root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
14,678 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

14678 Commits

Author SHA1 Message Date
Dr. Stephen Henson ffaef3f152 Always generate DH keys for ephemeral DH cipher suites. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-23 22:26:31 +00:00
Daniel Kahn Gillmor d938e8dfee The functions take a SSL *, not a SSL_CTX * 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4192, MR: #1533
 2015-12-23 22:30:31 +01:00
Roumen Petrov 0b081fcd08 redundant redeclaration of 'OPENSSL_strlcpy' 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #1523
 2015-12-23 20:40:54 +01:00
Roumen Petrov b9b154d1cf __STDC_VERSION__ is not defined for c89 compilers 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #1522
 2015-12-23 20:40:54 +01:00
Roumen Petrov 3eabad02d6 remove duplicates in util/libeay.num 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4195, MR: #1521
 2015-12-23 20:40:54 +01:00
Kurt Roeckx 1c9ed1d8a7 Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support. 
Suggested by David Benjamin

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>

MR: #1520
 2015-12-23 20:40:54 +01:00
Kurt Roeckx 933d108516 Avoid using a dangling pointer when removing the last item 
When it's the last item that is removed int_thread_hash == hash and we would
still call int_thread_release(&hash) while hash is already freed.  So
int_thread_release would compare that dangling pointer to NULL which is
undefined behaviour.  Instead do already what int_thread_release() would do,
and make the call do nothing instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4155, MR: #1519
 2015-12-23 20:36:32 +01:00
Todd Short c849c6d9d3 Memory leak in state machine in error path 
When EC is disabled, and an error occurs in ssl_generate_master_secret()
or RAND_bytes(), the error path does not free rsa_decrypt.

RT#4197

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-23 13:33:28 +00:00
Richard Levitte 87a595e554 Refactor DTLS cookie generation and verification 
DTLS cookie generation and verification were exact copies of each
other save the last few lines.  This refactors them to avoid code
copying.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-23 12:44:55 +01:00
Matt Caswell 7ab09630cd Fix inline build failure 
After the recent change to use ossl_inline, builds were failing on some
platforms due to a missing usage of "inline".

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-23 09:45:02 +00:00
Dr. Stephen Henson 80e0ecbf58 Add ossl_inline 
Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-12-22 23:03:56 +00:00
Dr. Stephen Henson 02a60ae28f add -unref option to mkerr.pl 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-22 19:20:11 +00:00
Dr. Stephen Henson 0f6a2a97a5 In mkerr.pl look in directories under ssl/ 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-22 16:52:27 +00:00
Dr. Stephen Henson e091c83e72 remove unused error code 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-22 16:16:35 +00:00
Dr. Stephen Henson 5378186199 make update 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 15:16:56 +00:00
Dr. Stephen Henson a470fdab6d unload modules in ssltest 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 15:14:14 +00:00
Dr. Stephen Henson a2074b9287 make errors 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 15:14:14 +00:00
Dr. Stephen Henson 913592d2c5 SSL configuration module docs 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 15:14:14 +00:00
Dr. Stephen Henson 43d956fa65 Demo server using SSL_CTX_config 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 15:14:14 +00:00
Dr. Stephen Henson 287d0b948d Add ssl configuration support to s_server and s_client 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 15:14:14 +00:00
Dr. Stephen Henson f33bad3321 Load module in SSL_library_init 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 15:14:14 +00:00
Dr. Stephen Henson 540912cd4b Add ssl_mcnf.c to Makefile 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 15:14:14 +00:00
Dr. Stephen Henson 59b1696c0c SSL library configuration module. 
This adds support for SSL/TLS configuration using configuration modules.
Sets of command value pairs are store and can be replayed through an
SSL_CTX or SSL structure using SSL_CTX_config or SSL_config.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 15:14:14 +00:00
Rich Salz 4fae386cb0 Cleanup CRYPTO_{push,pop}_info 
Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 09:11:07 -05:00
Rich Salz c99de0533d Rename *_realloc_clean to *_clear_realloc 
Just like *_clear_free routines.  Previously undocumented, used
a half-dozen times within OpenSSL source.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-22 07:32:51 -05:00
Kurt Roeckx f5d97098a4 Also change the non-debug versions to use size_t 
Reviewed-by: Richard Levitte <levitte@openssl.org>
MR: #1518
 2015-12-22 12:55:11 +01:00
David Benjamin 679d87515d Fix memory leak in DSA redo case. 
Found by clang scan-build.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>

RT: #4184, MR: #1496
 2015-12-22 11:05:51 +01:00
Andy Polyakov 91cf7551a1 Configure: refine 'reconf' logic. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-22 10:32:08 +01:00
Andy Polyakov b859d70d4a bn/asm/bn-c64xplus.asm: update commentary. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-22 10:30:03 +01:00
Andy Polyakov cfe670732b sha/asm/sha256-armv4.pl: one of "universal" flags combination didn't compile. 
(and unify table address calculation in ARMv8 code path).

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-12-21 13:41:47 +01:00
Matt Caswell 79caf5d323 Fix URLs mangled by reformat 
Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-19 20:33:00 +00:00
Richard Levitte 7a64489f9e Fix the etags action line, as etags doesn't take -R 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-19 18:03:40 +01:00
Dr. Stephen Henson bc71f91064 Remove fixed DH ciphersuites. 
Remove all fixed DH ciphersuites and associated logic.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-19 16:14:51 +00:00
Dr. Stephen Henson 74a62e9629 delete unused context 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-19 15:04:17 +00:00
Rich Salz 7795475f53 Remove some L<asdf|asdf> which crept back in. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-12-18 14:55:37 -05:00
Rich Salz f4d654d2f2 Remove err and prime demo's 
ERR is not really a public facility; remove the demo.
prime shows how to generate a prime.  See apps.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-12-18 14:54:12 -05:00
Richard Levitte 31384753c7 Remove the "eay" c-file-style indicators 
Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-18 13:08:40 +01:00
Matt Caswell 0d3587c7fc Add SSL_CIPHER_description() for Chacha20/Poly1305 
SSL_CIPHER_description() was returning "unknown" for the encryption
in the new ChaCha20/Poly1305 TLS ciphersuites.

RT#4183

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-17 13:45:23 +00:00
Richard Levitte ff8428561a Modify the lower level memory allocation routines to take size_t 
We've been using int for the size for a long time, it's about time...

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-17 08:24:26 +01:00
Rich Salz 33eaf4c27e mem-cleanup, cont'd. 
Remove LEVITTE_DEBUG_MEM.
Remove {OPENSSL,CRYPTO}_remalloc.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2015-12-16 22:23:57 -05:00
Rich Salz 3b089ca21b Rename sec_mem to mem_sec, like other files. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-12-16 22:09:39 -05:00
Rich Salz 2503af2684 Fix typo. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-12-16 17:58:32 -05:00
Rich Salz 2e31ef0366 Provide better "make depend" warning. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-16 17:43:41 -05:00
Ben Laurie a7a14a23a9 Fix no-dgram. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-12-16 21:31:56 +00:00
Rich Salz 7644a9aef8 Rename some BUF_xxx to OPENSSL_xxx 
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-12-16 16:14:49 -05:00
Dr. Stephen Henson e4cf866322 fix for no-ec 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-16 15:22:33 +00:00
Dr. Stephen Henson 91b0d2c114 make update 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-16 14:17:53 +00:00
Dr. Stephen Henson 61dd9f7a22 Use EVP_PKEY for client side EC. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-16 14:17:53 +00:00
Dr. Stephen Henson 880d9d8609 Use EVP_PKEY for server EC. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-16 14:17:53 +00:00
Dr. Stephen Henson 3f3504bdaf Add ECDH/DH utility functions. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-16 14:17:53 +00:00