FdaSilvaYY
7569362ebb
Constify ... X509|X509_CRL|X509_REVOKED|_get_ext*()
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
fdaf7beec5
Constify ...
...
X509_REVOKED_get0_extensions
X509_check_private_key
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
84de54b91e
Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
a6a283b394
Constify i2s_ASN1_INTEGER, X509V3_get_d2i
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
333ed02c8a
Constify input parameters of methods :
...
- X509_NAME_entry_count, X509_ATTRIBUTE_count
- X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
d3d5dc607a
Enforce and explicit some const casting
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
e83f154f6c
Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
dbf89a9b94
Constify ASN1_buf_print
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
08275a29c1
Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co...
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
0aa25a68c0
Constify SXNET_add_id_*
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
25d57dc71b
Constify EC_KEY_*_oct2priv() input buffer
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
c17dd597ac
Constify CMS_decrypt_set1_key input buffer
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
b4bb825fff
Constify engine/eng_cnf.c internal method.
...
simplify and reindent some related code.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
Jakub Zelenka
c1054bb4d2
Add EVP_ENCODE_CTX_copy
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1344 )
2016-07-24 19:23:00 +01:00
Richard Levitte
f46c2597ab
Properly initialise the internal proxy certificate path length cache
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-23 11:35:30 +02:00
Richard Levitte
9961cb7768
Make it possible for external code to flag a certificate as a proxy one.
...
This adds the function X509_set_proxy_flag(), which sets the internal flag
EXFLAG_PROXY on a given X509 structure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-23 11:35:23 +02:00
Dr. Stephen Henson
626aa24849
Use newest CRL.
...
If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.
RT#4615
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-22 16:13:56 +01:00
Dr. Stephen Henson
0ed26acce3
Fix OOB read in TS_OBJ_print_bio().
...
TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.
CVE-2016-2180
Thanks to Shi Lei for reporting this bug.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-22 15:15:17 +01:00
Kurt Roeckx
1618679ac4
Cast to an unsigned type before negating
...
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in type
'long'; cast to an unsigned type to negate this value to itself
Found using afl
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1325
2016-07-20 19:25:16 +02:00
Kurt Roeckx
69588edbaa
Check for errors allocating the error strings.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
Dr. Stephen Henson
8cc44d970c
Don't allocate r/s in DSA_SIG and ECDSA_SIG
...
To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().
RT#4590
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-20 14:02:54 +01:00
Dr. Stephen Henson
23dd0c9f8d
fix crypto-mdebug build
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-20 12:41:31 +01:00
FdaSilvaYY
e8aa8b6c8f
Fix a few if(, for(, while( inside code.
...
Fix some indentation at the same time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292 )
2016-07-20 07:21:53 -04:00
FdaSilvaYY
1c72f70df4
Use more X509_REQ_get0_pubkey & X509_get0_pubkey
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284 )
2016-07-20 01:35:38 -04:00
Todd Short
415e7c488e
OCSP_request_add0_id() inconsistent error return
...
There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed
This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289 )
2016-07-20 01:24:57 -04:00
Richard Levitte
963f043d04
make update
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-19 23:49:54 +02:00
Richard Levitte
c2e4e5d248
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
...
That way, we have a way to check if the init function was successful
or not.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-19 23:49:54 +02:00
Rich Salz
aebb9aac48
RT4593: Add space after comma (doc nits)
...
Update find-doc-nits to find errors in SYNOPSIS (the most common
place where they were missing).
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-19 09:29:53 -04:00
mrpre
02f730b347
Cleanup after sk_push fail
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1281 )
2016-07-19 07:27:47 -04:00
Dr. Stephen Henson
ad72d9fdf7
Check and print out boolean type properly.
...
If underlying type is boolean don't check field is NULL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 02:33:05 +01:00
Dr. Stephen Henson
3cea73a7fc
Fix print of ASN.1 BIGNUM type.
...
The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 17:53:05 +01:00
Matt Caswell
3c49b2e0cd
Fix mingw build
...
Mingw builds on Travis were failing because INT_MAX was undeclared.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 10:47:07 +01:00
Andy Polyakov
9515accaf9
aes/asm/aesfx-sparcv9.pl: switch to fshiftorx to improve single-block
...
and short-input performance.
[Fix bug in misaligned output handling.]
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-16 23:38:44 +02:00
Andy Polyakov
8604a6e0e5
SPARC assembly pack: enforce V8+ ABI constraints.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-16 23:37:37 +02:00
Andy Polyakov
365f95ad53
evp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 23:37:31 +02:00
Andy Polyakov
d41de45a33
aes/asm/aesfx-sparcv9.pl: add "teaser" CBC and CTR subroutines.
...
[Also optimize aligaddr usage in single-block subroutines.]
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 23:37:18 +02:00
Kurt Roeckx
5e3553c2de
Return error when trying to print invalid ASN1 integer
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1322
2016-07-16 21:51:49 +02:00
Andy Polyakov
1fa0e5f8f1
crypto/LPdir_win.c: rationalize temporary allocations.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-16 20:31:12 +02:00
Andy Polyakov
46ea8e610d
crypto/LPdir_win.c: harmonize with o_fopen.c.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-16 20:30:35 +02:00
Miroslav Franc
563c1ec618
fix memory leaks
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1313 )
2016-07-16 12:32:34 -04:00
Richard Levitte
28e90f69fb
Remove the silly CVS markers from LPdir_*.c
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 07:58:23 +02:00
Richard Levitte
42306f9a93
Add back lost copyright and license text in LPdir_win.c
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 07:58:23 +02:00
Richard Levitte
8918a954bf
Fix: dummy definition of rand_hw_seed() should also return int
...
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-15 18:00:02 +02:00
Richard Levitte
b8a7bd83e6
Fix ASN.1 private encode of EC_KEY to not change the input key
...
RT#4611
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-15 15:14:44 +02:00
Dr. Stephen Henson
d166ed8c11
check return values for EVP_Digest*() APIs
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-15 14:09:05 +01:00
Andy Polyakov
9c940446f6
crypto/x86[_64]cpuid.pl: add OPENSSL_ia32_rd[rand|seed]_bytes.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-15 13:20:52 +02:00
Dr. Stephen Henson
02fb7cfeb2
Add OCSP accessors.
...
RT#4605
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-13 14:41:58 +01:00
Viktor Dukhovni
5ae4ceb92c
Perform DANE-EE(3) name checks by default
...
In light of potential UKS (unknown key share) attacks on some
applications, primarily browsers, despite RFC761, name checks are
by default applied with DANE-EE(3) TLSA records. Applications for
which UKS is not a problem can optionally disable DANE-EE(3) name
checks via the new SSL_CTX_dane_set_flags() and friends.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-12 10:16:34 -04:00
Dr. Stephen Henson
5bd5dcd496
Add nameConstraints commonName checking.
...
New hostname checking function asn1_valid_host()
Check commonName entries against nameConstraints: any CN components in
EE certificate which look like hostnames are checked against
nameConstraints.
Note that RFC5280 et al only require checking subject alt name against
DNS name constraints.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-11 23:30:04 +01:00
Richard Levitte
a90f8d7641
VMS: Simplify the spec of the default certs & keys area.
...
We previously had a number of logical names for the different parts.
There's really no need for that, the default directories are in one
directory tree. So we only define OSSL$DATAROOT: and make everything
related to that one.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-10 06:40:47 +02:00