root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
17,648 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

17648 Commits

Author SHA1 Message Date
Matt Caswell 5e6089f0eb Convert X509_CRL* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-17 13:38:03 +01:00
Matt Caswell 6eabcc839f Make X509_NAME_get0_der() conform to OpenSSL style 
Put the main object first in the params list.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-17 13:03:04 +01:00
Dr. Stephen Henson a0754084f8 Corrupt signature in place. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 12:34:22 +01:00
Matt Caswell 79613ea844 Convert OCSP* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-17 12:29:03 +01:00
Dr. Stephen Henson 245c6bc33b Constify private key decode. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 12:01:29 +01:00
Dr. Stephen Henson ac4e257747 constify X509_ALGOR_get0() 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 12:01:29 +01:00
Dr. Stephen Henson 0c8006480f Constify ASN1_item_unpack(). 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 12:01:29 +01:00
Remi Gacogne fddfc0afc8 Add missing session id and tlsext_status accessors 
* SSL_SESSION_set1_id()
 * SSL_SESSION_get0_id_context()
 * SSL_CTX_get_tlsext_status_cb()
 * SSL_CTX_get_tlsext_status_arg()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 10:38:20 +01:00
Richard Levitte 46117d31fe dasync is an internal testing engine, so don't install it 
Unfortunately, it means that the VMS IVP gets a bit crippled.  This
will be fixed later on.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 10:50:31 +02:00
Richard Levitte 2238119751 VMS: no ENDIF on one line IF statements, in config.com 
Correct small error from last config.com change

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 10:48:43 +02:00
Matt Caswell 48593cb12a Convert SSL_SESSION* functions to use const getters 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-16 23:36:28 +01:00
Matt Caswell b2e57e094d Convert PKCS8* functions to use const getters 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-16 23:36:27 +01:00
Matt Caswell bb2f62baba Convert TS_STATUS_INFO* functions to use const getters 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-16 23:36:27 +01:00
FdaSilvaYY 69b86d4b98 two typo fixes 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1461)
 2016-08-16 15:51:58 -04:00
Gergely Nagy 1bb7310bf8 Fix compilation when using MASM on x86 
The generated asm code from x86cpuid.pl contains CMOVE instructions
which are only available on i686 and later CPUs.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1459)
 2016-08-16 14:46:55 -04:00
Matt Caswell 2ecb9f2d18 Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() 
These functions are no longer relevant to 1.1.0 (we always have auto ecdh
on) - but no reason to break old code that tries to call it. The macros will
only return a dummy "success" result if the app was trying to enable ecdh.
Disabling can't be done in quite this way any more.

Fixes Github Issue #1437

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2016-08-16 17:11:43 +01:00
Matt Caswell f9cf774cbd Ensure we unpad in constant time for read pipelining 
The read pipelining code broke constant time unpadding. See GitHub
issue #1438

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 16:53:17 +01:00
Dr. Stephen Henson 0f022f5a22 Corrupt signature earlier. 
If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 16:05:36 +01:00
Dr. Stephen Henson 34d4d74575 make update 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 16:05:36 +01:00
Dr. Stephen Henson 17ebf85abd Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data(). 
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 16:05:35 +01:00
Richard Levitte 1940aa6e6b Remove duplicate ordinals 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 14:16:53 +02:00
Andy Polyakov 05ef4d1980 ARMv8 assembly pack: add Samsung Mongoose results. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-16 12:47:49 +02:00
Andy Polyakov 9d46752dfe Configure: recognize -static as link option and disable incompatible options. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 12:45:51 +02:00
Andy Polyakov f4941736a9 test/ssl_test.tmpl: make it work with elderly perl. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 12:43:44 +02:00
David Woodhouse 31c34a3e2f Fix satsub64be() to unconditionally use 64-bit integers 
Now we support (u)int64_t this can be very much simpler.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-16 10:24:57 +01:00
Emilia Kasper e0421bd8b2 SSL tests: send some application data 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 11:00:15 +02:00
Richard Levitte ffb261ff19 Add a "config" for verbosity and use it with Travis 
Modify VMS config.com to match

Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-08-16 10:38:45 +02:00
Richard Levitte a4ffbbeef6 Make "make" less verbose in Travis, except for the build only case 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-08-16 10:38:45 +02:00
Dr. Stephen Henson 66bcba1457 Limit reads in do_b2i_bio() 
Apply a limit to the maximum blob length which can be read in do_d2i_bio()
to avoid excessive allocation.

Thanks to Shi Lei for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 00:27:10 +01:00
Dr. Stephen Henson 8b9afbc0fc Check for errors in a2d_ASN1_OBJECT() 
Check for error return in BN_div_word().

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-16 00:19:19 +01:00
Dr. Stephen Henson 07bed46f33 Check for errors in BN_bn2dec() 
If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.

Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.

Thanks to Shi Lei for reporting this bug.

CVE-2016-2182

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-16 00:19:19 +01:00
Tomas Mraz 40c60b0d73 Avoid truncating the pointer on x32 platform. 
The 64 bit pointer must not be cast to 32bit unsigned long on
x32 platform.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-15 23:30:45 +01:00
Tomas Mraz e7e5d608fb Add a comment for the added cast with explanation. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-15 23:30:45 +01:00
Tomas Mraz 3f8d1216df Fix af_alg engine failure on 32 bit architectures. 
Add extra cast to unsigned long to avoid sign extension when
converting pointer to 64 bit data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-15 23:30:45 +01:00
Matt Caswell bb982ce753 Remove a stray unneeded line in 70-test_sslrecords.t 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-15 23:14:30 +01:00
Matt Caswell 78fcddbb8d Address feedback on SSLv2 ClientHello processing 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-15 23:14:30 +01:00
Matt Caswell a2a0c86bb0 Add some SSLv2 ClientHello tests 
Test that we handle a TLS ClientHello in an SSLv2 record correctly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-15 23:14:30 +01:00
Matt Caswell a01c86a251 Send an alert if we get a non-initial record with the wrong version 
If we receive a non-initial record but the version number isn't right then
we should send an alert.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-15 23:14:30 +01:00
Matt Caswell 44efb88a21 Address feedback on SSLv2 ClientHello processing 
Feedback on the previous SSLv2 ClientHello processing fix was that it
breaks layering by reading init_num in the record layer. It also does not
detect if there was a previous non-fatal warning.

This is an alternative approach that directly tracks in the record layer
whether this is the first record.

GitHub Issue #1298

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-15 23:14:30 +01:00
Rob Percival c35d339d98 Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
 2016-08-15 12:57:00 -04:00
Rob Percival 11c68ceaa6 Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions 
They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
 2016-08-15 12:56:47 -04:00
Rob Percival a1bb7708ce Improves CTLOG_STORE setters 
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
 2016-08-15 12:56:47 -04:00
Richard Levitte a0ef6bb687 Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-15 17:16:47 +02:00
Dr. Stephen Henson 0a699a0723 Fix no-ec 
Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-15 14:07:33 +01:00
Jakub Zelenka 0818dbadf3 Never return -1 from BN_exp 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1455)
 2016-08-14 20:52:13 +01:00
Dr. Stephen Henson 3d9a51f7ed update CHANGES 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:06 +01:00
Dr. Stephen Henson c082201a36 add documentation 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson 23143e4da6 Print out names of other temp key algorithms. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson bc7bfb83b7 Remove old EC based X25519 code. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson ec24630ae2 Modify TLS support for new X25519 API. 
When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00