aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Rearrange OBJ_create_objects()topic/fix-config-parse-oid_sectionKazuki Yamaguchi2017-06-211-31/+45
| | | | | | OBJ_create_objects() accepts incomplete definition line, ending up passing NULL as the short name or the long name to OBJ_create(). As OBJ_create() became strict in 1.1.0, this results in a crash.
* Fix parsing of oid_section in configKazuki Yamaguchi2017-06-211-21/+19
| | | | | | Parsing the 'sn = ln, 1.2.3' form would segfault. Do not rely on the previous behavior of OBJ_create(), which did not dereference the 'ln' argument immediately.
* Do not attempt session resumption on initial handshakeKazuki Yamaguchi2017-06-141-0/+2
| | | | | | | A condition was removed by commit 1053a6e2281d ("Implement Server side of PSK extension parsing", 2017-01-18); presumably it was by accident. Restore the previous behavior so that the get_session_cb won't be called with zero-length session ID.
* Fix possible crash in X931 code.Bernd Edlinger2017-06-142-2/+8
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3675)
* Fix another possible crash in rsa_ossl_mod_exp.Bernd Edlinger2017-06-141-0/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3675)
* Fix a possible crash in dsa_builtin_paramgen2.Bernd Edlinger2017-06-141-0/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3675)
* Fix crash in ecdh_simple_compute_key.Bernd Edlinger2017-06-141-0/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3671)
* Fix a possible crash in the error handling.Bernd Edlinger2017-06-131-0/+12
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3672)
* Update copyright on progs.hRich Salz2017-06-131-2/+2
| | | | | | | The generating script got updated, but the generated file did not. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3668)
* Fix a memleak in ec_copy_parameters.Bernd Edlinger2017-06-131-2/+6
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3666)
* perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions.Andy Polyakov2017-06-131-2/+28
| | | | | | [As well as few extra instructions from earlier spec.] Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make SNI behavior more clear in s_client doc & helpPaul Yang2017-06-132-6/+10
| | | | | | | | | Update s_client -help and pod file. Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3654)
* Rework writing crypto/err/openssl.txtRichard Levitte2017-06-131-6/+9
| | | | | | | | | | | | Reading the prologue of this file conserved the "# Function codes" line, and then duplicated it when rewriting this file, adding a new "# Function codes" line everytime there's an update. Better then to skip over all comment lines and have the prologue defined in mkerr.pl, just the same as we do with the other affected files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3664)
* Add -module option to util/mkerr.plRichard Levitte2017-06-121-0/+13
| | | | | | | | Sometimes, one might only want to rework a subset of all the internal error codes. -module allows the caller to specify exactly which library modules to rewrite. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3662)
* Clean up a bundle of codingstyle stuff in apps directoryPaul Yang2017-06-1245-704/+770
| | | | | | | | | Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
* Fix a memleak in tls13_generate_secret.Bernd Edlinger2017-06-121-1/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3660)
* Put message strings in state filesRich Salz2017-06-1216-2758/+2775
| | | | | | | | | | | | Add "*" as indicator meaning the function/reason is removed, so put an empty string in the function/reason string table; this preserves backward compatibility by keeping the #define's. In state files, trailing backslash means text is on the next line. Add copyright to state files Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3640)
* Fix memleak in EVP_DigestSignFinal/VerifyFinal.Bernd Edlinger2017-06-121-2/+10
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3658)
* Refactor functions in testdsa.hPaul Yang2017-06-122-84/+54
| | | | | | | | | To reduce duplicate code Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3656)
* Add sslapitest for SSL_early_get1_extensions_present()Benjamin Kaduk2017-06-121-0/+15
| | | | | | | Call it from the early callback used for testing these functions, and verify the expected contents of the ClientHello Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2976)
* Add SSL_early_get1_extensions_present()Benjamin Kaduk2017-06-126-3/+52
| | | | | | | | | | It is an API to be used from the early callback that indicates what extensions were present in the ClientHello, and in what order. This can be used to eliminate unneeded calls to SSL_early_get0_ext() (which itself scales linearly in the number of extensions supported by the library). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2976)
* TLS 1.3 client sigalgs test no longer needs TLS 1.2Benjamin Kaduk2017-06-121-8/+8
| | | | | | | | | | | | Per the TODO comment, we now have proper certificate selection for TLS 1.3 client certificates, so this test can move into its own block. (It cannot merge with the previous block, as it requires EC.) Verified that the test passes when configured with enable-tls1_3 no-tls1 no-tls1_1 no-tls1_2. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3131)
* drop some no-longer-relevant TODO(TLS1.3) entriesBenjamin Kaduk2017-06-122-5/+3
| | | | | | | | | | | | | | We prevent compression both when the server is parsing the ClientHello and when the client is constructing the ClientHello. A 1.3 ServerHello has no way to hand us back a compression method, and we already check that the server does not try to give us back a compression method that we did not request, so these checks seem sufficient. Weaken the INSTALL note slightly, as we do now expect to interoperate with other implementations. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3131)
* Remove leading space-before-tabRich Salz2017-06-111-1/+1
| | | | Reviewed-by: Kurt Roceckx <kurt@openssl.org>
* improve comment: use "optimization" for clarityJosh Soref2017-06-111-2/+2
| | | | | | | The previous word was a misspelling of nicety Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3464)
* Introduce ASN1_TIME_set_string_X509 APIRich Salz2017-06-1110-27/+308
| | | | | | | | | | | | | | | | | | | | Make funcs to deal with non-null-term'd string in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm(). Fixes issue #3444. This one is used to enforce strict format (RFC 5280) check and to convert GeneralizedTime to UTCTime. apps/ca has been changed to use the new API. Test cases and documentation are updated/added Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3566)
* doc/man3: use the documented coding style in the example codeBeat Bolli2017-06-112-0/+2
| | | | | | | | | | | | Adjust brace placement, whitespace after keywords, indentation and empty lines after variable declarations according to https://www.openssl.org/policies/codingstyle.html. Indent literal sections by exactly one space. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3580)
* Fix spelling errors in manpagesJosh Soref2017-06-1116-21/+22
| | | | | | | | | | | | | | | | | | | | | | | spelling: algorithm spelling: anyway spelling: assigned spelling: authenticated spelling: callback spelling: certificate spelling: compatibility spelling: configuration spelling: digest spelling: encrypted spelling: function spelling: output spelling: receive spelling: renegotiation spelling: signing spelling: similar spelling: string (Merged from https://github.com/openssl/openssl/pull/3580)Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3580)
* If-guard to avoid null ptr deref in statem_srvr.cRich Salz2017-06-111-1/+2
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> CLA: trivial (Merged from https://github.com/openssl/openssl/pull/3419)
* Remove needless type casting.Rich Salz2017-06-101-2/+2
| | | | | | | | CLA: trivial Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3627)
* Fix possible usage of NULL pointers in apps/spkac.cPaul Yang2017-06-101-8/+11
| | | | | | | | | | Check return value of NETSCAPE_SPKI_new() and NETSCAPE_SPKI_b64_encode(), and also clean up coding style incidentally. Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3647)
* Fix memory leaks in CTLOG_new_from_base64Benjamin Kaduk2017-06-092-13/+32
| | | | | | | | | | | | | | | Move the call to ct_base64_decode(), which allocates, until after the check for NULL output parameter. Also place a cap on the number of padding characters used to decrement the output length -- any more than two '='s is not permitted in a well-formed base64 text. Prior to this change, ct_base64_decode() would return a length of -1 along with allocated storage for an input of "====". Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3379)
* mark V_ASN1_PRIMATIVE_TAG as compatJosh Soref2017-06-091-1/+1
| | | | | | | | | | This incorrectly spelled item exists for compatibility purposes CLA: Trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3460)
* fix check of broken implementations of GOST ciphersuitesPichulin Dmitrii2017-06-091-36/+39
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3642)
* Fix speed command for alternation of ciphers and digests.Jonathan Protzenko2017-06-091-0/+1
| | | | | | | | CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3487)
* Add support for using engine-backed keys in spkacLuke Faraone2017-06-092-2/+14
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3599)
* Fix a bundle of trailing spaces in several filesPaul Yang2017-06-0917-21/+21
| | | | | | | | Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3622)
* List undocumented macrosRich Salz2017-06-081-0/+29
| | | | | | | | | The search is approximate; look only for those that look like functions. [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3641)
* Remove stale note from s_server.podBenjamin Kaduk2017-06-081-4/+0
| | | | | | Modern browsers are now, well, pretty modern. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3644)
* Ignore -named_curve auto value to improve backwards compatibilityTomas Mraz2017-06-082-0/+12
| | | | | | | Fixes #3490 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3518)
* Fix a read off the end of the input bufferRich Salz2017-06-081-2/+2
| | | | | | | | when building with OPENSSL_SMALL_FOOTPRINT defined. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3533)
* Use memset to clear SRP_CTX instead of NULL and zero assignmentsDiego Santa Cruz2017-06-081-59/+7
| | | | | | | | | | | | | | This uses memset() to clear all of the SRP_CTX when free'ing or initializing it as well as in error paths instead of having a series of NULL and zero assignments as it is safer. It also changes SSL_SRP_CTX_init() to reset all the SRP_CTX to zero in case or error, previously it could retain pointers to freed memory, potentially leading to a double free. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3467)
* Make SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login.Diego Santa Cruz2017-06-082-3/+21
| | | | | | | | | | Ownership and lifetime rules of SRP_CTX.info are confusing and different from those of SRP_CTX.login, making it difficult to use correctly. This makes the ownership and lifetime be the same as those of SRP_CTX.login, thet is a copy is made when setting it and is freed when SRP_CTX is freed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3467)
* Clean up s_server documentationMatt Caswell2017-06-081-299/+355
| | | | | | | | | List the options in the same order and in the same style as the output from "openssl s_server -help" Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3628)
* Remove doc of non-existent functionsRich Salz2017-06-0811-72/+332
| | | | | | | | | Fix test for "documenting private functions" And add -p flag to doc-nits recipe Mark when things were deprecated, if doc'd as such Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3624)
* sha/asm/keccak1600-armv4.pl: switch to more efficient bit interleaving ↵Andy Polyakov2017-06-081-119/+260
| | | | | | algorithm. Reviewed-by: Rich Salz <rsalz@openssl.org>
* sha/keccak1600.c: switch to more efficient bit interleaving algorithm.Andy Polyakov2017-06-081-43/+95
| | | | | | [Also bypass sizeof(void *) == 8 check on some platforms.] Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add back support for SHA224 based sig algsMatt Caswell2017-06-083-7/+30
| | | | | | | | | This used to work but was inadvertently removed as part of the TLSv1.3 work. This adds it back. Fixes #3633 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3639)
* Windows: rearrange programs cleanupRichard Levitte2017-06-081-2/+4
| | | | | | | | | The list of programs hit nmake's maximum line length, so we split up the line in smaller chunks. Fixes #3634 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3636)
* Fix possible memory over-read in apps/s_client.cRich Salz2017-06-081-0/+9
| | | | | | | | | | a buffer returned from BIO_gets is not checked for it's length before reading its contents. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3630)
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-01 14:44:08 +0000