EVP_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
BIO_sock_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CRYPTO_cleanup_all_ex_data() should not be called expicitly - we should
leave auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
COMP_zlib_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
When a file is opened with BIO_new_file(), make sure that the internal
mode TEXT vs BINARY setting reflects what's given in the mode string.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Code without PEDANTIC has intentional "undefined" behaviour. To get best
coverage for both PEDANTIC and non-PEDANTIC codepaths, run the sanitizer
builds in two different configurations:
1) Without PEDANTIC but with alignment checks disabled.
2) With PEDANTIC.
To not overload Travis too much, run one build with clang and the other
with gcc (chosen at random).
Also remove a micro-optimization in CAST code to be able to
-fsanitize=shift. Whether shift sanitization is meaningful for crypto or
an obstacle is debatable but since this appears to be the only offender,
we might as well keep the check for now.
Reviewed-by: Richard Levitte <levitte@openssl.org>
A number of new functions have been added following the DH and DH_METHOD
opacity commits. This commit provides documentation for those functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Move the dh_method structure into an internal header file and provide
relevant accessors for the internal fields.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Move the dh_st structure into an internal header file and provide
relevant accessors for the internal fields.
Reviewed-by: Richard Levitte <levitte@openssl.org>
As it turns out branch hints grew as kind of a misconception. In
addition their interpretation by GNU assembler is affected by
assembler flags and can end up with opposite meaning on different
processors. As we have to loose quite a lot on misinterprerations,
especially on newer processors, we just omit them altogether.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Since NDEBUG is defined unconditionally on command line for release
builds, we can omit *_DEBUG options in favour of effective "all-on"
in debug builds exercised though CI.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates. Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing
when the chain is fails verification.
Move and consolidate CT callbacks from libcrypto to libssl. We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.
Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information. When printing SCTs, print the
validation status if set and not valid.
Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Move rsa_meth_st away from public headers.
Add RSA_METHOD creator/destructor functions.
Add RSA_METHOD accessor/writer functions.
Adapt all other source to use the creator, destructor, accessors and writers.
Reviewed-by: Matt Caswell <matt@openssl.org>
Move rsa_st away from public headers.
Add accessor/writer functions for the public RSA data.
Adapt all other source to use the accessors and writers.
Reviewed-by: Matt Caswell <matt@openssl.org>
When config'd with "no-async" the ASYNC_NULL implementation is used, so
async symbols still exist. We should still init the NULL implementation so
that when we get the async ctx it is NULL rather than undefined.
Reviewed-by: Rich Salz <rsalz@openssl.org>
It was harmless in this case, but best avoid the annoying warnings.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level. For verification of SSL peers, this
is automatically set from the SSL security level. Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.
The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.
New verify(1) tests added to check enforcement of chain signature
and public key security levels. Also added new tests of enforcement
of the verify_depth limit.
Updated documentation.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Numerous fixups based on feedback of the DSA opacity changes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Currently on every BIO mem read operation the remaining data is reallocated.
This commit solves the issue.
BIO mem structure includes additional pointer to the read position.
On every read the pointer moves instead of reallocating the memory for the remaining data.
Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer.
Also the flag is added to rewind the read pointer without losing the data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
InitOnceExecuteOnce returns nonzero on success:
MSDN: "If the function succeeds, the return value is nonzero."
So return 1 if it is nonzero, 0 others.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Don't decode a public key in X509_PUBKEY_get0(): that is handled when
the key is parsed using x509_pubkey_decode() instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
This minimizes inter-block overhead. Performance gain naturally
varies from case to case, up to 10% was spotted so far. There is
one thing to recognize, given same circumstances gain would be
higher faster computational part is. Or in other words biggest
improvement coefficient would have been observed with assembly.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
CRYPTO_mem_leaks attempts to adjust the count of bytes leaks to not
include the BIO that is being used to print the results out. However this
does not work properly. In all internal cases we switch off recording
the memory allocation during creation of the BIO so it makes no difference.
In other cases if the BIO allocates any additional memory during
construction then the adjustment will be wrong anyway. It also skips over
the BIO memory during print_leak anyway, so the BIO memory is never
added into the total. In other words this was broken in lots of ways and
has been since it was first added.
The simplest solution is just to make it the documented behaviour that
you must turn off memory logging when creating the BIO, and remove all
the adjustment stuff completely. The adjustment code was only ever in
master and never made it to a release branch so there is no loss of
functionality.
This commit also fixes a compilation failure when using
enable-crypto-mdebug.
Reviewed-by: Rich Salz <rsalz@openssl.org>
On VMS, the C compiler can work with 32-bit and 64-bit pointers, and
the command line determines what the initial pointer size shall be.
However, there is some functionality that only works with 32-bit
pointers. In this case, it's gethostbyname(), getservbyname() and
accompanying structures, so we need to make sure that we define our
own pointers as 32-bit ones.
Furthermore, there seems to be a bug in VMS C netdb.h, where struct
addrinfo is always defined with 32-bit pointers no matter what, but
the functions handling it are adapted to the initial pointer size.
This leads to pointer size warnings when compiling with
/POINTER_SIZE=64. The workaround is to force struct addrinfo to be
the 64-bit variant if the initial pointer size is 64.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Cache the decoded public key when an X509_PUBKEY structure is initially
parsed so no locking is required. Ignore any decode errors.
When an application calls X509_PUBKEY_get0() subsequently it will either
get the cached key or the decode operation will be repeated which will
return an appropriate error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
