exist
any more.

GitHub Issue #765

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:34:30 +01:00
Matt Caswell
2647e2617e Remove repeated condition from if in X509_NAME_oneline
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING
twice. We only need to do it once.

GitHub Issue #656

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:27:19 +01:00
Matt Caswell
c0e32b1609 Correct documentation error
SSL_get_async_wait_fd() was replaced by SSL_get_all_async_fds() and
SSL_get_changed_async_fds().

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:21:06 +01:00
Andy Polyakov
ff715da492 test/evp_test.c: exercise in-place encryption.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-16 22:26:37 +02:00
Andy Polyakov
6133b4edbd ARMv8 assembly pack: add OPENSSL_cleanse.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 22:21:17 +02:00
Matt Caswell
a7f9e0a45f Remove an unneccessary check of cipher
Due to short-circuiting we only need to check "cipher" for NULL once.

PR#699

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 20:28:03 +01:00
Rich Salz
49445f21da Use OPENSSL_hexchar2int
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 15:21:10 -04:00
Rich Salz
589902b2cb Use app_malloc; two missing cases.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 15:18:22 -04:00
Steffan Karger
2194351fda const correctness: make HMAC_size() take a const *
CLA: none; trivial

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1070
2016-05-16 20:56:56 +02:00
Kurt Roeckx
d139723b0e session tickets: use more sizeof
Reviewed-by: Matt Caswell <matt@openssl.org>

MR: #2153
2016-05-16 20:43:20 +02:00
TJ Saunders
05df5c2036 Use AES256 for the default encryption algoritm for TLS session tickets
This involves providing more session ticket key data, for both the cipher and
the digest

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #515, MR: #2153
2016-05-16 20:43:06 +02:00
TJ Saunders
4e2e1ec9d5 session tickets: Use sizeof() for the various fields
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #515, MR: #2153
2016-05-16 20:42:21 +02:00
Dr. Stephen Henson
c821defc3f Don't load same config file twice.
RT#4215

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 18:29:27 +01:00
Richard Levitte
727ee8cfeb Documentation: Clarify sizes for UI_add_input_string()
The given sizes to not include the final NUL character.

RT#2622

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 18:34:45 +02:00
Matt Caswell
6ae5452481 Workaround an IO::Socket::IP bug
Workaround an apparent IO:Socket::IP bug where a seemingly valid
server socket is being returned even though a valid connection does not
exist. This causes the tests to intermittently hang. We additionally check
that the peerport looks ok to verify that the returned socket looks usable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 17:19:55 +01:00
Viktor Dukhovni
5c4328f04f Fold threads.h into crypto.h making API public
Document thread-safe lock creation

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 12:16:26 -04:00
Richard Levitte
b160f2823f Don't require any length of password when decrypting
RT#2534

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-16 18:03:40 +02:00