Matt Caswell [Tue, 8 Sep 2015 08:13:50 +0000 (09:13 +0100)]
Remove redundant code
Clean up and remove lots of code that is now no longer needed due to the
move to the new state machine.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 4 Sep 2015 12:51:49 +0000 (13:51 +0100)]
Move server side DTLS to new state machine
Implement all of the necessary changes to make DTLS on the server work
with the new state machine code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 8 Sep 2015 08:19:22 +0000 (09:19 +0100)]
Move server side TLS to new state machine
Implement all of the necessary changes for moving TLS server side
processing into the new state machine code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 8 Sep 2015 08:38:08 +0000 (09:38 +0100)]
Split TLS server functions
Split the TLS server ssl3_get_* and ssl3_send_* functions into two ready
for the migration to the new state machine code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 12 Aug 2015 18:58:29 +0000 (19:58 +0100)]
Delete unused functions
Remove all the functions and dead code that is now no longer required as
a result of the DTLS client move into the new state machine code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 7 Sep 2015 21:00:36 +0000 (22:00 +0100)]
Implement DTLS client move to new state machine
Move all DTLS client side processing into the new state machine code. A
subsequent commit will clean up the old dead code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 11 Aug 2015 10:41:03 +0000 (11:41 +0100)]
dtls_get_message changes for state machine move
Create a dtls_get_message function similar to the old dtls1_get_message but
in the format required for the new state machine code. The old function will
eventually be deleted in later commits.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 30 Jul 2015 12:45:50 +0000 (13:45 +0100)]
Client TLS state machine rewrite cleanup
Remove redundant code following moving client side TLS handling to the new
state machine implementation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 7 Sep 2015 15:36:53 +0000 (16:36 +0100)]
Implement Client TLS state machine
This swaps the implementation of the client TLS state machine to use the
new state machine code instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 29 Jul 2015 13:08:49 +0000 (14:08 +0100)]
Split client message reading and writing functions
The new state machine code will split up the reading and writing of
hanshake messages into discrete phases. In order to facilitate that the
existing "get" type functions will be split into two halves: one to get
the message and one to process it. The "send" type functions will also have
all work relating to constructing the message split out into a separate
function just for that. For some functions there will also be separate
pre and post "work" phases to prepare or update state.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 29 Jul 2015 13:23:56 +0000 (14:23 +0100)]
Add initial state machine rewrite code
This is the first drop of the new state machine code.
The rewrite has the following objectives:
- Remove duplication of state code between client and server
- Remove duplication of state code between TLS and DTLS
- Simplify transitions and bring the logic together in a single location
so that it is easier to validate
- Remove duplication of code between each of the message handling functions
- Receive a message first and then work out whether that is a valid
transition - not the other way around (the other way causes lots of issues
where we are expecting one type of message next but actually get something
else)
- Separate message flow state from handshake state (in order to better
understand each)
- message flow state = when to flush buffers; handling restarts in the
event of NBIO events; handling the common flow of steps for reading a
message and the common flow of steps for writing a message etc
- handshake state = what handshake message are we working on now
- Control complexity: only the state machine can change state: keep all
the state changes local to a file
This builds on previous state machine related work:
- Surface CCS processing in the state machine
- Version negotiation rewrite
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 29 Jul 2015 13:20:05 +0000 (14:20 +0100)]
Split ssl3_get_message
The function ssl3_get_message gets a whole message from the underlying bio
and returns it to the state machine code. The new state machine code will
split this into two discrete steps: get the message header and get the
message body. This commit splits the existing function into these two
sub steps to facilitate the state machine implementation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Pascal Cuoq [Mon, 12 Oct 2015 10:19:19 +0000 (12:19 +0200)]
BN_GF2m_mod_inv(): check bn_wexpand return value
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
MR #1276, RT #4107
Rich Salz [Tue, 27 Oct 2015 17:40:11 +0000 (13:40 -0400)]
Remove SSLeay history, etc., from docs
If something was "present in all versions" of SSLeay, or if it was
added to a version of SSLeay (and therefore predates OpenSSL),
remove mention of it. Documentation history now starts with OpenSSL.
Remove mention of all history before OpenSSL 0.9.8, inclusive.
Remove all AUTHOR sections.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Tue, 27 Oct 2015 19:44:15 +0000 (15:44 -0400)]
Remove HAMC_cleanup
Old API for use with OpenSSL-0.9.6. Remove it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Mon, 26 Oct 2015 20:00:23 +0000 (16:00 -0400)]
Move crypto/threads to demo/threads
Reviewed-by: Richard Levitte <levitte@openssl.org>
Ben Laurie [Sat, 24 Oct 2015 17:37:12 +0000 (18:37 +0100)]
Probably fix travis (wine build).
Reviewed-by: Stephen Henson <steve@openssl.org>
Ben Laurie [Sat, 3 Oct 2015 15:43:21 +0000 (16:43 +0100)]
Improve make depend.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Ben Laurie [Sat, 3 Oct 2015 15:43:21 +0000 (16:43 +0100)]
Fix undeclared variable warnings.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Alessandro Ghedini [Thu, 8 Oct 2015 20:00:27 +0000 (22:00 +0200)]
Remove useless code
RT#4081
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Alessandro Ghedini [Thu, 8 Oct 2015 12:50:27 +0000 (14:50 +0200)]
Check memory allocation
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Alessandro Ghedini [Thu, 8 Oct 2015 12:41:09 +0000 (14:41 +0200)]
Fix references to various RFCs
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Alessandro Ghedini [Thu, 8 Oct 2015 12:40:42 +0000 (14:40 +0200)]
Fix typos
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Alessandro Ghedini [Thu, 8 Oct 2015 12:39:58 +0000 (14:39 +0200)]
Set salt length after the malloc has succeeded
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Alessandro Ghedini [Thu, 8 Oct 2015 12:38:57 +0000 (14:38 +0200)]
Fix memory leaks and other mistakes on errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Alessandro Ghedini [Thu, 8 Oct 2015 12:37:21 +0000 (14:37 +0200)]
Replace malloc+strlcpy with strdup
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Alessandro Ghedini [Fri, 2 Oct 2015 13:16:08 +0000 (15:16 +0200)]
Do not treat 0 return value from BIO_get_fd() as error
0 is a valid file descriptor.
RT#4068
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Alessandro Ghedini [Fri, 23 Oct 2015 15:55:27 +0000 (17:55 +0200)]
Remove bugs/ and crypto/threads/
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Adam Eijdenberg [Mon, 19 Oct 2015 18:16:25 +0000 (11:16 -0700)]
Clarify return values for EVP_DigestVerifyFinal.
Previous language was unclear. New language isn't pretty but I believe
it is more accurate.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Thu, 22 Oct 2015 21:45:45 +0000 (23:45 +0200)]
Only include SRP headers when OPENSSL_NO_SRP is undefined
[fixes github issue #447]
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Thu, 22 Oct 2015 15:33:47 +0000 (17:33 +0200)]
Make Configure die when unsupported options are given
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Thu, 22 Oct 2015 15:09:14 +0000 (17:09 +0200)]
Add an explicit list of options that can be disabled, enabled, ...
Configure has, so far, had no control at all of which 'no-' options it
can be given. This means that, for example, someone could configure
with something absurd like 'no-stack' and then watch the build crumble
to dust... or file a bug report.
This introduces some sanity into the possible choices.
The added list comes from looking for the explicit ones used in
Configure, and from grepping after OPENSSL_NO_ in all source files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 19 Oct 2015 18:53:14 +0000 (20:53 +0200)]
make update
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Mon, 19 Oct 2015 03:24:16 +0000 (05:24 +0200)]
Don't forget to load the CT error strings
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Mon, 19 Oct 2015 02:20:01 +0000 (04:20 +0200)]
Handle CT error macros separately
Because the default error macro generator assumes the header file with
error macros is in include/openssl and therefore generates a C file
with error texts that include <openssl/{name}.h>, we need to generate
the error macros and texts for CT separately, since the CT module
doesn't follow the default criteria.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 21 Oct 2015 13:40:15 +0000 (14:40 +0100)]
Don't use SSLv23_server_method in an example
The function SSLv23_server_method() is an old name. New code should use
TLS_server_method() instead. Therefore don't use SSLv23_server_method() in
an example in the docs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 21 Oct 2015 09:00:24 +0000 (10:00 +0100)]
Avoid undefined behaviour in PACKET_buf_init
Change the sanity check in PACKET_buf_init to check for excessive length
buffers, which should catch the interesting cases where len has been cast
from a negative value whilst avoiding any undefined behaviour.
RT#4094
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Sun, 18 Oct 2015 19:31:21 +0000 (21:31 +0200)]
ct_locl.h moved, reflect it in crypto/ct/Makefile
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Sun, 18 Oct 2015 06:59:51 +0000 (08:59 +0200)]
make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Sun, 18 Oct 2015 06:59:00 +0000 (08:59 +0200)]
Add crypto/include/internal to the directories to scan for stack declarations
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Sun, 18 Oct 2015 06:57:37 +0000 (08:57 +0200)]
Because ct_locl.h is used between modules, move it to internal headers
Rename it to ct_int.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Sat, 17 Oct 2015 23:16:23 +0000 (00:16 +0100)]
Move auto Host adding to query_responder
Check for Host header in query_responder instead of process_responder. This
also fixes a memory leak in the old code if the headers was NULL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sat, 17 Oct 2015 23:04:10 +0000 (00:04 +0100)]
Fix memory leak with -issuer option.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sat, 17 Oct 2015 23:54:13 +0000 (00:54 +0100)]
set string type when embedding
Reviewed-by: Tim Hudson <tjh@openssl.org>
Manish Goregaokar [Sat, 17 Oct 2015 11:10:55 +0000 (16:40 +0530)]
Move contributing info to CONTRIBUTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Fri, 16 Oct 2015 15:19:04 +0000 (11:19 -0400)]
Run tests on Travis for mingw builds as well
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Dmitry Belyavsky [Fri, 16 Oct 2015 09:07:57 +0000 (10:07 +0100)]
Fix error message when loading engines from config
When using command line applications errors occur when trying to
load engines specified in a config file. Introduced by commit
a0a82324f96
RT#4093
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Tue, 13 Oct 2015 14:02:47 +0000 (15:02 +0100)]
Remove Obsolete engines
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed:
4758cca, aep, atalla,
cswift, nuron, sureware.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 5 Aug 2015 02:21:40 +0000 (03:21 +0100)]
Fix self signed handling.
Don't mark a certificate as self signed if keyUsage is present and
certificate signing not asserted.
PR#3979
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sun, 11 Oct 2015 20:13:42 +0000 (21:13 +0100)]
embed CRL serial number and signature fields
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Sun, 11 Oct 2015 20:05:49 +0000 (21:05 +0100)]
embed certificate serial number and signature fields
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Sun, 11 Oct 2015 19:44:07 +0000 (20:44 +0100)]
embed value field of X509_EXTENSION
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Sun, 11 Oct 2015 20:20:19 +0000 (21:20 +0100)]
add CHANGES entry for embed
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Sun, 11 Oct 2015 22:25:08 +0000 (23:25 +0100)]
Handle embed flag in ASN1_STRING_copy().
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Thu, 15 Oct 2015 10:53:35 +0000 (12:53 +0200)]
PACKET: fix __owur
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Thu, 15 Oct 2015 11:27:55 +0000 (13:27 +0200)]
Appease gcc's Wmaybe-uninitialized
False positive: gcc (4.8) can't figure out the SSL_IS_DTLS logic.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Wed, 14 Oct 2015 16:32:38 +0000 (18:32 +0200)]
Remove EVP_CHECK_DES_KEY
Thanks to the OpenBSD community for bringing this to our attention.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Fri, 9 Oct 2015 15:38:47 +0000 (17:38 +0200)]
ct_locl.h: fix some comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Fri, 9 Oct 2015 18:00:53 +0000 (20:00 +0200)]
make depend: prefer clang over makedepend
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Mon, 12 Oct 2015 20:14:04 +0000 (21:14 +0100)]
RFC5753 compliance.
RFC5753 requires that we omit parameters for AES key wrap and set them
to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm
parameters so can transparently handle either form.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Alessandro Ghedini [Tue, 6 Oct 2015 18:27:50 +0000 (20:27 +0200)]
Add Clang 3.6 and additional GCC 5 builds to travis
Follow-up to
f386742.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Alessandro Ghedini [Mon, 12 Oct 2015 20:15:43 +0000 (16:15 -0400)]
GH429: Add clang to travis
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Andy Polyakov [Mon, 12 Oct 2015 20:31:20 +0000 (22:31 +0200)]
testlib/OpenSSL/Test.pm: remove redundant 'cmd /c', MSWin32 Perl can take care of itself.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Mon, 12 Oct 2015 20:26:14 +0000 (22:26 +0200)]
Harmonize do_rehash_rule with updated test/recipies/25-test_verify.t.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Mon, 12 Oct 2015 20:24:27 +0000 (22:24 +0200)]
Test suite: chomp->s/\R// to harmonize with mingw 'make test'.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Mon, 12 Oct 2015 20:16:07 +0000 (22:16 +0200)]
Test suite: minimal required to get mingw 'make test' work under Linux.
(part by Alessandro Ghedini)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 12 Oct 2015 12:03:50 +0000 (13:03 +0100)]
Rename -set-serial command to req
Previous OpenSSL versions used -set_serial, but master was using
-set-serial - so rename it back to the old version.
RT#4059
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 12 Oct 2015 11:40:15 +0000 (12:40 +0100)]
Centralise loading default apps config file
Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.
RT#4085
RT#4086
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 12 Oct 2015 08:44:15 +0000 (09:44 +0100)]
Fix option name discrepancy
There used to be options -macopt and -sigopt in <=1.0.2 for the dgst
command line app. These were incorrectly spelled as -macop and -sigop in
master.
RT#4072
Reviewed-by: Andy Polyakov <appro@openssl.org>
Andy Polyakov [Wed, 7 Oct 2015 07:35:12 +0000 (09:35 +0200)]
Configurations: move -Wno-pedantic-ms-format to .travis.yml.
The option is not available in older toolchains and would cause breakage.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 7 Oct 2015 13:42:34 +0000 (14:42 +0100)]
embed OCSP_CERTID
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 7 Oct 2015 12:28:46 +0000 (13:28 +0100)]
embed support for ASN1_STRING
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 6 Oct 2015 22:04:08 +0000 (23:04 +0100)]
Embed various OCSP fields.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 6 Oct 2015 21:53:48 +0000 (22:53 +0100)]
embed support for CHOICE type
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Sat, 12 Sep 2015 02:53:40 +0000 (03:53 +0100)]
Skip PSK tests for no-psk
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 11 Sep 2015 16:08:11 +0000 (17:08 +0100)]
Make no-psk compile without warnings.
PR#4035
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sat, 10 Oct 2015 23:06:56 +0000 (00:06 +0100)]
Typo.
PR#4079
Reviewed-by: Tim Hudson <tjh@openssl.org>
Emilia Kasper [Tue, 6 Oct 2015 15:20:32 +0000 (17:20 +0200)]
DTLS: remove unused cookie field
Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Fri, 9 Oct 2015 11:10:16 +0000 (12:10 +0100)]
Fix Windows build
Add the new ct directory to mkfiles.pl and fix the ct Makefile
Reviewed-by: Andy Polyakov <appro@openssl.org>
Adam Eijdenberg [Tue, 15 Sep 2015 16:13:48 +0000 (09:13 -0700)]
Initial commit for Certificate Transparency support
Original authors:
Rob Stradling <rob@comodo.com>
Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Fri, 2 Oct 2015 12:40:30 +0000 (14:40 +0200)]
PACKET: simplify ServerKeyExchange parsing
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Thu, 8 Oct 2015 14:29:15 +0000 (15:29 +0100)]
Fix no-ripemd on Windows
mkdef.pl was getting confused by:
# ifdef OPENSSL_NO_RMD160
# error RIPEMD is disabled.
# endif
Changing RIPEMD to RMD160 solves it. Fix suggested by Steve Henson.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 8 Oct 2015 12:36:10 +0000 (13:36 +0100)]
Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify
The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).
Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.
This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.
RT#4076
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Thu, 8 Oct 2015 09:53:07 +0000 (11:53 +0200)]
When ENGINE_add finds that id or name is missing, actually return
Reviewed-by: Matt Caswell <matt@openssl.org>
Pascal Cuoq [Wed, 6 May 2015 08:15:28 +0000 (10:15 +0200)]
Don't check pointer we just freed, always set it to NULL.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
Pascal Cuoq [Tue, 5 May 2015 09:20:39 +0000 (11:20 +0200)]
Move BN_CTX_start() call so the error case can always call BN_CTX_end().
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
Pascal Cuoq [Tue, 5 May 2015 09:20:39 +0000 (11:20 +0200)]
Move BN_CTX_start() call so the error case can always call BN_CTX_end().
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
Pascal Cuoq [Wed, 6 May 2015 07:55:28 +0000 (09:55 +0200)]
Properly check return type of DH_compute_key()
It returns -1 on error, not 0.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
Pascal Cuoq [Wed, 6 May 2015 09:31:27 +0000 (11:31 +0200)]
Set flags to 0 before calling BN_with_flags()
BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
overwrites everything else.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
Matt Caswell [Wed, 7 Oct 2015 14:20:47 +0000 (15:20 +0100)]
Don't advance PACKET in ssl_check_for_safari
The function ssl_check_for_safari fingerprints the incoming extensions
to see whether it is one of the broken versions of safari. However it was
failing to reset the PACKET back to the same position it started in, hence
causing some extensions to be skipped incorrectly.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Alessandro Ghedini [Tue, 6 Oct 2015 16:23:42 +0000 (12:23 -0400)]
Fix travis builds on master
-Allow mingw debug builds to fail on Travis CI
-Fix Travis email notifications config
-Rename a variable to avoid a bogus warning with old GCC
error: declaration of ``dup'' shadows a global declaration [-Werror=shadow]
-Disable pedantic ms-format warnings with mingw
-Properly define const DH parameters
-Restore --debug flag in Travis CI builds; -d would get incorrectly passed
to ./Configure in mingw debug builds.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Tue, 6 Oct 2015 15:27:35 +0000 (17:27 +0200)]
SSLv2 compat ciphers: clarify comment
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Tue, 6 Oct 2015 13:15:14 +0000 (14:15 +0100)]
Don't try and parse boolean type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Mon, 5 Oct 2015 13:23:37 +0000 (15:23 +0200)]
Address more Windows warnings illuminated by mingw.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dmitry Belyavskiy [Sun, 4 Oct 2015 09:11:26 +0000 (12:11 +0300)]
New cipher and cipher modes standardized in Russia
This change introduces short names and NIDs for Russian GOST ciphers
according to GOST R 34.13-2015
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Alessandro Ghedini [Fri, 2 Oct 2015 11:43:29 +0000 (13:43 +0200)]
Validate ClientHello extension field length
RT#4069
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Thu, 1 Oct 2015 11:54:11 +0000 (13:54 +0200)]
Add PACKET_copy_all
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Thu, 1 Oct 2015 11:00:39 +0000 (13:00 +0200)]
ssl_sess.c: grab a copy of the session ID
The user callback takes a non-const pointer, so don't pass PACKET data
to it directly; rather, grab a local copy.
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Thu, 1 Oct 2015 10:53:08 +0000 (12:53 +0200)]
PACKETize and clean up ssl_bytes_to_cipher_list.
Fix alerts.
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Wed, 30 Sep 2015 13:33:12 +0000 (15:33 +0200)]
ssl3_get_client_hello: rearrange logic
Move all packet parsing to the beginning of the method. This limits the
SSLv2 compatibility soup to the parsing, and makes the rest of the
processing uniform.
This is also needed for simpler EMS support: EMS servers need to do an
early scan for EMS to make resumption decisions. This'll be easier when
the entire ClientHello is parsed in the beginning.
As a side effect,
1) PACKETize ssl_get_prev_session and tls1_process_ticket; and
2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.
Reviewed-by: Matt Caswell <matt@openssl.org>