mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
17,162 Commits 34 Branches 385 Tags 448 MiB
3b92e51899
Commit Graph

8242 Commits

Author SHA1 Message Date
Nathaniel McCallum
3b92e51899 Teach EVP_PKEY_HMAC keys how to EVP_PKEY_cmp() 
Fixes openssl/openssl#1236

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1237)
 2016-06-24 12:31:31 -04:00
Kurt Roeckx
5bea15ebb3 Avoid signed overflow 
Found by afl

Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #3013
 2016-06-24 18:17:10 +02:00
Ben Laurie
24bf6f3c7f Deal with API changes. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-06-24 14:40:33 +01:00
Matt Caswell
0def528bc5 Ensure HMAC key gets cleansed after use 
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2016-06-24 13:25:00 +01:00
Matt Caswell
a6211814c4 Add a getter to obtain the HMAC_CTX md 
As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md.

GitHub Issue #1152

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-06-24 13:22:40 +01:00
Matt Caswell
d6079a87db Fix ASN1_STRING_to_UTF8 could not convert NumericString 
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte

Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-06-23 20:49:43 +01:00
huangqinjin
51a3b763c3 Make x25519_compute_key() return a boolean 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-06-23 17:13:23 +01:00
huangqinjin
65ea288d47 Make ossl_ecdh_compute_key() return a boolean 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-06-23 17:13:23 +01:00
Rich Salz
fe2d149119 RT2867: des_ede3_cfb1 ignored "size in bits" flag 
Code and tests by Steve.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-06-23 10:03:50 -04:00
FdaSilvaYY
3c82e437bb Add checks on sk_TYPE_push() returned result 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-06-23 14:03:29 +01:00
FdaSilvaYY
687b486859 Rework error handling from asn1_do_lock method. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-06-23 14:00:47 +01:00
Andy Polyakov
fc6076ca27 rand/randfile.c: make it non-ASCII-savvy. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-06-22 21:52:08 +02:00
Andy Polyakov
094878164d Move OS-specific fopen quirks to o_fopen.c. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-06-22 21:51:53 +02:00
Andy Polyakov
eeac54ef6d crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-06-22 20:20:37 +02:00
FdaSilvaYY
f430ba31ac Spelling... and more spelling 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1245)
 2016-06-22 00:26:10 +02:00
Kurt Roeckx
5388b8d4e8 Avoid creating an illegal pointer. 
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1230
 2016-06-21 20:55:54 +02:00
Kurt Roeckx
01238aec40 buf2hexstr: properly deal with empty string 
It wrote before the start of the string

found by afl

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #2994
 2016-06-21 20:55:54 +02:00
David Benjamin
abeae4d325 Make arm-xlate.pl set use strict. 
It was already nearly clean. Just one undeclared variable.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1240)
 2016-06-20 16:26:15 -04:00
Richard Levitte
d0ba7bc8a0 make update 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-06-20 21:34:37 +02:00
Richard Levitte
ed17c7c146 Fix proxy certificate pathlength verification 
While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-06-20 21:34:37 +02:00
Richard Levitte
c8223538cb Check that the subject name in a proxy cert complies to RFC 3820 
The subject name MUST be the same as the issuer name, with a single CN
entry added.

RT#1852

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-06-20 21:34:37 +02:00
Kurt Cancemi
5e6e650d62 Remove pointless free loop in X509_TRUST_cleanup() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1194)
 2016-06-20 09:58:58 -04:00
Kurt Cancemi
fa3a0286d1 Remove pointless free loop in X509_PURPOSE_cleanup() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1194)
 2016-06-20 09:58:58 -04:00
Kurt Cancemi
b88e95f3a0 crypto/evp/e_aes_cbc_hmac_sha256.c: Remove spurious memset 
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1231)
 2016-06-20 09:38:37 -04:00
Emilia Kasper
9267c11bb5 Make DSA_SIG and ECDSA_SIG getters const. 
Reorder arguments to follow convention.

Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0.

This complements GH1193 which adds non-const setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-06-20 14:58:36 +02:00
Andy Polyakov
b73cfb137e rand/randfile.c: remove obsolete commentary. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-06-20 13:28:13 +02:00
Andy Polyakov
4973a60cb9 aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-06-20 12:30:15 +02:00
Andy Polyakov
3d32bab8f1 aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure. 
RT#4578

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-06-20 12:29:47 +02:00
Richard Levitte
b8f304f70d Change default directory for the .rnd file on Windows and VMS 
The previous change for Windows wasn't quite right.  Corrected to use
%HOME%, %USERPROFILE% and %SYSTEMPROFILE%, in that order.

Also adding the default home for VMS, SYS$LOGIN:

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
 2016-06-20 11:06:40 +02:00
FdaSilvaYY
823146d65f Useless header include of openssl/rand.h 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
 2016-06-18 16:30:24 -04:00
FdaSilvaYY
93b8981d89 Useless includes 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
 2016-06-18 16:30:24 -04:00
FdaSilvaYY
5ab0b7e626 Missing NULL check on OBJ_dup result in x509_name_canon 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
 2016-06-18 16:30:24 -04:00
FdaSilvaYY
b1b1cba4e2 Fix an MSVC warning. 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
 2016-06-18 16:30:24 -04:00
Matt Caswell
ac94c8fdb9 Improve const correctness for stacks of EVP_MD 
EVP_MDs are always const, so stacks of them should be too. This silences
a warning about type punning on OpenBSD.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-06-18 15:34:03 +01:00
Matt Caswell
98370c2dd7 constify SRP 
Add const qualifiers to lots of SRP stuff. This started out as an effort
to silence some "type-punning" warnings on OpenBSD...but the fix was to
have proper const correctness in SRP.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-06-18 15:34:03 +01:00
Matt Caswell
7fb4b92c01 Avoid type punning warnings in b_addr.c 
RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-06-18 15:34:03 +01:00
Matt Caswell
13c03c8d6d Change default directory for storing the .rnd file on Windows 
Previously we would try %RANDFILE%, then %HOME% and finally "C:".
Unfortunately this often ends up being "C:" which the user may not
have write permission for.

Now we try %RANDFILE% first, and then the same set of environment vars
as GetTempFile() uses, i.e. %TMP%, then %TEMP%, %USERPROFILE% and
%SYSTEMROOT%. If all else fails we fall back to %HOME% and only then "C:".

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-06-17 17:26:18 +01:00
FdaSilvaYY
0ad69cd6c0 Spelling fixes 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1219)
 2016-06-16 15:08:57 -04:00
Rich Salz
7f96f15bcf Fix build break. 
Aggregate local initializers are rarely portable (:

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-06-16 14:22:58 -04:00
Nathaniel McCallum
ebad0b0beb Add EVP_PKEY_get0_hmac() function 
Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)
 2016-06-16 13:33:47 -04:00
Matt Caswell
b84e12266f Fix the build and tests following constification of DH, DSA, RSA 
Misc fixes following the constification of the DH, DSA and RSA
getters.

Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-06-16 13:34:44 +01:00
Matt Caswell
cf3404fcc7 Change the return type of EVP_EncodeUpdate 
Previously EVP_EncodeUpdate returned a void. However there are a couple
of error conditions that can occur. Therefore the return type has been
changed to an int, with 0 indicating error and 1 indicating success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-06-16 09:50:48 +01:00
Richard Levitte
2ac6115d9e Deal with the consequences of constifying getters 
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-06-15 20:09:27 +02:00
Richard Levitte
fd809cfdbd Constify the parameter getters for RSA, DSA and DH 
Including documentation changes

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-06-15 20:09:27 +02:00
FdaSilvaYY
c8f717fe87 Constify input buffers of some X509V3 and X509_PURPOSE -related methods 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
 2016-06-15 13:22:38 -04:00
FdaSilvaYY
82643254d6 Constify X509_TRUST_add method. 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
 2016-06-15 13:22:38 -04:00
FdaSilvaYY
bd227450d4 Constify asn1/asn_mime.c 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
 2016-06-15 13:22:38 -04:00
FdaSilvaYY
fa3a84422d Constify some input buffers in asn1 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
 2016-06-15 13:22:38 -04:00
FdaSilvaYY
dc423f898e Constify CMS_get0_type input 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
 2016-06-15 13:22:38 -04:00
FdaSilvaYY
472f727c55 Constify UI 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
 2016-06-15 13:22:38 -04:00