oweals/openssl.git
9 years agoEngage vpaes-armv8 module.
Andy Polyakov [Wed, 18 Mar 2015 15:48:03 +0000 (16:48 +0100)]
Engage vpaes-armv8 module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoAdd vpaes-amrv8.pl module.
Andy Polyakov [Tue, 17 Mar 2015 08:57:27 +0000 (09:57 +0100)]
Add vpaes-amrv8.pl module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoConfigure: remove unused variables.
Andy Polyakov [Wed, 18 Mar 2015 15:56:38 +0000 (16:56 +0100)]
Configure: remove unused variables.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMake asn1_ex_i2c, asn1_ex_c2i static.
Dr. Stephen Henson [Sat, 28 Mar 2015 12:08:48 +0000 (12:08 +0000)]
Make asn1_ex_i2c, asn1_ex_c2i static.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
9 years agoRemove combine option from ASN.1 code.
Dr. Stephen Henson [Thu, 26 Mar 2015 15:39:55 +0000 (15:39 +0000)]
Remove combine option from ASN.1 code.

Remove the combine option. This was used for compatibility with some
non standard behaviour in ancient versions of OpenSSL: specifically
the X509_ATTRIBUTE and DSAPublicKey handling. Since these have now
been revised it is no longer needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoSimplify DSA public key handling.
Dr. Stephen Henson [Thu, 26 Mar 2015 14:35:49 +0000 (14:35 +0000)]
Simplify DSA public key handling.

DSA public keys could exist in two forms: a single Integer type or a
SEQUENCE containing the parameters and public key with a field called
"write_params" deciding which form to use. These forms are non standard
and were only used by functions containing "DSAPublicKey" in the name.

Simplify code to only use the parameter form and encode the public key
component directly in the DSA public key method.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoASN1_TYPE documentation.
Dr. Stephen Henson [Tue, 3 Feb 2015 16:09:32 +0000 (16:09 +0000)]
ASN1_TYPE documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoAdd Record Layer documentation
Matt Caswell [Thu, 26 Mar 2015 13:51:32 +0000 (13:51 +0000)]
Add Record Layer documentation

Add some design documentation on how the record layer works to aid future
maintenance.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix formatting oddities
Matt Caswell [Thu, 26 Mar 2015 15:14:42 +0000 (15:14 +0000)]
Fix formatting oddities

Fix some formatting oddities in rec_layer_d1.c.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix record.h formatting
Matt Caswell [Thu, 26 Mar 2015 13:17:38 +0000 (13:17 +0000)]
Fix record.h formatting

Fix some strange formatting in record.h. This was probably originally
introduced as part of the reformat work.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoDefine SEQ_NUM_SIZE
Matt Caswell [Thu, 26 Mar 2015 13:12:24 +0000 (13:12 +0000)]
Define SEQ_NUM_SIZE

Replace the hard coded value 8 (the size of the sequence number) with a
constant defined in a macro.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix compilation on windows for record layer
Matt Caswell [Wed, 4 Feb 2015 16:29:38 +0000 (16:29 +0000)]
Fix compilation on windows for record layer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRename record layer source files
Matt Caswell [Wed, 4 Feb 2015 16:02:37 +0000 (16:02 +0000)]
Rename record layer source files

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRemove some unneccessary macros
Matt Caswell [Wed, 4 Feb 2015 15:52:15 +0000 (15:52 +0000)]
Remove some unneccessary macros

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRenamed record layer header files
Matt Caswell [Wed, 4 Feb 2015 15:52:05 +0000 (15:52 +0000)]
Renamed record layer header files

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoReorganise header files
Matt Caswell [Wed, 4 Feb 2015 15:44:12 +0000 (15:44 +0000)]
Reorganise header files

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRemove last trace of non-record layer code reading and writing sequence
Matt Caswell [Wed, 4 Feb 2015 14:30:20 +0000 (14:30 +0000)]
Remove last trace of non-record layer code reading and writing sequence
numbers directly

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove last_write_sequence from s->d1 to s->rlayer.d.
Matt Caswell [Wed, 4 Feb 2015 11:57:34 +0000 (11:57 +0000)]
Move last_write_sequence from s->d1 to s->rlayer.d.
Also push some usage of last_write_sequence out of dtls1_retransmit_message
and into the record layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove ssl3_record_sequence_update into record layer
Matt Caswell [Wed, 4 Feb 2015 11:24:24 +0000 (11:24 +0000)]
Move ssl3_record_sequence_update into record layer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove buffered_app_data from s->d1 to s->rlayer.d
Matt Caswell [Wed, 4 Feb 2015 10:27:43 +0000 (10:27 +0000)]
Move buffered_app_data from s->d1 to s->rlayer.d

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove handshake_fragment, handshake_fragment_len, alert_fragment and
Matt Caswell [Wed, 4 Feb 2015 10:14:36 +0000 (10:14 +0000)]
Move handshake_fragment, handshake_fragment_len, alert_fragment and
alert_fragment_len from s->d1 to s->rlayer.d

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix seg fault in dtls1_new
Matt Caswell [Tue, 3 Feb 2015 16:11:49 +0000 (16:11 +0000)]
Fix seg fault in dtls1_new

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMoved processed_rcds and unprocessed_rcds from s->d1 to s->rlayer.d
Matt Caswell [Tue, 3 Feb 2015 16:05:28 +0000 (16:05 +0000)]
Moved processed_rcds and unprocessed_rcds from s->d1 to s->rlayer.d

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove bitmap and next_bitmap from s->d1 to s->rlayer.d.
Matt Caswell [Tue, 3 Feb 2015 15:39:06 +0000 (15:39 +0000)]
Move bitmap and next_bitmap from s->d1 to s->rlayer.d.
Create dtls_bitmap.h and dtls_bitmap.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove r_epoch and w_epoch from s->d1 to s->rlayer.d
Matt Caswell [Tue, 3 Feb 2015 15:14:24 +0000 (15:14 +0000)]
Move r_epoch and w_epoch from s->d1 to s->rlayer.d

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoIntroduce a DTLS_RECORD_LAYER type for DTLS record layer state
Matt Caswell [Tue, 3 Feb 2015 14:54:13 +0000 (14:54 +0000)]
Introduce a DTLS_RECORD_LAYER type for DTLS record layer state

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove DTLS1_RECORD_DATA into rec_layer.h
Matt Caswell [Tue, 3 Feb 2015 14:32:15 +0000 (14:32 +0000)]
Move DTLS1_RECORD_DATA into rec_layer.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove read_sequence and write_sequence from s->s3 to s->rlayer
Matt Caswell [Tue, 3 Feb 2015 14:26:50 +0000 (14:26 +0000)]
Move read_sequence and write_sequence from s->s3 to s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove s->s3->wpend_* to s->rlayer
Matt Caswell [Tue, 3 Feb 2015 13:22:12 +0000 (13:22 +0000)]
Move s->s3->wpend_* to s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove handshake_fragment, handshake_fragment_len, alert_fragment and
Matt Caswell [Tue, 3 Feb 2015 13:12:22 +0000 (13:12 +0000)]
Move handshake_fragment, handshake_fragment_len, alert_fragment and
alert_fragment_len from s->s3 into s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove s->s3->wnum to s->rlayer.wnum
Matt Caswell [Tue, 3 Feb 2015 11:16:30 +0000 (11:16 +0000)]
Move s->s3->wnum to s->rlayer.wnum

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove s->rstate to s->rlayer.rstate
Matt Caswell [Tue, 3 Feb 2015 10:48:28 +0000 (10:48 +0000)]
Move s->rstate to s->rlayer.rstate

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove s->packet and s->packet_length into s->rlayer
Matt Caswell [Mon, 2 Feb 2015 20:55:15 +0000 (20:55 +0000)]
Move s->packet and s->packet_length into s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRemove unneccessary use of accessor function now code is moved into record
Matt Caswell [Mon, 2 Feb 2015 16:14:03 +0000 (16:14 +0000)]
Remove unneccessary use of accessor function now code is moved into record
layer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMake rrec, wrec, rbuf and wbuf fully private to the record layer. Also, clean
Matt Caswell [Mon, 2 Feb 2015 16:02:55 +0000 (16:02 +0000)]
Make rrec, wrec, rbuf and wbuf fully private to the record layer. Also, clean
up some access to them. Now that various functions have been moved into the
record layer they no longer need to use the accessor macros.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRemoved dependency on rrec from heartbeat processing
Matt Caswell [Mon, 2 Feb 2015 15:47:39 +0000 (15:47 +0000)]
Removed dependency on rrec from heartbeat processing

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoIntroduce macro RECORD_LAYER_setup_comp_buffer
Matt Caswell [Mon, 2 Feb 2015 14:52:32 +0000 (14:52 +0000)]
Introduce macro RECORD_LAYER_setup_comp_buffer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix bug where rrec was being released...should have been removed by one of
Matt Caswell [Mon, 2 Feb 2015 14:08:34 +0000 (14:08 +0000)]
Fix bug where rrec was being released...should have been removed by one of
the earlier record layer commits

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove ssl3_pending into the record layer
Matt Caswell [Mon, 2 Feb 2015 14:03:50 +0000 (14:03 +0000)]
Move ssl3_pending into the record layer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRemove RECORD_LAYER_set_ssl and introduce RECORD_LAYER_init
Matt Caswell [Mon, 2 Feb 2015 13:57:12 +0000 (13:57 +0000)]
Remove RECORD_LAYER_set_ssl and introduce RECORD_LAYER_init

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoProvide RECORD_LAYER_set_data function
Matt Caswell [Mon, 2 Feb 2015 13:43:38 +0000 (13:43 +0000)]
Provide RECORD_LAYER_set_data function

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoIntroduce the functions RECORD_LAYER_release, RECORD_LAYER_read_pending, and
Matt Caswell [Mon, 2 Feb 2015 12:18:03 +0000 (12:18 +0000)]
Introduce the functions RECORD_LAYER_release, RECORD_LAYER_read_pending, and
RECORD_LAYER_write_pending.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoCreate RECORD_LAYER_clear function.
Matt Caswell [Mon, 2 Feb 2015 11:53:20 +0000 (11:53 +0000)]
Create RECORD_LAYER_clear function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoTidy up rec_layer.h. Add some comments regarding which functions should be
Matt Caswell [Mon, 2 Feb 2015 11:41:29 +0000 (11:41 +0000)]
Tidy up rec_layer.h. Add some comments regarding which functions should be
being used for what purpose.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMoved s3_pkt.c, s23_pkt.c and d1_pkt.c into the record layer.
Matt Caswell [Mon, 2 Feb 2015 10:38:12 +0000 (10:38 +0000)]
Moved s3_pkt.c, s23_pkt.c and d1_pkt.c into the record layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoSplit out non record layer functions out of s3_pkt.c and d1_pkt.c into
Matt Caswell [Mon, 2 Feb 2015 10:05:09 +0000 (10:05 +0000)]
Split out non record layer functions out of s3_pkt.c and d1_pkt.c into
the new files s3_msg.c and s1_msg.c respectively.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove more SSL3_RECORD oriented functions into ssl3_record.c
Matt Caswell [Sun, 1 Feb 2015 17:14:43 +0000 (17:14 +0000)]
Move more SSL3_RECORD oriented functions into ssl3_record.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove SSL3_RECORD oriented functions into ssl3_record.c
Matt Caswell [Sun, 1 Feb 2015 16:47:15 +0000 (16:47 +0000)]
Move SSL3_RECORD oriented functions into ssl3_record.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove SSL3_BUFFER set up and release code into ssl3_buffer.c
Matt Caswell [Sun, 1 Feb 2015 16:03:18 +0000 (16:03 +0000)]
Move SSL3_BUFFER set up and release code into ssl3_buffer.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove s->s3->wrec to s>rlayer>wrec
Matt Caswell [Sun, 1 Feb 2015 15:41:06 +0000 (15:41 +0000)]
Move s->s3->wrec to s>rlayer>wrec

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoEncapsulate s->s3->wrec
Matt Caswell [Sun, 1 Feb 2015 15:30:37 +0000 (15:30 +0000)]
Encapsulate s->s3->wrec

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove s->s3->rrec to s->rlayer->rrec
Matt Caswell [Fri, 30 Jan 2015 23:27:17 +0000 (23:27 +0000)]
Move s->s3->rrec to s->rlayer->rrec

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoEncapsulate s->s3->rrec
Matt Caswell [Fri, 30 Jan 2015 17:29:41 +0000 (17:29 +0000)]
Encapsulate s->s3->rrec

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove s->s3->wbuf to s->rlayer->wbuf
Matt Caswell [Fri, 30 Jan 2015 16:17:25 +0000 (16:17 +0000)]
Move s->s3->wbuf to s->rlayer->wbuf

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoEncapsulate access to s->s3->wbuf
Matt Caswell [Fri, 30 Jan 2015 16:05:47 +0000 (16:05 +0000)]
Encapsulate access to s->s3->wbuf

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove s->s3->rrec into s->rlayer
Matt Caswell [Fri, 30 Jan 2015 15:38:10 +0000 (15:38 +0000)]
Move s->s3->rrec into s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoEncapsulate SSL3_BUFFER and all access to s->s3->rbuf.
Matt Caswell [Fri, 30 Jan 2015 14:57:54 +0000 (14:57 +0000)]
Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoCreate a RECORD_LAYER structure and move read_ahead into it.
Matt Caswell [Fri, 30 Jan 2015 13:46:43 +0000 (13:46 +0000)]
Create a RECORD_LAYER structure and move read_ahead into it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoupdate ordinals
Dr. Stephen Henson [Wed, 25 Mar 2015 22:21:39 +0000 (22:21 +0000)]
update ordinals

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoMove more internal only functions to asn1_locl.h
Dr. Stephen Henson [Wed, 25 Mar 2015 22:02:42 +0000 (22:02 +0000)]
Move more internal only functions to asn1_locl.h

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agofree NULL cleanup.
Rich Salz [Wed, 25 Mar 2015 22:35:24 +0000 (18:35 -0400)]
free NULL cleanup.

This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
9 years agoResolve swallowed returns codes
Matt Caswell [Tue, 24 Mar 2015 15:10:15 +0000 (15:10 +0000)]
Resolve swallowed returns codes

The recent updates to libssl to enforce stricter return code checking, left
a small number of instances behind where return codes were being swallowed
(typically because the function they were being called from was declared as
void). This commit fixes those instances to handle the return codes more
appropriately.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agomake update
Dr. Stephen Henson [Wed, 25 Mar 2015 15:44:45 +0000 (15:44 +0000)]
make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove internal only ASN.1 functions to asn1_locl.h
Dr. Stephen Henson [Wed, 25 Mar 2015 15:42:56 +0000 (15:42 +0000)]
Move internal only ASN.1 functions to asn1_locl.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRemove X509_ATTRIBUTE hack.
Dr. Stephen Henson [Wed, 25 Mar 2015 15:08:55 +0000 (15:08 +0000)]
Remove X509_ATTRIBUTE hack.

The X509_ATTRIBUTE structure includes a hack to tolerate malformed
attributes that encode as the type instead of SET OF type. This form
is never created by OpenSSL and shouldn't be needed any more.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agofree NULL cleanup
Rich Salz [Wed, 25 Mar 2015 15:31:18 +0000 (11:31 -0400)]
free NULL cleanup

This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoSupport key loading from certificate file
Dr. Stephen Henson [Mon, 16 Feb 2015 13:44:22 +0000 (13:44 +0000)]
Support key loading from certificate file

Support loading of key and certificate from the same file if
SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the
filename used for each certificate type and attempting to load a private
key from the file when SSL_CONF_CTX_finish is called.

Update docs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agomake depend
Dr. Stephen Henson [Wed, 25 Mar 2015 12:25:16 +0000 (12:25 +0000)]
make depend

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agomake X509_NAME opaque
Dr. Stephen Henson [Mon, 16 Mar 2015 17:43:17 +0000 (17:43 +0000)]
make X509_NAME opaque

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix bug in s_client. Previously default verify locations would only be loaded
Matt Caswell [Wed, 25 Feb 2015 11:30:43 +0000 (11:30 +0000)]
Fix bug in s_client. Previously default verify locations would only be loaded
if CAfile or CApath were also supplied and successfully loaded first.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix HMAC to pass invalid key len test
Matt Caswell [Tue, 10 Feb 2015 13:15:25 +0000 (13:15 +0000)]
Fix HMAC to pass invalid key len test

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoAdd HMAC test for invalid key len
Matt Caswell [Tue, 10 Feb 2015 13:15:05 +0000 (13:15 +0000)]
Add HMAC test for invalid key len

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoEnsure that both the MD and key have been initialised before attempting to
Matt Caswell [Tue, 10 Feb 2015 11:39:52 +0000 (11:39 +0000)]
Ensure that both the MD and key have been initialised before attempting to
create an HMAC

Inspired by BoringSSL commit 2fe7f2d0d9a6fcc75b4e594eeec306cc55acd594

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoAdd more HMAC tests
Matt Caswell [Tue, 10 Feb 2015 12:38:04 +0000 (12:38 +0000)]
Add more HMAC tests

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG was disabled in 0.9.8q and 1.0.0c.
Matt Caswell [Thu, 5 Feb 2015 16:04:58 +0000 (16:04 +0000)]
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG was disabled in 0.9.8q and 1.0.0c.
This commit sets the value of SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG to
zero.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoDeprecate RAND_pseudo_bytes
Matt Caswell [Thu, 26 Feb 2015 13:52:30 +0000 (13:52 +0000)]
Deprecate RAND_pseudo_bytes

The justification for RAND_pseudo_bytes is somewhat dubious, and the reality
is that it is frequently being misused. RAND_bytes and RAND_pseudo_bytes in
the default implementation both end up calling ssleay_rand_bytes. Both may
return -1 in an error condition. If there is insufficient entropy then
both will return 0, but RAND_bytes will additionally add an error to the
error queue. They both return 1 on success.
Therefore the fundamental difference between the two is that one will add an
error to the error queue with insufficient entory whilst the other will not.
Frequently there are constructions of this form:

if(RAND_pseudo_bytes(...) <= 1)
goto err;

In the above form insufficient entropy is treated as an error anyway, so
RAND_bytes is probably the better form to use.

This form is also seen:
if(!RAND_pseudo_bytes(...))
goto err;

This is technically not correct at all since a -1 return value is
incorrectly handled - but this form will also treat insufficient entropy as
an error.

Within libssl it is required that you have correctly seeded your entropy
pool and so there seems little benefit in using RAND_pseudo_bytes.
Similarly in libcrypto many operations also require a correctly seeded
entropy pool and so in most interesting cases you would be better off
using RAND_bytes anyway. There is a significant risk of RAND_pseudo_bytes
being incorrectly used in scenarios where security can be compromised by
insufficient entropy.

If you are not using the default implementation, then most engines use the
same function to implement RAND_bytes and RAND_pseudo_bytes in any case.

Given its misuse, limited benefit, and potential to compromise security,
RAND_pseudo_bytes has been deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRAND_bytes updates
Matt Caswell [Thu, 26 Feb 2015 11:57:37 +0000 (11:57 +0000)]
RAND_bytes updates

Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix return checks in GOST engine
Matt Caswell [Fri, 13 Mar 2015 16:48:01 +0000 (16:48 +0000)]
Fix return checks in GOST engine

Filled in lots of return value checks that were missing the GOST engine, and
added appropriate error handling.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix misc NULL derefs in sureware engine
Matt Caswell [Fri, 13 Mar 2015 15:04:54 +0000 (15:04 +0000)]
Fix misc NULL derefs in sureware engine

Fix miscellaneous NULL pointer derefs in the sureware engine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoAdd ticket length before buffering DTLS message
Matt Caswell [Thu, 5 Feb 2015 13:59:16 +0000 (13:59 +0000)]
Add ticket length before buffering DTLS message

In ssl3_send_new_session_ticket the message to be sent is constructed. We
skip adding the length of the session ticket initially, then call
ssl_set_handshake_header, and finally go back and add in the length of the
ticket. Unfortunately, in DTLS, ssl_set_handshake_header also has the side
effect of buffering the message for subsequent retransmission if required.
By adding the ticket length after the call to ssl_set_handshake_header the
message that is buffered is incomplete, causing an invalid message to be
sent on retransmission.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoEnsure last_write_sequence is saved in DTLS1.2
Matt Caswell [Thu, 5 Feb 2015 13:54:37 +0000 (13:54 +0000)]
Ensure last_write_sequence is saved in DTLS1.2

In DTLS, immediately prior to epoch change, the write_sequence is supposed
to be stored in s->d1->last_write_sequence. The write_sequence is then reset
back to 00000000. In the event of retransmits of records from the previous
epoch, the last_write_sequence is restored. This commit fixes a bug in
DTLS1.2 where the write_sequence was being reset before last_write_sequence
was saved, and therefore retransmits are sent with incorrect sequence
numbers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agofree NULL cleanup
Rich Salz [Tue, 24 Mar 2015 14:17:37 +0000 (10:17 -0400)]
free NULL cleanup

Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoupdate ordinals
Dr. Stephen Henson [Tue, 24 Mar 2015 18:58:51 +0000 (18:58 +0000)]
update ordinals

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoUpdate ordinals
Richard Levitte [Tue, 24 Mar 2015 14:11:29 +0000 (15:11 +0100)]
Update ordinals

Thanks to the change of mkdef.pl, a few more deprecated functions were
properly defined in util/libeay.num.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoTeach mkdef.pl to handle multiline declarations.
Richard Levitte [Tue, 24 Mar 2015 14:02:51 +0000 (15:02 +0100)]
Teach mkdef.pl to handle multiline declarations.

For the moment, this is specially crafted for DECLARE_DEPRECATED because
that's where we found the problem, but it can easily be expanded to other
types of special delarations when needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoFix verify algorithm.
Dr. Stephen Henson [Tue, 24 Mar 2015 16:21:21 +0000 (16:21 +0000)]
Fix verify algorithm.

Disable loop checking when we retry verification with an alternative path.
This fixes the case where an intermediate CA is explicitly trusted and part
of the untrusted certificate list. By disabling loop checking for this case
the untrusted CA can be replaced by the explicitly trusted case and
verification will succeed.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agomake ASN1_OBJECT opaque
Dr. Stephen Henson [Sun, 15 Mar 2015 16:26:04 +0000 (16:26 +0000)]
make ASN1_OBJECT opaque

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoConfiguration file examples.
Dr. Stephen Henson [Fri, 13 Mar 2015 14:16:32 +0000 (14:16 +0000)]
Configuration file examples.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoMake OCSP response verification more flexible.
Dr. Stephen Henson [Sun, 22 Mar 2015 17:34:56 +0000 (17:34 +0000)]
Make OCSP response verification more flexible.

If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.

PR#3668

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agomake depend
Dr. Stephen Henson [Tue, 24 Mar 2015 12:05:05 +0000 (12:05 +0000)]
make depend

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoMove some EVP internals to evp_int.h
Dr. Stephen Henson [Mon, 23 Mar 2015 22:57:47 +0000 (22:57 +0000)]
Move some EVP internals to evp_int.h

Move EVP internals to evp_int.h, remove -Ievp hack from crypto/Makefile

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoMove some ASN.1 internals to asn1_int.h
Dr. Stephen Henson [Mon, 23 Mar 2015 18:42:42 +0000 (18:42 +0000)]
Move some ASN.1 internals to asn1_int.h

Move ASN.1 internals used across multiple directories into new internal
header file asn1_int.h remove crypto/Makefile hack which allowed other
directories to include "asn1_locl.h"

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agofree NULL cleanup
Rich Salz [Tue, 24 Mar 2015 11:52:24 +0000 (07:52 -0400)]
free NULL cleanup

Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoFix malloc define typo
Mike Frysinger [Sat, 21 Mar 2015 09:08:41 +0000 (05:08 -0400)]
Fix malloc define typo

Fix compilation failure when SCTP is compiled due to incorrect define.

Reported-by: Conrad Kostecki <ck+gentoobugzilla@bl4ckb0x.de>
URL: https://bugs.gentoo.org/543828

RT#3758
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoUse OPENSSL_malloc rather than malloc/calloc
Richard Levitte [Tue, 24 Mar 2015 11:16:31 +0000 (12:16 +0100)]
Use OPENSSL_malloc rather than malloc/calloc

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoFix eng_cryptodev to not depend on BN internals.
Richard Levitte [Tue, 24 Mar 2015 07:38:22 +0000 (08:38 +0100)]
Fix eng_cryptodev to not depend on BN internals.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoAdjust include path
Richard Levitte [Tue, 24 Mar 2015 10:59:01 +0000 (11:59 +0100)]
Adjust include path

Thanks to a -I.., the path does work, at least on unix.  However, this
doesn't work so well on VMS.  Correcting the path to not rely on given
-I does work on both.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoJPAKE Makefile missing 'files' target
Richard Levitte [Tue, 24 Mar 2015 10:57:14 +0000 (11:57 +0100)]
JPAKE Makefile missing 'files' target

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoRemove old style ASN.1 support.
Dr. Stephen Henson [Mon, 9 Feb 2015 14:54:48 +0000 (14:54 +0000)]
Remove old style ASN.1 support.

Remove old ASN.1 COMPAT type. This was meant as a temporary measure
so older ASN.1 code (from OpenSSL 0.9.6) still worked. It's a hack
which breaks constification and hopefully nothing uses it now, if
it ever did.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoreturn unexpected message when receiving kx with kDHr or kDHd
Kurt Roeckx [Sat, 14 Mar 2015 23:26:26 +0000 (00:26 +0100)]
return unexpected message when receiving kx with kDHr or kDHd

It was saying that it was an illegal parameter / unsupported cipher

Reviewed-by: Matt Caswell <matt@openssl.org>