oweals/openssl.git
9 years agoFix building with OPENSSL_NO_TLSEXT.
Matt Caswell [Tue, 16 Jun 2015 18:17:24 +0000 (14:17 -0400)]
Fix building with OPENSSL_NO_TLSEXT.

Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the
issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code
consistency. However this commit will not fix no-tlsext in those branches
which have always been broken for other reasons. The commit is not applied
to master at all, because no-tlsext has been completely removed from that
branch.

Based on a patch by Marc Branchaud <marcnarc@xiplink.com>

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 9a931208d7fc8a3596dda005cdbd6439938f01b0)

Conflicts:
ssl/ssl_sess.c

9 years agoIgnore .dir-locals.el
Richard Levitte [Mon, 31 Aug 2015 19:45:56 +0000 (21:45 +0200)]
Ignore .dir-locals.el

Because we recently encourage people to have a .dir-locals.el, it's a good
idea to ignore it on a git level.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d7c02691a5e6f2716759eacb6f48c39f15ee57c8)

9 years agoRemove auto-fill-mode
Richard Levitte [Mon, 31 Aug 2015 15:58:53 +0000 (17:58 +0200)]
Remove auto-fill-mode

Apparently, emacs sees changes to auto-fill-mode as insecure

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6dc08048d93ff35de882878f190ae49aa698b5d2)

9 years agoAdd an example .dir-locals.el
Richard Levitte [Mon, 31 Aug 2015 15:25:17 +0000 (17:25 +0200)]
Add an example .dir-locals.el

This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.

Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0927f0d822b1e0f55cb7d8bacf9004ad3495514b)

9 years agoAdd emacs CC mode style for OpenSSL
Richard Levitte [Mon, 31 Aug 2015 15:12:37 +0000 (17:12 +0200)]
Add emacs CC mode style for OpenSSL

This hopefully conforms closely enough to the current code style.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d9b3554b2d9724bc2d1621a026ddaf0223e2d191)

9 years agoMove FAQ to the web.
Rich Salz [Sun, 16 Aug 2015 22:38:24 +0000 (18:38 -0400)]
Move FAQ to the web.

Best hope of keeping current.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 4f46473a86c9e3741203b22d4d401a3763583494)

9 years agoTweak README about rt and bug reporting.
Rich Salz [Tue, 28 Jul 2015 16:41:36 +0000 (12:41 -0400)]
Tweak README about rt and bug reporting.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 932af1617e277904bcca6e47729a420bba39785b)

9 years agoSet numeric IDs for tar as well
Richard Levitte [Fri, 10 Jul 2015 16:29:17 +0000 (18:29 +0200)]
Set numeric IDs for tar as well

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit da24e6f8a05ea657684094e04c1a54efa04c2962)

9 years agoStop using tardy
Richard Levitte [Fri, 10 Jul 2015 13:40:53 +0000 (15:40 +0200)]
Stop using tardy

Instead of piping through tardy, and possibly suffering from bugs in certain
versions, use --transform, --owner and --group directly with GNU tar (we
already expect that tar variant).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 27f98436b9a84b94fbdd8e32960504634ae44cc0)

Conflicts:
Makefile.org

9 years agodocument -2 return value
Dr. Stephen Henson [Mon, 6 Jul 2015 13:17:49 +0000 (14:17 +0100)]
document -2 return value

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5727582cf51e98e5e0faa435e7da2c8929533c0d)

Conflicts:
doc/crypto/X509_NAME_get_index_by_NID.pod

9 years agoPrepare for 0.9.8zh-dev
Matt Caswell [Thu, 11 Jun 2015 14:23:16 +0000 (15:23 +0100)]
Prepare for 0.9.8zh-dev

Reviewed-by: Stephen Henson <steve@openssl.org>
9 years agoPrepare for 0.9.8zg release OpenSSL_0_9_8zg
Matt Caswell [Thu, 11 Jun 2015 14:20:22 +0000 (15:20 +0100)]
Prepare for 0.9.8zg release

Reviewed-by: Stephen Henson <steve@openssl.org>
9 years agoUpdate CHANGES and NEWS
Matt Caswell [Wed, 10 Jun 2015 10:49:31 +0000 (11:49 +0100)]
Update CHANGES and NEWS

Updates to CHANGES and NEWS to take account of the latest security fixes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoPKCS#7: Fix NULL dereference with missing EncryptedContent.
Emilia Kasper [Tue, 12 May 2015 17:00:30 +0000 (19:00 +0200)]
PKCS#7: Fix NULL dereference with missing EncryptedContent.

CVE-2015-1790

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoFix length checks in X509_cmp_time to avoid out-of-bounds reads.
Emilia Kasper [Wed, 8 Apr 2015 14:56:43 +0000 (16:56 +0200)]
Fix length checks in X509_cmp_time to avoid out-of-bounds reads.

Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix infinite loop in CMS
Dr. Stephen Henson [Fri, 5 Jun 2015 11:11:25 +0000 (12:11 +0100)]
Fix infinite loop in CMS

Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
to verify and a digest is not recognised. Reported by Johannes Bauer.

CVE-2015-1792

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoMore ssl_session_dup fixes
Matt Caswell [Thu, 11 Jun 2015 00:30:06 +0000 (01:30 +0100)]
More ssl_session_dup fixes

Fix error handling in ssl_session_dup, as well as incorrect setting up of
the session ticket. Follow on from CVE-2015-1791.

Thanks to LibreSSL project for reporting these issues.

Conflicts:
ssl/ssl_sess.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoEC_POINT_is_on_curve does not return a boolean
Matt Caswell [Thu, 4 Jun 2015 13:22:00 +0000 (14:22 +0100)]
EC_POINT_is_on_curve does not return a boolean

The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d)

Conflicts:
crypto/ec/ec2_oct.c
crypto/ec/ecp_oct.c
crypto/ec/ectest.c

9 years agoFix Kerberos issue in ssl_session_dup
Matt Caswell [Wed, 10 Jun 2015 08:32:34 +0000 (09:32 +0100)]
Fix Kerberos issue in ssl_session_dup

The fix for CVE-2015-1791 introduced an error in ssl_session_dup for
Kerberos.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158)

9 years agoreturn correct NID for undefined object
Dr. Stephen Henson [Mon, 8 Jun 2015 12:23:00 +0000 (13:23 +0100)]
return correct NID for undefined object

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 0fb9990480919163cc375a2b6c0df1d8d901a77b)

9 years agoClean Kerberos pre-master secret
Matt Caswell [Thu, 4 Jun 2015 10:41:30 +0000 (11:41 +0100)]
Clean Kerberos pre-master secret

Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e)

9 years agoFix off-by-one error in BN_bn2hex
Matt Caswell [Tue, 19 May 2015 12:59:47 +0000 (13:59 +0100)]
Fix off-by-one error in BN_bn2hex

A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.

With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit c56353071d9849220714d8a556806703771b9269)

Conflicts:
crypto/bn/bn_print.c

9 years agoAdd the macro OPENSSL_SYS_WIN64
Richard Levitte [Sun, 31 May 2015 15:47:31 +0000 (17:47 +0200)]
Add the macro OPENSSL_SYS_WIN64

This is for consistency.
Additionally, have its presence define OPENSSL_SYS_WINDOWS as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 3f131556d6678bc3754f1e6d98a9a5bfc24e368c)

Conflicts:
e_os2.h

9 years agoFix race condition in NewSessionTicket
Matt Caswell [Mon, 18 May 2015 15:27:48 +0000 (16:27 +0100)]
Fix race condition in NewSessionTicket

If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

CVE-2015-1791

This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.

Parts of this patch were inspired by this Akamai change:
https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688)

Conflicts:
ssl/ssl.h
ssl/ssl_err.c

9 years agoClear state in DTLSv1_listen
Matt Caswell [Mon, 9 Mar 2015 16:09:04 +0000 (16:09 +0000)]
Clear state in DTLSv1_listen

This is a backport of commit e83ee04bb7de800cdb71d522fa562e99328003a3 from
the master branch (and this has also been applied to 1.0.2). In 1.0.2 this
was CVE-2015-0207. For other branches there is no known security issue, but
this is being backported as a precautionary measure.

The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615)

9 years agocheck for error when creating PKCS#8 structure
Dr. Stephen Henson [Thu, 28 May 2015 14:44:20 +0000 (15:44 +0100)]
check for error when creating PKCS#8 structure

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc)

9 years agoPEM doc fixes
Dr. Stephen Henson [Thu, 28 May 2015 14:45:57 +0000 (15:45 +0100)]
PEM doc fixes

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f097f81c891bb1f479426d8ac9c9541390334983)

9 years agoFix off-by-one in BN_rand
Matt Caswell [Tue, 19 May 2015 15:03:02 +0000 (16:03 +0100)]
Fix off-by-one in BN_rand

If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
9 years agoReject negative shifts for BN_rshift and BN_lshift
Matt Caswell [Tue, 19 May 2015 14:19:30 +0000 (15:19 +0100)]
Reject negative shifts for BN_rshift and BN_lshift

The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 7cc18d8158b5fc2676393d99b51c30c135502107)

Conflicts:
crypto/bn/bn.h
crypto/bn/bn_err.c

9 years agoAdd NULL checks from master
Rich Salz [Tue, 12 May 2015 15:49:32 +0000 (11:49 -0400)]
Add NULL checks from master

The big "don't check for NULL" cleanup requires backporting some
of the lowest-level functions to actually do nothing if NULL is
given.  This will make it easier to backport fixes to release
branches, where master assumes those lower-level functions are "safe"

This commit addresses those tickets: 3798 3799 3801.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit f34b095fab1569d093b639bfcc9a77d6020148ff)
(cherry picked from commit 690d040b2e9df9c6ac19e1aab8f0cd79a84a2ee4)

9 years agoFix encoding bug in i2c_ASN1_INTEGER
Dr. Stephen Henson [Thu, 16 Apr 2015 15:43:09 +0000 (16:43 +0100)]
Fix encoding bug in i2c_ASN1_INTEGER

Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.

Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a0eed48d37a4b7beea0c966caf09ad46f4a92a44)

9 years agoCode style: space after 'if'
Viktor Dukhovni [Thu, 16 Apr 2015 06:55:35 +0000 (02:55 -0400)]
Code style: space after 'if'

Reviewed-by: Matt Caswell <gitlab@openssl.org>
9 years agoFix ssl_get_prev_session overrun
Matt Caswell [Fri, 10 Apr 2015 15:49:33 +0000 (16:49 +0100)]
Fix ssl_get_prev_session overrun

If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
past the end of the ClientHello message if the session_id length in the
ClientHello is invalid. This should not cause any security issues since the
underlying buffer is 16k in size. It should never be possible to overrun by
that many bytes.

This is probably made redundant by the previous commit - but you can never be
too careful.

With thanks to Qinghao Tang for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5e0a80c1c9b2b06c2d203ad89778ce1b98e0b5ad)

Conflicts:
ssl/ssl_sess.c

9 years agoCheck for ClientHello message overruns
Matt Caswell [Fri, 10 Apr 2015 16:25:27 +0000 (17:25 +0100)]
Check for ClientHello message overruns

The ClientHello processing is insufficiently rigorous in its checks to make
sure that we don't read past the end of the message. This does not have
security implications due to the size of the underlying buffer - but still
needs to be fixed.

With thanks to Qinghao Tang for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c9642eb1ff79a30e2c7632ef8267cc34cc2b0d79)

9 years agoDon't set *pval to NULL in ASN1_item_ex_new.
Dr. Stephen Henson [Thu, 2 Apr 2015 12:45:14 +0000 (13:45 +0100)]
Don't set *pval to NULL in ASN1_item_ex_new.

While *pval is usually a pointer in rare circumstances it can be a long
value. One some platforms (e.g. WIN64) where
sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field.

*pval is initialised correctly in the rest of ASN1_item_ex_new so setting it
to NULL is unecessary anyway.

Thanks to Julien Kauffmann for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f617b4969a9261b9d7d381670aefbe2cf766a2cb)

Conflicts:
crypto/asn1/tasn_new.c

9 years agoHave mkerr.pl treat already existing multiline string defs properly
Richard Levitte [Wed, 8 Apr 2015 17:26:11 +0000 (19:26 +0200)]
Have mkerr.pl treat already existing multiline string defs properly

Since source reformat, we ended up with some error reason string
definitions that spanned two lines.  That in itself is fine, but we
sometimes edited them to provide better strings than what could be
automatically determined from the reason macro, for example:

    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
     "Peer haven't sent GOST certificate, required for selected ciphersuite"},

However, mkerr.pl didn't treat those two-line definitions right, and
they ended up being retranslated to whatever the macro name would
indicate, for example:

    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
     "No gost certificate sent by peer"},

Clearly not what we wanted.  This change fixes this problem.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 2cfdfe0918f03f8323c9523a2beb2b363ae86ca7)

Conflicts:
util/mkerr.pl

9 years agoMake OCSP response verification more flexible.
Dr. Stephen Henson [Sun, 22 Mar 2015 17:34:56 +0000 (17:34 +0000)]
Make OCSP response verification more flexible.

If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.

PR#3668

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4ca5efc2874e094d6382b30416824eda6dde52fe)

9 years agoPrepare for 0.9.8zg-dev
Matt Caswell [Thu, 19 Mar 2015 13:50:06 +0000 (13:50 +0000)]
Prepare for 0.9.8zg-dev

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoPrepare for 0.9.8zf release OpenSSL_0_9_8zf
Matt Caswell [Thu, 19 Mar 2015 13:47:27 +0000 (13:47 +0000)]
Prepare for 0.9.8zf release

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agomake update
Matt Caswell [Thu, 19 Mar 2015 13:47:27 +0000 (13:47 +0000)]
make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix unsigned/signed warnings
Matt Caswell [Thu, 19 Mar 2015 11:35:33 +0000 (11:35 +0000)]
Fix unsigned/signed warnings

Fix some unsigned/signed warnings introduced as part of the fix
for CVE-2015-0293

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix a failure to NULL a pointer freed on error.
Matt Caswell [Thu, 19 Mar 2015 10:16:32 +0000 (10:16 +0000)]
Fix a failure to NULL a pointer freed on error.

Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoVMS build fix
Richard Levitte [Wed, 18 Mar 2015 11:06:56 +0000 (12:06 +0100)]
VMS build fix

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoUpdate NEWS file
Matt Caswell [Tue, 17 Mar 2015 17:01:09 +0000 (17:01 +0000)]
Update NEWS file

Update the NEWS file with the latest entries from CHANGES ready for the
release.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoUpdate CHANGES for release
Matt Caswell [Tue, 17 Mar 2015 16:56:27 +0000 (16:56 +0000)]
Update CHANGES for release

Update CHANGES fiel with all the latest fixes ready for the release.

Conflicts:
CHANGES

Conflicts:
CHANGES

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix reachable assert in SSLv2 servers.
Emilia Kasper [Wed, 4 Mar 2015 17:05:02 +0000 (09:05 -0800)]
Fix reachable assert in SSLv2 servers.

This assert is reachable for servers that support SSLv2 and export ciphers.
Therefore, such servers can be DoSed by sending a specially crafted
SSLv2 CLIENT-MASTER-KEY.

Also fix s2_srvr.c to error out early if the key lengths are malformed.
These lengths are sent unencrypted, so this does not introduce an oracle.

CVE-2015-0293

This issue was discovered by Sean Burford (Google) and Emilia Käsper of
the OpenSSL development team.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoPKCS#7: avoid NULL pointer dereferences with missing content
Emilia Kasper [Fri, 27 Feb 2015 15:52:23 +0000 (16:52 +0100)]
PKCS#7: avoid NULL pointer dereferences with missing content

In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>
Conflicts:
crypto/pkcs7/pk7_doit.c

9 years agoFix ASN1_TYPE_cmp
Dr. Stephen Henson [Mon, 9 Mar 2015 23:11:45 +0000 (23:11 +0000)]
Fix ASN1_TYPE_cmp

Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFree up ADB and CHOICE if already initialised.
Dr. Stephen Henson [Mon, 23 Feb 2015 02:32:44 +0000 (02:32 +0000)]
Free up ADB and CHOICE if already initialised.

CVE-2015-0287

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
9 years agoTolerate test_sqr errors for FIPS builds.
Dr. Stephen Henson [Sat, 14 Mar 2015 14:10:35 +0000 (14:10 +0000)]
Tolerate test_sqr errors for FIPS builds.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoDisable export and SSLv2 ciphers by default
Kurt Roeckx [Sun, 8 Mar 2015 14:11:33 +0000 (15:11 +0100)]
Disable export and SSLv2 ciphers by default

They are moved to the COMPLEMENTOFDEFAULT instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
9 years agoCleanse buffers
Matt Caswell [Mon, 9 Mar 2015 13:59:58 +0000 (13:59 +0000)]
Cleanse buffers

Cleanse various intermediate buffers used by the PRF (backported version
from master).

Conflicts:
ssl/s3_enc.c

Conflicts:
ssl/t1_enc.c

Conflicts:
ssl/t1_enc.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix warnings.
Dr. Stephen Henson [Sun, 8 Mar 2015 17:01:28 +0000 (17:01 +0000)]
Fix warnings.

Fix compiler warnings (similar to commit 25012d5e79)

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoUpdate mkerr.pl for new format
Matt Caswell [Fri, 6 Mar 2015 13:00:47 +0000 (13:00 +0000)]
Update mkerr.pl for new format

Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoCheck public key is not NULL.
Dr. Stephen Henson [Wed, 18 Feb 2015 00:34:59 +0000 (00:34 +0000)]
Check public key is not NULL.

CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)

9 years agoFix format script.
Dr. Stephen Henson [Mon, 2 Mar 2015 13:26:29 +0000 (13:26 +0000)]
Fix format script.

The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a)

Conflicts:
crypto/asn1/x_long.c

9 years agoFix a failure to NULL a pointer freed on error.
Matt Caswell [Mon, 9 Feb 2015 11:38:41 +0000 (11:38 +0000)]
Fix a failure to NULL a pointer freed on error.

Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
9 years agoBring objects.pl output even closer to new format.
Andy Polyakov [Mon, 9 Feb 2015 14:59:09 +0000 (15:59 +0100)]
Bring objects.pl output even closer to new format.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca)

9 years agoHarmonize objects.pl output with new format.
Andy Polyakov [Sat, 7 Feb 2015 09:15:32 +0000 (10:15 +0100)]
Harmonize objects.pl output with new format.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57)

9 years agoFix error handling in ssltest
Matt Caswell [Thu, 5 Feb 2015 10:19:55 +0000 (10:19 +0000)]
Fix error handling in ssltest

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67)

9 years agoFixed bad formatting in crypto/des/spr.h
Rich Salz [Thu, 5 Feb 2015 14:44:30 +0000 (09:44 -0500)]
Fixed bad formatting in crypto/des/spr.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b)

9 years agoCheck PKCS#8 pkey field is valid before cleansing.
Dr. Stephen Henson [Sun, 1 Feb 2015 13:06:32 +0000 (13:06 +0000)]
Check PKCS#8 pkey field is valid before cleansing.

PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770)

9 years agoFix for reformat problems with e_padlock.c
Matt Caswell [Thu, 22 Jan 2015 11:44:18 +0000 (11:44 +0000)]
Fix for reformat problems with e_padlock.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0)

9 years agoFix formatting error in pem.h
Matt Caswell [Thu, 22 Jan 2015 10:42:48 +0000 (10:42 +0000)]
Fix formatting error in pem.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
Conflicts:
crypto/pem/pem.h

Conflicts:
crypto/pem/pem.h

9 years agoRe-align some comments after running the reformat script. OpenSSL_0_9_8-post-reformat
Matt Caswell [Mon, 5 Jan 2015 11:30:03 +0000 (11:30 +0000)]
Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 0.9.8 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoRerun util/openssl-format-source -v -c . OpenSSL_0_9_8-post-auto-reformat
Matt Caswell [Thu, 22 Jan 2015 02:48:18 +0000 (02:48 +0000)]
Rerun util/openssl-format-source -v -c .

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoRun util/openssl-format-source -v -c .
Matt Caswell [Thu, 22 Jan 2015 02:47:42 +0000 (02:47 +0000)]
Run util/openssl-format-source -v -c .

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoMore comment changes required for indent OpenSSL_0_9_8-pre-auto-reformat
Matt Caswell [Thu, 22 Jan 2015 02:41:39 +0000 (02:41 +0000)]
More comment changes required for indent

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoYet more changes to comments
Matt Caswell [Thu, 22 Jan 2015 00:57:19 +0000 (00:57 +0000)]
Yet more changes to comments

Conflicts:
ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoMore tweaks for comments due indent issues
Matt Caswell [Wed, 21 Jan 2015 23:54:59 +0000 (23:54 +0000)]
More tweaks for comments due indent issues

Conflicts:
ssl/ssl_ciph.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoBackport hw_ibmca.c from master due to failed merge
Matt Caswell [Wed, 21 Jan 2015 22:03:55 +0000 (22:03 +0000)]
Backport hw_ibmca.c from master due to failed merge

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoTweaks for comments due to indent's inability to handle them
Matt Caswell [Wed, 21 Jan 2015 21:22:49 +0000 (21:22 +0000)]
Tweaks for comments due to indent's inability to handle them

Conflicts:
ssl/s3_srvr.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoMove more comments that confuse indent
Matt Caswell [Wed, 21 Jan 2015 19:18:47 +0000 (19:18 +0000)]
Move more comments that confuse indent

Conflicts:
crypto/dsa/dsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl_locl.h

Conflicts:
crypto/bn/rsaz_exp.c
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
ssl/ssl_locl.h

Conflicts:
crypto/ec/ec2_oct.c
crypto/ec/ecp_nistp256.c
crypto/ec/ecp_nistp521.c
crypto/ec/ecp_nistputil.c
crypto/ec/ecp_oct.c
crypto/modes/gcm128.c
ssl/ssl_locl.h

Conflicts:
apps/apps.c
crypto/crypto.h
crypto/rand/md_rand.c
ssl/d1_pkt.c
ssl/ssl.h
ssl/ssl_locl.h
ssl/ssltest.c
ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoDelete trailing whitespace from output.
Dr. Stephen Henson [Wed, 21 Jan 2015 15:32:54 +0000 (15:32 +0000)]
Delete trailing whitespace from output.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoAdd -d debug option to save preprocessed files.
Dr. Stephen Henson [Tue, 20 Jan 2015 18:53:56 +0000 (18:53 +0000)]
Add -d debug option to save preprocessed files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoTest option -nc
Dr. Stephen Henson [Tue, 20 Jan 2015 18:49:04 +0000 (18:49 +0000)]
Test option -nc

Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoAdd ecp_nistz256.c to list of files skipped by openssl-format-source
Matt Caswell [Wed, 21 Jan 2015 16:37:58 +0000 (16:37 +0000)]
Add ecp_nistz256.c to list of files skipped by openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoManually reformat aes_x86core.c and add it to the list of files skipped by
Matt Caswell [Wed, 21 Jan 2015 16:34:27 +0000 (16:34 +0000)]
Manually reformat aes_x86core.c and add it to the list of files skipped by
openssl-format-source

Conflicts:
crypto/aes/aes_x86core.c

Conflicts:
crypto/aes/aes_x86core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoFix indent comment corruption issue
Matt Caswell [Wed, 21 Jan 2015 16:12:59 +0000 (16:12 +0000)]
Fix indent comment corruption issue

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoAmend openssl-format-source so that it give more repeatable output
Matt Caswell [Wed, 21 Jan 2015 15:28:57 +0000 (15:28 +0000)]
Amend openssl-format-source so that it give more repeatable output

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agobn/bn_const.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 12:18:42 +0000 (13:18 +0100)]
bn/bn_const.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agobn/asm/x86_64-gcc.cL make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 10:54:03 +0000 (11:54 +0100)]
bn/asm/x86_64-gcc.cL make it indent-friendly.

Conflicts:
crypto/bn/asm/x86_64-gcc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agobn/bn_asm.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 10:50:56 +0000 (11:50 +0100)]
bn/bn_asm.c: make it indent-friendly.

Conflicts:
crypto/bn/bn_asm.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agobn/bn_exp.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 10:45:23 +0000 (11:45 +0100)]
bn/bn_exp.c: make it indent-friendly.

Conflicts:
crypto/bn/bn_exp.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoManually reformat aes_core.c
Matt Caswell [Wed, 21 Jan 2015 14:01:16 +0000 (14:01 +0000)]
Manually reformat aes_core.c
Add aes_core.c to the list of files not processed by openssl-format-source

Conflicts:
crypto/aes/aes_core.c

Conflicts:
crypto/aes/aes_core.c

Conflicts:
crypto/aes/aes_core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoAdd obj_dat.h to the list of files that will not be processed by
Matt Caswell [Wed, 21 Jan 2015 13:51:38 +0000 (13:51 +0000)]
Add obj_dat.h to the list of files that will not be processed by
openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoFix strange formatting by indent
Matt Caswell [Wed, 21 Jan 2015 12:19:08 +0000 (12:19 +0000)]
Fix strange formatting by indent

Conflicts:
crypto/hmac/hmac.h

Conflicts:
crypto/evp/e_aes_cbc_hmac_sha256.c

Conflicts:
crypto/ec/ecp_nistp224.c
crypto/ec/ecp_nistp256.c
crypto/ec/ecp_nistp521.c
crypto/ec/ectest.c

Conflicts:
crypto/asn1/asn1_par.c
crypto/evp/e_des3.c
crypto/hmac/hmac.h
crypto/sparcv9cap.c
engines/ccgost/gost94_keyx.c
ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoindent has problems with comments that are on the right hand side of a line.
Matt Caswell [Wed, 21 Jan 2015 11:09:58 +0000 (11:09 +0000)]
indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
crypto/bn/bn.h
crypto/ec/ec_lcl.h
crypto/rsa/rsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl.h
ssl/ssl3.h

Conflicts:
crypto/ec/ec_lcl.h
ssl/tls1.h

Conflicts:
crypto/ec/ecp_nistp224.c
crypto/evp/evp.h
ssl/d1_both.c
ssl/ssl.h
ssl/ssl_lib.c

Conflicts:
crypto/bio/bss_file.c
crypto/ec/ec_lcl.h
crypto/evp/evp.h
crypto/store/str_mem.c
crypto/whrlpool/wp_block.c
crypto/x509/x509_vfy.h
ssl/ssl.h
ssl/ssl3.h
ssl/ssltest.c
ssl/t1_lib.c
ssl/tls1.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agocrypto/mem_dbg.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 22:45:19 +0000 (23:45 +0100)]
crypto/mem_dbg.c: make it indent-friendly.

Conflicts:
crypto/mem_dbg.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoMore indent fixes for STACK_OF
Matt Caswell [Wed, 21 Jan 2015 09:33:22 +0000 (09:33 +0000)]
More indent fixes for STACK_OF

Conflicts:
ssl/s3_lib.c

Conflicts:
apps/cms.c
crypto/x509/x509_lu.c
crypto/x509/x509_vfy.h
ssl/s3_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoFix indent issue with engine.h
Matt Caswell [Tue, 20 Jan 2015 22:17:03 +0000 (22:17 +0000)]
Fix indent issue with engine.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoFix logic to check for indent.pro
Matt Caswell [Tue, 20 Jan 2015 22:13:39 +0000 (22:13 +0000)]
Fix logic to check for indent.pro

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agocrypto/cryptlib.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 14:49:55 +0000 (15:49 +0100)]
crypto/cryptlib.c: make it indent-friendly.

Conflicts:
crypto/cryptlib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agobn/bntest.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 14:22:42 +0000 (15:22 +0100)]
bn/bntest.c: make it indent-friendly.

Conflicts:
crypto/bn/bntest.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agobn/bn_recp.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 14:12:07 +0000 (15:12 +0100)]
bn/bn_recp.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoengines/e_ubsec.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 13:57:46 +0000 (14:57 +0100)]
engines/e_ubsec.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoapps/speed.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 13:15:44 +0000 (14:15 +0100)]
apps/speed.c: make it indent-friendly.

Conflicts:
apps/speed.c

Conflicts:
apps/speed.c

Conflicts:
apps/speed.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoFix make errors
Matt Caswell [Wed, 14 Jan 2015 21:26:14 +0000 (21:26 +0000)]
Fix make errors

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoMake the script a little more location agnostic
Richard Levitte [Tue, 20 Jan 2015 15:18:23 +0000 (16:18 +0100)]
Make the script a little more location agnostic

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoProvide script for filtering data initialisers for structs/unions. indent just can...
Matt Caswell [Tue, 20 Jan 2015 12:37:42 +0000 (12:37 +0000)]
Provide script for filtering data initialisers for structs/unions. indent just can't handle it.

Reviewed-by: Tim Hudson <tjh@openssl.org>