Andy Polyakov [Sat, 28 Mar 2015 14:27:34 +0000 (15:27 +0100)]
sha/asm/sha512-armv4.pl: adapt for use in Linux kernel context.
Follow-up to sha256-armv4.pl in cooperation with Ard Biesheuvel
(Linaro) and Sami Tolvanen (Google).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Sat, 28 Mar 2015 14:21:35 +0000 (15:21 +0100)]
sha/asm/sha256-armv4.pl: fix compile issue in kernel
and eliminate little-endian dependency.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Sun, 29 Mar 2015 07:42:58 +0000 (09:42 +0200)]
Have a shared library version thats reasonable with our version scheme
The FAQ says this:
After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
releases (e.g. 1.0.1a) can only contain bug and security fixes and no
new features. Minor releases change the last number (e.g. 1.0.2) and
can contain new features that retain binary compatibility. Changes to
the middle number are considered major releases and neither source nor
binary compatibility is guaranteed.
With such a scheme (and with the thinking that it's nice if the shared
library version stays on track with the OpenSSL version), it's rather
futile to keep the minor release number in the shared library version.
The deed already done with OpenSSL 1.0.x can't be changed, but with
1.x.y, x=1 and on, 1.x as shared library version is sufficient.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Thu, 26 Mar 2015 15:56:00 +0000 (15:56 +0000)]
Add private/public key conversion tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sat, 28 Mar 2015 13:53:16 +0000 (13:53 +0000)]
Remove d2i_X509_PKEY and i2d_X509_PKEY
Remove partially implemented d2i_X509_PKEY and i2d_X509_PKEY: nothing
uses them and they don't work properly. Update ordinals.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Andy Polyakov [Fri, 13 Mar 2015 10:12:19 +0000 (11:12 +0100)]
ec/asm/ecp_nistz256-x86_64.pl: update commentary with before-after performance data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 28 Mar 2015 14:54:15 +0000 (10:54 -0400)]
free NULL cleanup
EVP_.*free; this gets:
EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Andy Polyakov [Wed, 18 Mar 2015 15:48:03 +0000 (16:48 +0100)]
Engage vpaes-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Tue, 17 Mar 2015 08:57:27 +0000 (09:57 +0100)]
Add vpaes-amrv8.pl module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 18 Mar 2015 15:56:38 +0000 (16:56 +0100)]
Configure: remove unused variables.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sat, 28 Mar 2015 12:08:48 +0000 (12:08 +0000)]
Make asn1_ex_i2c, asn1_ex_c2i static.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Thu, 26 Mar 2015 15:39:55 +0000 (15:39 +0000)]
Remove combine option from ASN.1 code.
Remove the combine option. This was used for compatibility with some
non standard behaviour in ancient versions of OpenSSL: specifically
the X509_ATTRIBUTE and DSAPublicKey handling. Since these have now
been revised it is no longer needed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 26 Mar 2015 14:35:49 +0000 (14:35 +0000)]
Simplify DSA public key handling.
DSA public keys could exist in two forms: a single Integer type or a
SEQUENCE containing the parameters and public key with a field called
"write_params" deciding which form to use. These forms are non standard
and were only used by functions containing "DSAPublicKey" in the name.
Simplify code to only use the parameter form and encode the public key
component directly in the DSA public key method.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 3 Feb 2015 16:09:32 +0000 (16:09 +0000)]
ASN1_TYPE documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 26 Mar 2015 13:51:32 +0000 (13:51 +0000)]
Add Record Layer documentation
Add some design documentation on how the record layer works to aid future
maintenance.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 26 Mar 2015 15:14:42 +0000 (15:14 +0000)]
Fix formatting oddities
Fix some formatting oddities in rec_layer_d1.c.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 26 Mar 2015 13:17:38 +0000 (13:17 +0000)]
Fix record.h formatting
Fix some strange formatting in record.h. This was probably originally
introduced as part of the reformat work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 26 Mar 2015 13:12:24 +0000 (13:12 +0000)]
Define SEQ_NUM_SIZE
Replace the hard coded value 8 (the size of the sequence number) with a
constant defined in a macro.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 16:29:38 +0000 (16:29 +0000)]
Fix compilation on windows for record layer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 16:02:37 +0000 (16:02 +0000)]
Rename record layer source files
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 15:52:15 +0000 (15:52 +0000)]
Remove some unneccessary macros
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 15:52:05 +0000 (15:52 +0000)]
Renamed record layer header files
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 15:44:12 +0000 (15:44 +0000)]
Reorganise header files
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 14:30:20 +0000 (14:30 +0000)]
Remove last trace of non-record layer code reading and writing sequence
numbers directly
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 11:57:34 +0000 (11:57 +0000)]
Move last_write_sequence from s->d1 to s->rlayer.d.
Also push some usage of last_write_sequence out of dtls1_retransmit_message
and into the record layer.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 11:24:24 +0000 (11:24 +0000)]
Move ssl3_record_sequence_update into record layer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 10:27:43 +0000 (10:27 +0000)]
Move buffered_app_data from s->d1 to s->rlayer.d
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Feb 2015 10:14:36 +0000 (10:14 +0000)]
Move handshake_fragment, handshake_fragment_len, alert_fragment and
alert_fragment_len from s->d1 to s->rlayer.d
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 16:11:49 +0000 (16:11 +0000)]
Fix seg fault in dtls1_new
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 16:05:28 +0000 (16:05 +0000)]
Moved processed_rcds and unprocessed_rcds from s->d1 to s->rlayer.d
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 15:39:06 +0000 (15:39 +0000)]
Move bitmap and next_bitmap from s->d1 to s->rlayer.d.
Create dtls_bitmap.h and dtls_bitmap.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 15:14:24 +0000 (15:14 +0000)]
Move r_epoch and w_epoch from s->d1 to s->rlayer.d
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 14:54:13 +0000 (14:54 +0000)]
Introduce a DTLS_RECORD_LAYER type for DTLS record layer state
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 14:32:15 +0000 (14:32 +0000)]
Move DTLS1_RECORD_DATA into rec_layer.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 14:26:50 +0000 (14:26 +0000)]
Move read_sequence and write_sequence from s->s3 to s->rlayer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 13:22:12 +0000 (13:22 +0000)]
Move s->s3->wpend_* to s->rlayer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 13:12:22 +0000 (13:12 +0000)]
Move handshake_fragment, handshake_fragment_len, alert_fragment and
alert_fragment_len from s->s3 into s->rlayer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 11:16:30 +0000 (11:16 +0000)]
Move s->s3->wnum to s->rlayer.wnum
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Feb 2015 10:48:28 +0000 (10:48 +0000)]
Move s->rstate to s->rlayer.rstate
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 20:55:15 +0000 (20:55 +0000)]
Move s->packet and s->packet_length into s->rlayer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 16:14:03 +0000 (16:14 +0000)]
Remove unneccessary use of accessor function now code is moved into record
layer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 16:02:55 +0000 (16:02 +0000)]
Make rrec, wrec, rbuf and wbuf fully private to the record layer. Also, clean
up some access to them. Now that various functions have been moved into the
record layer they no longer need to use the accessor macros.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 15:47:39 +0000 (15:47 +0000)]
Removed dependency on rrec from heartbeat processing
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 14:52:32 +0000 (14:52 +0000)]
Introduce macro RECORD_LAYER_setup_comp_buffer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 14:08:34 +0000 (14:08 +0000)]
Fix bug where rrec was being released...should have been removed by one of
the earlier record layer commits
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 14:03:50 +0000 (14:03 +0000)]
Move ssl3_pending into the record layer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 13:57:12 +0000 (13:57 +0000)]
Remove RECORD_LAYER_set_ssl and introduce RECORD_LAYER_init
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 13:43:38 +0000 (13:43 +0000)]
Provide RECORD_LAYER_set_data function
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 12:18:03 +0000 (12:18 +0000)]
Introduce the functions RECORD_LAYER_release, RECORD_LAYER_read_pending, and
RECORD_LAYER_write_pending.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 11:53:20 +0000 (11:53 +0000)]
Create RECORD_LAYER_clear function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 11:41:29 +0000 (11:41 +0000)]
Tidy up rec_layer.h. Add some comments regarding which functions should be
being used for what purpose.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 10:38:12 +0000 (10:38 +0000)]
Moved s3_pkt.c, s23_pkt.c and d1_pkt.c into the record layer.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 2 Feb 2015 10:05:09 +0000 (10:05 +0000)]
Split out non record layer functions out of s3_pkt.c and d1_pkt.c into
the new files s3_msg.c and s1_msg.c respectively.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Sun, 1 Feb 2015 17:14:43 +0000 (17:14 +0000)]
Move more SSL3_RECORD oriented functions into ssl3_record.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Sun, 1 Feb 2015 16:47:15 +0000 (16:47 +0000)]
Move SSL3_RECORD oriented functions into ssl3_record.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Sun, 1 Feb 2015 16:03:18 +0000 (16:03 +0000)]
Move SSL3_BUFFER set up and release code into ssl3_buffer.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Sun, 1 Feb 2015 15:41:06 +0000 (15:41 +0000)]
Move s->s3->wrec to s>rlayer>wrec
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Sun, 1 Feb 2015 15:30:37 +0000 (15:30 +0000)]
Encapsulate s->s3->wrec
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 30 Jan 2015 23:27:17 +0000 (23:27 +0000)]
Move s->s3->rrec to s->rlayer->rrec
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 30 Jan 2015 17:29:41 +0000 (17:29 +0000)]
Encapsulate s->s3->rrec
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 30 Jan 2015 16:17:25 +0000 (16:17 +0000)]
Move s->s3->wbuf to s->rlayer->wbuf
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 30 Jan 2015 16:05:47 +0000 (16:05 +0000)]
Encapsulate access to s->s3->wbuf
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 30 Jan 2015 15:38:10 +0000 (15:38 +0000)]
Move s->s3->rrec into s->rlayer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 30 Jan 2015 14:57:54 +0000 (14:57 +0000)]
Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 30 Jan 2015 13:46:43 +0000 (13:46 +0000)]
Create a RECORD_LAYER structure and move read_ahead into it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 25 Mar 2015 22:21:39 +0000 (22:21 +0000)]
update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Wed, 25 Mar 2015 22:02:42 +0000 (22:02 +0000)]
Move more internal only functions to asn1_locl.h
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Wed, 25 Mar 2015 22:35:24 +0000 (18:35 -0400)]
free NULL cleanup.
This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Matt Caswell [Tue, 24 Mar 2015 15:10:15 +0000 (15:10 +0000)]
Resolve swallowed returns codes
The recent updates to libssl to enforce stricter return code checking, left
a small number of instances behind where return codes were being swallowed
(typically because the function they were being called from was declared as
void). This commit fixes those instances to handle the return codes more
appropriately.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 25 Mar 2015 15:44:45 +0000 (15:44 +0000)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 25 Mar 2015 15:42:56 +0000 (15:42 +0000)]
Move internal only ASN.1 functions to asn1_locl.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 25 Mar 2015 15:08:55 +0000 (15:08 +0000)]
Remove X509_ATTRIBUTE hack.
The X509_ATTRIBUTE structure includes a hack to tolerate malformed
attributes that encode as the type instead of SET OF type. This form
is never created by OpenSSL and shouldn't be needed any more.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Wed, 25 Mar 2015 15:31:18 +0000 (11:31 -0400)]
free NULL cleanup
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Mon, 16 Feb 2015 13:44:22 +0000 (13:44 +0000)]
Support key loading from certificate file
Support loading of key and certificate from the same file if
SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the
filename used for each certificate type and attempting to load a private
key from the file when SSL_CONF_CTX_finish is called.
Update docs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 25 Mar 2015 12:25:16 +0000 (12:25 +0000)]
make depend
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Mon, 16 Mar 2015 17:43:17 +0000 (17:43 +0000)]
make X509_NAME opaque
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 25 Feb 2015 11:30:43 +0000 (11:30 +0000)]
Fix bug in s_client. Previously default verify locations would only be loaded
if CAfile or CApath were also supplied and successfully loaded first.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 13:15:25 +0000 (13:15 +0000)]
Fix HMAC to pass invalid key len test
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 13:15:05 +0000 (13:15 +0000)]
Add HMAC test for invalid key len
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 11:39:52 +0000 (11:39 +0000)]
Ensure that both the MD and key have been initialised before attempting to
create an HMAC
Inspired by BoringSSL commit
2fe7f2d0d9a6fcc75b4e594eeec306cc55acd594
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 12:38:04 +0000 (12:38 +0000)]
Add more HMAC tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 5 Feb 2015 16:04:58 +0000 (16:04 +0000)]
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG was disabled in 0.9.8q and 1.0.0c.
This commit sets the value of SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG to
zero.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 26 Feb 2015 13:52:30 +0000 (13:52 +0000)]
Deprecate RAND_pseudo_bytes
The justification for RAND_pseudo_bytes is somewhat dubious, and the reality
is that it is frequently being misused. RAND_bytes and RAND_pseudo_bytes in
the default implementation both end up calling ssleay_rand_bytes. Both may
return -1 in an error condition. If there is insufficient entropy then
both will return 0, but RAND_bytes will additionally add an error to the
error queue. They both return 1 on success.
Therefore the fundamental difference between the two is that one will add an
error to the error queue with insufficient entory whilst the other will not.
Frequently there are constructions of this form:
if(RAND_pseudo_bytes(...) <= 1)
goto err;
In the above form insufficient entropy is treated as an error anyway, so
RAND_bytes is probably the better form to use.
This form is also seen:
if(!RAND_pseudo_bytes(...))
goto err;
This is technically not correct at all since a -1 return value is
incorrectly handled - but this form will also treat insufficient entropy as
an error.
Within libssl it is required that you have correctly seeded your entropy
pool and so there seems little benefit in using RAND_pseudo_bytes.
Similarly in libcrypto many operations also require a correctly seeded
entropy pool and so in most interesting cases you would be better off
using RAND_bytes anyway. There is a significant risk of RAND_pseudo_bytes
being incorrectly used in scenarios where security can be compromised by
insufficient entropy.
If you are not using the default implementation, then most engines use the
same function to implement RAND_bytes and RAND_pseudo_bytes in any case.
Given its misuse, limited benefit, and potential to compromise security,
RAND_pseudo_bytes has been deprecated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 26 Feb 2015 11:57:37 +0000 (11:57 +0000)]
RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 13 Mar 2015 16:48:01 +0000 (16:48 +0000)]
Fix return checks in GOST engine
Filled in lots of return value checks that were missing the GOST engine, and
added appropriate error handling.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 13 Mar 2015 15:04:54 +0000 (15:04 +0000)]
Fix misc NULL derefs in sureware engine
Fix miscellaneous NULL pointer derefs in the sureware engine.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 5 Feb 2015 13:59:16 +0000 (13:59 +0000)]
Add ticket length before buffering DTLS message
In ssl3_send_new_session_ticket the message to be sent is constructed. We
skip adding the length of the session ticket initially, then call
ssl_set_handshake_header, and finally go back and add in the length of the
ticket. Unfortunately, in DTLS, ssl_set_handshake_header also has the side
effect of buffering the message for subsequent retransmission if required.
By adding the ticket length after the call to ssl_set_handshake_header the
message that is buffered is incomplete, causing an invalid message to be
sent on retransmission.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 5 Feb 2015 13:54:37 +0000 (13:54 +0000)]
Ensure last_write_sequence is saved in DTLS1.2
In DTLS, immediately prior to epoch change, the write_sequence is supposed
to be stored in s->d1->last_write_sequence. The write_sequence is then reset
back to
00000000. In the event of retransmits of records from the previous
epoch, the last_write_sequence is restored. This commit fixes a bug in
DTLS1.2 where the write_sequence was being reset before last_write_sequence
was saved, and therefore retransmits are sent with incorrect sequence
numbers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 24 Mar 2015 14:17:37 +0000 (10:17 -0400)]
free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Tue, 24 Mar 2015 18:58:51 +0000 (18:58 +0000)]
update ordinals
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Tue, 24 Mar 2015 14:11:29 +0000 (15:11 +0100)]
Update ordinals
Thanks to the change of mkdef.pl, a few more deprecated functions were
properly defined in util/libeay.num.
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Tue, 24 Mar 2015 14:02:51 +0000 (15:02 +0100)]
Teach mkdef.pl to handle multiline declarations.
For the moment, this is specially crafted for DECLARE_DEPRECATED because
that's where we found the problem, but it can easily be expanded to other
types of special delarations when needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Tue, 24 Mar 2015 16:21:21 +0000 (16:21 +0000)]
Fix verify algorithm.
Disable loop checking when we retry verification with an alternative path.
This fixes the case where an intermediate CA is explicitly trusted and part
of the untrusted certificate list. By disabling loop checking for this case
the untrusted CA can be replaced by the explicitly trusted case and
verification will succeed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sun, 15 Mar 2015 16:26:04 +0000 (16:26 +0000)]
make ASN1_OBJECT opaque
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 13 Mar 2015 14:16:32 +0000 (14:16 +0000)]
Configuration file examples.
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sun, 22 Mar 2015 17:34:56 +0000 (17:34 +0000)]
Make OCSP response verification more flexible.
If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.
PR#3668
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Tue, 24 Mar 2015 12:05:05 +0000 (12:05 +0000)]
make depend
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Mon, 23 Mar 2015 22:57:47 +0000 (22:57 +0000)]
Move some EVP internals to evp_int.h
Move EVP internals to evp_int.h, remove -Ievp hack from crypto/Makefile
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Mon, 23 Mar 2015 18:42:42 +0000 (18:42 +0000)]
Move some ASN.1 internals to asn1_int.h
Move ASN.1 internals used across multiple directories into new internal
header file asn1_int.h remove crypto/Makefile hack which allowed other
directories to include "asn1_locl.h"
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Tue, 24 Mar 2015 11:52:24 +0000 (07:52 -0400)]
free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.
Reviewed-by: Matt Caswell <matt@openssl.org>