oweals/openssl.git
10 years agoRT2379: Bug in BIO_set_accept_port.pod
Rich Salz [Mon, 18 Aug 2014 17:00:51 +0000 (13:00 -0400)]
RT2379: Bug in BIO_set_accept_port.pod

The doc says that port can be "*" to mean any port.
That's wrong.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoFixed double inclusion of string.h
Matt Caswell [Fri, 29 Aug 2014 20:25:42 +0000 (21:25 +0100)]
Fixed double inclusion of string.h

PR2693

Reviewed-by: Tim Hudson <tjh@openssl.org>
10 years agoRT2880: HFS is case-insensitive filenames
Jim Reid [Fri, 29 Aug 2014 16:07:42 +0000 (12:07 -0400)]
RT2880: HFS is case-insensitive filenames

Add Darwin to list of case-insensitive filenames when
installing manapges.  When doing this, I noticed that
we weren't setting "filecase" for the HTML doc install.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoRT3246: req command prints version number wrong
Rich Salz [Wed, 27 Aug 2014 02:31:11 +0000 (22:31 -0400)]
RT3246: req command prints version number wrong

Make X509_REQ_print_ex do the same thing that
X509_REQ_print does.

Reviewed-by: Matt Caswell <matt@openssl.org>
10 years agoRT1665,2300: Crypto doc cleanups
Rich Salz [Thu, 14 Aug 2014 14:50:26 +0000 (10:50 -0400)]
RT1665,2300: Crypto doc cleanups

RT1665: aes documentation.

Paul Green wrote a nice aes.pod file.
But we now encourage the EVP interface.
So I took his RT item and used it as impetus to add
the AES modes to EVP_EncryptInit.pod
I also noticed that rc4.pod has spurious references to some other
cipher pages, so I removed them.

RT2300: Clean up MD history (merged into RT1665)

Put HISTORY section only in EVP_DigestInit.pod. Also add words
to discourage use of older cipher-specific API, and remove SEE ALSO
links that point to them.

Make sure digest pages have a NOTE that says use EVP_DigestInit.

Review feedback:
More cleanup in EVP_EncryptInit.pod
Fixed SEE ALSO links in ripemd160.pod, sha.pod, mdc2.pod, blowfish.pod,
rc4.d, and des.pod.  Re-order sections in des.pod for consistency

Reviewed-by: Matt Caswell <matt@openssl.org>
10 years agoRT2193: #ifdef errors in bss_dgram.c
l.montecchiani@gmail.com [Wed, 27 Aug 2014 03:11:01 +0000 (23:11 -0400)]
RT2193: #ifdef errors in bss_dgram.c

Problem with #ifdef in the BIO_CTRL_DGRAM_MTU_DISCOVER case that
is different from the BIO_CTRL_DGRAM_QUERY_MTU one which seems
correct.

Reviewed-by: Matt Caswell <matt@openssl.org>
10 years agoRT3102: Document -verify_error_return flag
Rich Salz [Wed, 27 Aug 2014 18:23:39 +0000 (14:23 -0400)]
RT3102: Document -verify_error_return flag

Also moved some options around so all the "verify" options.
are clumped together.

Reviewed-by: Matt Caswell <matt@openssl.org>
10 years agoFix comments, add new test.
Dr. Stephen Henson [Tue, 26 Aug 2014 00:20:26 +0000 (01:20 +0100)]
Fix comments, add new test.

Fix comments in ssltest.c: return value of 0 now means extension is
omitted and add_cb is not called for servers if the corresponding
extension is absent in ClientHello.

Test add_cb is not called if extension is not received.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoCustom extension documentation.
Dr. Stephen Henson [Mon, 18 Aug 2014 01:56:13 +0000 (02:56 +0100)]
Custom extension documentation.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoRename some callbacks, fix alignment.
Dr. Stephen Henson [Tue, 19 Aug 2014 13:02:50 +0000 (14:02 +0100)]
Rename some callbacks, fix alignment.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoUse consistent function naming.
Dr. Stephen Henson [Tue, 19 Aug 2014 12:54:38 +0000 (13:54 +0100)]
Use consistent function naming.

Instead of SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_srv_ext
use SSL_CTX_add_client_custom_ext and SSL_CTX_add_server_custom_ext.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoNew function SSL_extension_supported().
Dr. Stephen Henson [Tue, 19 Aug 2014 12:33:51 +0000 (13:33 +0100)]
New function SSL_extension_supported().

Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoNew extension callback features.
Dr. Stephen Henson [Sat, 16 Aug 2014 17:16:26 +0000 (18:16 +0100)]
New extension callback features.

Support separate parse and add callback arguments.
Add new callback so an application can free extension data.
Change return value for send functions so < 0 is an error 0
omits extension and > 0 includes it. This is more consistent
with the behaviour of other functions in OpenSSL.

Modify parse_cb handling so <= 0 is an error.

Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument
order consistent.

NOTE: these changes WILL break existing code.

Remove (now inaccurate) in line documentation.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoCallback revision.
Dr. Stephen Henson [Thu, 14 Aug 2014 12:25:50 +0000 (13:25 +0100)]
Callback revision.

Use "parse" and "add" for function and callback names instead of
"first" and "second".

Change arguments to callback so the extension type is unsigned int
and the buffer length is size_t. Note: this *will* break existing code.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoRemove serverinfo checks.
Dr. Stephen Henson [Tue, 12 Aug 2014 15:18:55 +0000 (16:18 +0100)]
Remove serverinfo checks.

Since sanity checks are performed for all custom extensions the
serverinfo checks are no longer needed.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoAdd custom extension sanity checks.
Dr. Stephen Henson [Tue, 12 Aug 2014 13:25:49 +0000 (14:25 +0100)]
Add custom extension sanity checks.

Reject attempts to use extensions handled internally.

Add flags to each extension structure to indicate if an extension
has been sent or received. Enforce RFC5246 compliance by rejecting
duplicate extensions and unsolicited extensions and only send a
server extension if we have sent the corresponding client extension.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoCustom extension revision.
Dr. Stephen Henson [Sun, 10 Aug 2014 11:08:08 +0000 (12:08 +0100)]
Custom extension revision.

Use the same structure for client and server custom extensions.

Add utility functions in new file t1_ext.c.
Use new utility functions to handle custom server and client extensions
and remove a lot of code duplication.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agofix warning
Dr. Stephen Henson [Tue, 26 Aug 2014 00:07:57 +0000 (01:07 +0100)]
fix warning

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
10 years agoConstant-time utilities
Emilia Kasper [Thu, 28 Aug 2014 13:33:34 +0000 (15:33 +0200)]
Constant-time utilities

Pull constant-time methods out to a separate header, add tests.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
10 years agoRT2400: ASN1_STRING_to_UTF8 missing initializer
Raphael Spreitzer [Thu, 28 Aug 2014 02:53:10 +0000 (22:53 -0400)]
RT2400: ASN1_STRING_to_UTF8 missing initializer

Reviewed-by: Tim Hudson <tjh@openssl.org>
10 years agoMerge branch 'master' of git.openssl.org:openssl
Rich Salz [Thu, 28 Aug 2014 01:36:04 +0000 (21:36 -0400)]
Merge branch 'master' of git.openssl.org:openssl

Gah, I hate when I forget to pull before merging.

Reviewed-by: rsalz
10 years agoRT2308: Add extern "C" { ... } wrapper
Rich Salz [Wed, 27 Aug 2014 19:28:08 +0000 (15:28 -0400)]
RT2308: Add extern "C" { ... } wrapper

Add the wrapper to all public header files (Configure
generates one).  Don't bother for those that are just
lists of #define's that do renaming.

Reviewed-by: Tim Hudson <tjh@openssl.org>
10 years agoExplicitly check for empty ASN.1 strings in d2i_ECPrivateKey
Emilia Kasper [Mon, 25 Aug 2014 10:38:16 +0000 (12:38 +0200)]
Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey

The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
10 years agoRT3065: automatically generate a missing EC public key
Matt Caswell [Fri, 22 Aug 2014 16:04:19 +0000 (18:04 +0200)]
RT3065: automatically generate a missing EC public key

When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
10 years agoRT3065: ec_private_key_dont_crash
Adam Langley [Tue, 23 Apr 2013 19:12:36 +0000 (15:12 -0400)]
RT3065: ec_private_key_dont_crash

This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:

-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
10 years agoRT2210: Add missing EVP_cleanup to example
Mihai Militaru [Tue, 26 Aug 2014 16:35:54 +0000 (12:35 -0400)]
RT2210: Add missing EVP_cleanup to example

I also removed some trailing whitespace and cleaned
up the "see also" list.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agoAdd tags/TAGS target; rm tags/TAGS in clean
Rich Salz [Wed, 27 Aug 2014 00:51:52 +0000 (20:51 -0400)]
Add tags/TAGS target; rm tags/TAGS in clean

Reviewed-by: Tim Hudson <tjh@openssl.org>
10 years agoMerge branch 'master' of git.openssl.org:openssl
Rich Salz [Tue, 26 Aug 2014 17:54:21 +0000 (13:54 -0400)]
Merge branch 'master' of git.openssl.org:openssl

Stupid git tricks :(

Reviewed-by: rsalz
10 years agoRT1744: SSL_CTX_set_dump_dh() doc feedback
David Gatwood [Tue, 26 Aug 2014 17:02:03 +0000 (13:02 -0400)]
RT1744: SSL_CTX_set_dump_dh() doc feedback

The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
10 years agoRT1744: SSL_CTX_set_dump_dh() doc feedback
David Gatwood [Tue, 26 Aug 2014 17:02:03 +0000 (13:02 -0400)]
RT1744: SSL_CTX_set_dump_dh() doc feedback

The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
10 years agoRT1804: fix EXAMPLE in EVP_EncryptInit.pod
Jan Schaumann [Fri, 15 Aug 2014 03:00:44 +0000 (23:00 -0400)]
RT1804: fix EXAMPLE in EVP_EncryptInit.pod

The EXAMPLE that used FILE and RC2 doesn't compile due to a
few minor errors.  Tweak to use IDEA and AES-128. Remove
examples about RC2 and RC5.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agoTypo fixes to evp documentation.
Matt Caswell [Thu, 24 Jul 2014 05:00:11 +0000 (01:00 -0400)]
Typo fixes to evp documentation.

This patch was submitted by user "Kox" via the wiki

Reviewed-by: Tim Hudson <tjh@openssl.org>
10 years agoRT 3060: amend patch
Emilia Kasper [Thu, 21 Aug 2014 15:34:05 +0000 (17:34 +0200)]
RT 3060: amend patch

Use existing error code SSL_R_RECORD_TOO_SMALL for too many empty records.

For ease of backporting the patch to release branches.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
10 years agoRT3061: slightly amend patch
Emilia Kasper [Fri, 22 Aug 2014 13:16:00 +0000 (15:16 +0200)]
RT3061: slightly amend patch

Add an extra NULL dereference check

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
10 years agoImprove EVP_PKEY_sign documentation
Emilia Kasper [Fri, 22 Aug 2014 11:16:55 +0000 (13:16 +0200)]
Improve EVP_PKEY_sign documentation

Clarify the intended use of EVP_PKEY_sign. Make the code example compile.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
10 years agoRT3142: Extra initialization in state_machine
Jeffrey Walton [Tue, 19 Aug 2014 16:59:41 +0000 (12:59 -0400)]
RT3142: Extra initialization in state_machine

Remove extra initialization calls in the sample program.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agodefine inline for Visual Studio
Emilia Kasper [Tue, 19 Aug 2014 11:18:07 +0000 (13:18 +0200)]
define inline for Visual Studio

In Visual Studio, inline is available in C++ only, however __inline is available for C, see
http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
10 years agoFix build when BSAES_ASM is defined but VPAES_ASM is not
Emilia Kasper [Tue, 19 Aug 2014 14:28:07 +0000 (16:28 +0200)]
Fix build when BSAES_ASM is defined but VPAES_ASM is not

Reviewed-by: Andy Polyakov <appro@openssl.org>
10 years agobn/asm/rsaz-*.pl: allow spaces in Perl path name.
Andy Polyakov [Wed, 20 Aug 2014 22:17:45 +0000 (00:17 +0200)]
bn/asm/rsaz-*.pl: allow spaces in Perl path name.

RT: 2835

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agosha1-mb-x86_64.pl: add commentary.
Andy Polyakov [Wed, 20 Aug 2014 22:13:55 +0000 (00:13 +0200)]
sha1-mb-x86_64.pl: add commentary.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agoPR2490: Remove unused local variable bn ecp_nist.c
Laszlo Papp [Mon, 18 Aug 2014 21:23:30 +0000 (17:23 -0400)]
PR2490: Remove unused local variable bn ecp_nist.c

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agocrypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.
Andy Polyakov [Wed, 20 Aug 2014 20:18:14 +0000 (22:18 +0200)]
crypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agosha1-mb-x86_64.pl: fix typo.
Andy Polyakov [Wed, 20 Aug 2014 20:10:20 +0000 (22:10 +0200)]
sha1-mb-x86_64.pl: fix typo.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agoRT2847: Don't "check" uninitialized memory
Martin Olsson [Tue, 19 Aug 2014 15:38:54 +0000 (11:38 -0400)]
RT2847: Don't "check" uninitialized memory

Don't check err variable until after it's been set.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agoRT2848: Remove extra NULL check
Martin Olsson [Tue, 19 Aug 2014 15:46:52 +0000 (11:46 -0400)]
RT2848: Remove extra NULL check

Don't need to check auth for NULL since we did when we
assigned to it.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agoRT2513: Fix typo's paramter-->parameter
Martin Olsson [Tue, 19 Aug 2014 14:42:52 +0000 (10:42 -0400)]
RT2513: Fix typo's paramter-->parameter

I also found a couple of others (padlock and signinit)
and fixed them.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agoMerge branch 'master' of git.openssl.org:openssl
Rich Salz [Tue, 19 Aug 2014 14:02:05 +0000 (10:02 -0400)]
Merge branch 'master' of git.openssl.org:openssl

10 years agoPR2401: Typos in FAQ
Jeffrey Walton [Mon, 18 Aug 2014 18:16:24 +0000 (14:16 -0400)]
PR2401: Typos in FAQ

Also rewrite section on compiler bugs; Matt pointed out that
it has some grammatical issues.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agoPR2401: Typos in FAQ
Jeffrey Walton [Mon, 18 Aug 2014 18:16:24 +0000 (14:16 -0400)]
PR2401: Typos in FAQ

Also rewrite section on compiler bugs; Matt pointed out that
it has some grammatical issues.

10 years agoRT2724: Remove extra declaration
John Fitzgibbon [Mon, 18 Aug 2014 21:55:19 +0000 (17:55 -0400)]
RT2724: Remove extra declaration

Extra SSL_get_selected_srtp_profile() declaration in ssl/srtp.h
causes -Werror builds to fail.

Reviewed-by: Tim Hudson <tjh@openssl.org>
10 years agoRT2492: Remove extra NULL check.
Laszlo Papp [Mon, 18 Aug 2014 21:40:43 +0000 (17:40 -0400)]
RT2492: Remove extra NULL check.

10 years agoRT2489: Remove extra "sig" local variable.
Laszlo Papp [Mon, 18 Aug 2014 21:21:32 +0000 (17:21 -0400)]
RT2489: Remove extra "sig" local variable.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoRT2942: CRYPTO_set_dynlock_create_callback doc fix
John Gardiner Myers [Mon, 18 Aug 2014 18:53:29 +0000 (14:53 -0400)]
RT2942: CRYPTO_set_dynlock_create_callback doc fix

The file param is "const char*" not "char*"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoRT2163: Remove some unneeded #include's
Doug Goldstein [Fri, 15 Aug 2014 03:22:41 +0000 (23:22 -0400)]
RT2163: Remove some unneeded #include's

Several files #include stdio.h and don't need it.
Also, per tjh, remove BN_COUNT

Reviewed-by: Emilia Kasper <emilia@openssl.org>
10 years agoRT1815: More const'ness improvements
Justin Blanchard [Mon, 18 Aug 2014 15:01:15 +0000 (11:01 -0400)]
RT1815: More const'ness improvements

Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agopub_decode_gost94, pub_decode_gost01: check for NULL after allocating databuf pub_enc...
Jonas Maebe [Sun, 8 Dec 2013 21:53:29 +0000 (22:53 +0100)]
pub_decode_gost94, pub_decode_gost01: check for NULL after allocating databuf pub_encode_gost94, pub_encode_gost01: check for NULL after allocating databuf and octet

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agoengine_md_copy: check for NULL after allocating to_md->HashBuffer
Jonas Maebe [Sun, 8 Dec 2013 21:49:19 +0000 (22:49 +0100)]
engine_md_copy: check for NULL after allocating to_md->HashBuffer

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agoprocess_pci_value: free (*policy)->data before setting to NULL after failed realloc
Jonas Maebe [Sun, 8 Dec 2013 21:48:28 +0000 (22:48 +0100)]
process_pci_value: free (*policy)->data before setting to NULL after failed realloc

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agodo_ext_i2d: free ext_der or ext_oct on error path
Jonas Maebe [Sun, 8 Dec 2013 21:47:45 +0000 (22:47 +0100)]
do_ext_i2d: free ext_der or ext_oct on error path

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agodo_othername: check for NULL after allocating objtmp
Jonas Maebe [Sun, 8 Dec 2013 21:47:10 +0000 (22:47 +0100)]
do_othername: check for NULL after allocating objtmp

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agoNETSCAPE_SPKI_b64_encode: free der_spki and b64_str on error path
Jonas Maebe [Sun, 8 Dec 2013 21:46:44 +0000 (22:46 +0100)]
NETSCAPE_SPKI_b64_encode: free der_spki and b64_str on error path

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoget_cert_by_subject: check for NULL when allocating hent
Jonas Maebe [Sun, 8 Dec 2013 21:45:58 +0000 (22:45 +0100)]
get_cert_by_subject: check for NULL when allocating hent

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoUI_construct_prompt: check for NULL when allocating prompt
Jonas Maebe [Sun, 8 Dec 2013 21:45:15 +0000 (22:45 +0100)]
UI_construct_prompt: check for NULL when allocating prompt

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agohashbn: check for NULL result when allocating bin and return an error if it fails...
Jonas Maebe [Sun, 8 Dec 2013 17:14:59 +0000 (18:14 +0100)]
hashbn: check for NULL result when allocating bin and return an error if it fails all (in)direct callers of hashbn: propagate potential error in hashbn

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoJPAKE_CTX_new: check for NULL result when allocating ctx
Jonas Maebe [Sun, 8 Dec 2013 17:14:10 +0000 (18:14 +0100)]
JPAKE_CTX_new: check for NULL result when allocating ctx

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoold_hmac_encode: check for NULL result when allocating *pder
Jonas Maebe [Sun, 8 Dec 2013 17:12:13 +0000 (18:12 +0100)]
old_hmac_encode: check for NULL result when allocating *pder

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agodev_crypto_md5_copy: return error if allocating to_md->data fails
Jonas Maebe [Sun, 8 Dec 2013 17:11:34 +0000 (18:11 +0100)]
dev_crypto_md5_copy: return error if allocating to_md->data fails

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agodev_crypto_md5_update: check result of realloc(md_data->data) and don't leak memory...
Jonas Maebe [Sun, 8 Dec 2013 17:10:50 +0000 (18:10 +0100)]
dev_crypto_md5_update: check result of realloc(md_data->data) and don't leak memory if it fails

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agodev_crypto_cipher: return immediately if allocating cin/cout failed
Jonas Maebe [Sun, 8 Dec 2013 17:09:58 +0000 (18:09 +0100)]
dev_crypto_cipher: return immediately if allocating cin/cout failed

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agodev_crypto_init_key: return error if allocating CDATA(ctx)->key failed
Jonas Maebe [Sun, 8 Dec 2013 17:09:20 +0000 (18:09 +0100)]
dev_crypto_init_key: return error if allocating CDATA(ctx)->key failed

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agoAdd support for Camellia HMAC-Based cipher suites from RFC6367
Hubert Kario [Wed, 23 Jul 2014 13:03:59 +0000 (15:03 +0200)]
Add support for Camellia HMAC-Based cipher suites from RFC6367

While RFC6367 focuses on Camellia-GCM cipher suites, it also adds a few
cipher suites that use SHA-2 based HMAC that can be very easily
added.

Tested against gnutls 3.3.5

PR#3443

Reviewed-by: Tim Hudson <tjh@openssl.org>
10 years agoFixed out-of-bounds read errors in ssl3_get_key_exchange.
Matt Caswell [Sat, 26 Jul 2014 22:47:40 +0000 (23:47 +0100)]
Fixed out-of-bounds read errors in ssl3_get_key_exchange.

PR#3450

Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoRT2751: Declare get_issuer_sk() earlier.
Rich Salz [Fri, 15 Aug 2014 21:20:26 +0000 (17:20 -0400)]
RT2751: Declare get_issuer_sk() earlier.

Add a declaration for get_issuer_sk() so that other
functions in x509_vf.c could use it.  (Planned work
around cross-certification chains.)
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
10 years agocryptodev_digest_copy: return error if allocating dstate->mac_data fails
Jonas Maebe [Sun, 8 Dec 2013 16:20:30 +0000 (17:20 +0100)]
cryptodev_digest_copy: return error if allocating dstate->mac_data fails

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agocryptodev_digest_update: don't leak original state->mac_data if realloc fails
Jonas Maebe [Sun, 8 Dec 2013 16:18:17 +0000 (17:18 +0100)]
cryptodev_digest_update: don't leak original state->mac_data if realloc fails

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agocms_SignerInfo_content_sign: free sig on failure path
Jonas Maebe [Sun, 8 Dec 2013 16:16:57 +0000 (17:16 +0100)]
cms_SignerInfo_content_sign: free sig on failure path

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agortcp_new: return failure if allocation of bi->ptr failed
Jonas Maebe [Sun, 8 Dec 2013 16:16:12 +0000 (17:16 +0100)]
rtcp_new: return failure if allocation of bi->ptr failed

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agomulti_split: check for NULL when allocating parts and bpart, and for failure of sk_BI...
Jonas Maebe [Mon, 9 Dec 2013 21:02:06 +0000 (22:02 +0100)]
multi_split: check for NULL when allocating parts and bpart, and for failure of sk_BIO_push()

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agoBIO_new_dgram_sctp, dgram_sctp_read: zero entire authchunks
Jonas Maebe [Thu, 5 Dec 2013 22:19:15 +0000 (23:19 +0100)]
BIO_new_dgram_sctp, dgram_sctp_read: zero entire authchunks

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agomime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether...
Jonas Maebe [Tue, 3 Dec 2013 16:11:48 +0000 (17:11 +0100)]
mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether sk_MIME_PARAM_push succeeds

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agomime_hdr_new: free mhdr, tmpname, tmpval on error path
Jonas Maebe [Tue, 3 Dec 2013 16:10:12 +0000 (17:10 +0100)]
mime_hdr_new: free mhdr, tmpname, tmpval on error path

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agoASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path
Jonas Maebe [Mon, 2 Dec 2013 21:44:31 +0000 (22:44 +0100)]
ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agoSetBlob: free rgSetBlob on error path
Jonas Maebe [Mon, 2 Dec 2013 21:34:20 +0000 (22:34 +0100)]
SetBlob: free rgSetBlob on error path

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
10 years agoFix use after free bug.
Istvan Noszticzius [Fri, 15 Aug 2014 15:43:28 +0000 (16:43 +0100)]
Fix use after free bug.

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoRT783: Minor optimization to ASN1_INTEGER_set
Frédéric Giudicelli [Fri, 15 Aug 2014 02:34:49 +0000 (22:34 -0400)]
RT783: Minor optimization to ASN1_INTEGER_set

Remove local variable and avoid extra assignment.

Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
10 years agoRT2465: Silence some gcc warnings
Rob Austein [Fri, 15 Aug 2014 04:03:14 +0000 (00:03 -0400)]
RT2465: Silence some gcc warnings

"Another machine, another version of gcc, another batch
of compiler warnings."  Add "=NULL" to some local variable
declarations that are set by passing thier address into a
utility function; confuses GCC it might not be set.

Reviewed-by: Emilia Käsper <emilia@silkandcyanide.net>
10 years agoRT3023: Redundant logical expressions
Hans Wennborg [Fri, 15 Aug 2014 04:54:00 +0000 (00:54 -0400)]
RT3023: Redundant logical expressions

Remove some redundant logical expressions

Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
10 years agoMerge branch 'master' of git.openssl.org:openssl
Rich Salz [Fri, 15 Aug 2014 14:41:50 +0000 (10:41 -0400)]
Merge branch 'master' of git.openssl.org:openssl

10 years agoRT3268: Fix spelling errors in CHANGES file.
Claus Assmann [Fri, 15 Aug 2014 04:44:14 +0000 (00:44 -0400)]
RT3268: Fix spelling errors in CHANGES file.

Fix a bunch of typo's and speling (sic) errors in the CHANGES file.

Reviewed-by: Tim Hudson <tjh@cryptsoft.com>
10 years agoRevision of custom extension code.
Dr. Stephen Henson [Tue, 5 Aug 2014 14:21:36 +0000 (15:21 +0100)]
Revision of custom extension code.

Move custom extension structures from SSL_CTX to CERT structure.

This change means the form can be revised in future without binary
compatibility issues. Also since CERT is part of SSL structures
so per-SSL custom extensions could be supported in future as well as
per SSL_CTX.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agoInclude error messages on extension check failure.
Dr. Stephen Henson [Mon, 11 Aug 2014 21:03:21 +0000 (22:03 +0100)]
Include error messages on extension check failure.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
10 years agomake depend
Emilia Kasper [Thu, 14 Aug 2014 13:24:07 +0000 (15:24 +0200)]
make depend

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoFurther improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
Bodo Moeller [Wed, 13 Aug 2014 15:37:19 +0000 (17:37 +0200)]
Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
group_order_tests (ectest.c).  Also fix the EC_POINTs_mul documentation (ec.h).

Reviewed-by: emilia@openssl.org
10 years agoRT1665: Fix podpath to get xref's right
Matt Caswell [Wed, 13 Aug 2014 04:28:03 +0000 (00:28 -0400)]
RT1665: Fix podpath to get xref's right

In Makefile, when build manpages, put the current directory
at the start of the podpath so that cross-refs find the
local directory first.

Reviewed-by: Tim Hudson <tjh@cryptosoft.com>
10 years agoRT3239: Extra comma in NAME lines of two manpages
Ingo Schwarze [Tue, 12 Aug 2014 19:47:06 +0000 (15:47 -0400)]
RT3239: Extra comma in NAME lines of two manpages

In two OpenSSL manual pages, in the NAME section, the last word of the
name list is followed by a stray trailing comma. While this may seem
minor, it is worth fixing because it may confuse some makewhatis(8)
implementations.

While here, also add the missing word "size" to the one line
description in SSL_CTX_set_max_cert_list(3).

Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>

10 years agoMerge branch 'master' of git.openssl.org:openssl
Rich Salz [Tue, 12 Aug 2014 19:33:36 +0000 (15:33 -0400)]
Merge branch 'master' of git.openssl.org:openssl

10 years agoPR 719: Configure not exiting with child status
nnposter@users.sourceforge.net [Tue, 12 Aug 2014 03:36:27 +0000 (23:36 -0400)]
PR 719: Configure not exiting with child status

If subcommand fails, just die.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
10 years agoPR 718: Configure not exiting with child status
nnposter@users.sourceforge.net [Tue, 12 Aug 2014 03:36:27 +0000 (23:36 -0400)]
PR 718: Configure not exiting with child status

If subcommand fails, just die.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
10 years agoPR 2580: dgst missing current SHA algorithms
Nick Lewis [Tue, 12 Aug 2014 02:56:46 +0000 (22:56 -0400)]
PR 2580: dgst missing current SHA algorithms

Update the dgst.pod page to include SHA224...512 algorithms.
Update apps/progs.pl to add them to the digest command table.

Reviewed-by: Tim Hudson <tjh@cryptosoft.com>
10 years agoRevert "RT 2820: Case-insensitive filenames on Darwin"
Rich Salz [Tue, 12 Aug 2014 15:22:50 +0000 (11:22 -0400)]
Revert "RT 2820: Case-insensitive filenames on Darwin"

This reverts commit 691edc997a35682eb7fa29445036182d2c9eb1de.