Matt Caswell
535bc8faf6
Remove pointless free, and use preferred way of calling d2i_* functions
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:24 +00:00
Matt Caswell
9e442d4850
Fix a failure to NULL a pointer freed on error.
...
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:07 +00:00
Matt Caswell
71ea6b4836
Import evp_test.c from BoringSSL. Unfortunately we already have a file
...
called evp_test.c, so I have called this one evp_extra_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:12:53 +00:00
Matt Caswell
15dba5be6a
Add flag to inhibit checking for alternate certificate chains. Setting this
...
behaviour will force behaviour as per previous versions of OpenSSL
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25 09:14:54 +00:00
Matt Caswell
da084a5ec6
In certain situations the server provided certificate chain may no longer be
...
valid. However the issuer of the leaf, or some intermediate cert is in fact
in the trust store.
When building a trust chain if the first attempt fails, then try to see if
alternate chains could be constructed that are trusted.
RT3637
RT3621
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25 09:14:13 +00:00
Andy Polyakov
775b669de3
Fix crash in SPARC T4 XTS.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-24 10:11:36 +01:00
Andy Polyakov
e620e5ae37
aes/asm/bsaes-armv7: fix kernel-side XTS and harmonize with Linux.
...
XTS bug spotted and fix suggested by Adrian Kotelba.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-24 10:08:57 +01:00
Andy Polyakov
2f8d82d641
perlasm/x86masm.pl: make it work.
...
Though this doesn't mean that masm becomes supported, the script is
still provided on don't-ask-in-case-of-doubt-use-nasm basis.
See RT#3650 for background.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22 19:23:25 +01:00
Andy Polyakov
3372c4fffa
sha/asm/sha1-586.pl: fix typo.
...
The typo doesn't affect supported configuration, only unsupported masm.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22 19:19:26 +01:00
Andy Polyakov
1526fea544
evp/evp_test.c: avoid crashes when referencing uninitialized pointers.
...
For some reason failure surfaced on ARM platforms.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22 19:13:35 +01:00
Kurt Roeckx
edac5dc220
Fix memory leak
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22 13:18:24 +01:00
Doug Hogan
1549a26520
Avoid a double-free in an error path.
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22 13:17:40 +01:00
Richard Levitte
64e6bf64b3
Assume TERMIOS is default, remove TERMIO on all Linux.
...
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux. For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.
crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-21 23:51:05 +01:00
Dr. Stephen Henson
86f300d385
Use named curve parameter encoding by default.
...
Many applications require named curve parameter encoding instead of explicit
parameter encoding (including the TLS library in OpenSSL itself). Set this
encoding by default instead of requiring an explicit call to set it.
Add OPENSSL_EC_EXPLICT_CURVE define.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-19 14:44:46 +00:00
Dr. Stephen Henson
f37879d077
More RSA tests.
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-14 18:44:49 +00:00
Dr. Stephen Henson
f9e3146392
remove unused method declaration
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 14:00:21 +00:00
Dr. Stephen Henson
e5bf3c923c
size_t for buffer functions.
...
Change BUF_MEM_grow and BUF_MEM_grow_clean to return size_t.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:50:36 +00:00
Dr. Stephen Henson
d5ec8efc70
Add leak detection, fix leaks.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
b9d4e97c87
Add EVP_PKEY test data.
...
Add some EVP_PKEY test data for sign and verify tests including
failure cases.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
5824cc2981
EVP_PKEY support for evp_test
...
Add two new keywords "PublicKey" and "PrivateKey". These will load a key
in PEM format from the lines immediately following the keyword and assign
it a name according to the value. These will be used later for public and
private key testing operations.
Add tests for Sign, Verify, VerifyRecover and Decrypt.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
16cb8eb013
Add CMAC test data.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
b8c792dc43
Add HMAC test data.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
83251f397b
MAC support for evp_test
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
eff1a4d24f
New macro to set mac key.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Dr. Stephen Henson
6906a7c1a3
Return error code is any tests fail.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13 13:28:50 +00:00
Rich Salz
c81f425eaa
RT937: Enable pilotAttributeType uniqueIdentifier
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12 14:38:31 -05:00
Andy Polyakov
2b8f33a574
evp/evp.h: add missing camellia-ctr declarations.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-12 19:26:37 +01:00
Graeme Perrow
b0333e697c
RT3670: Check return from BUF_MEM_grow_clean
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12 13:00:42 -05:00
Clang via Jeffrey Walton
5006c32253
RT3684: rand_egd needs stddef.h
...
And remove backup definition of offsetof.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12 12:50:09 -05:00
Andy Polyakov
7a6c9a2e96
Add ec/asm/ecp_nistz256-armv4.pl module.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-11 20:34:18 +01:00
Andy Polyakov
dda8199922
Add Camellia CTR mode.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-11 20:30:13 +01:00
Andy Polyakov
c79e17731f
Add more Camellia OIDs.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-11 20:28:47 +01:00
Andy Polyakov
5afc296aa6
ec/ecp_nistz256.c: fix compiler warnings.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 22:04:28 +01:00
Andy Polyakov
5029291722
ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build).
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 21:52:25 +01:00
Dr. Stephen Henson
b033e5d5ab
New evp_test updates.
...
Print usage message.
Print expected and got values if mismatch.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-10 16:18:05 +00:00
Dr. Stephen Henson
7303b472f1
Add new test file.
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-10 16:18:05 +00:00
Dr. Stephen Henson
307e3978b9
Initial version of new evp_test program.
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-10 16:18:05 +00:00
Emilia Kasper
0923e7df9e
Fix hostname validation in the command-line tool to honour negative return values.
...
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.
Also update X509_check_host docs to reflect reality.
Thanks to Sean Burford (Google) for reporting this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-10 15:35:20 +01:00
Matt Caswell
efb4597345
Remove some functions that are no longer used and break the build with:
...
./config --strict-warnings enable-deprecated
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 14:33:03 +00:00
Matt Caswell
00a5a74bbc
HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and source.
...
Mark them as such with OPENSSL_USE_DEPRECATED
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 14:32:56 +00:00
Andy Polyakov
aa9db2d292
Add ec/asm/ecp_nistz256-x86.pl module.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-09 23:19:16 +01:00
Dr. Stephen Henson
d6c5462ef8
Support for alternative KDFs.
...
Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-09 16:14:04 +00:00
Andy Polyakov
849037169d
Bring objects.pl output even closer to new format.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-09 15:59:09 +01:00
Andy Polyakov
c2cfc956e5
bn/bn_add.c: fix dead code elimination that went bad.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-09 15:54:58 +01:00
Dr. Stephen Henson
9c7a780bbe
Fix memory leak reporting.
...
Free up bio_err after memory leak data has been printed to it.
In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 12:53:36 +00:00
Dr. Stephen Henson
259c360d0b
Remove obsolete IMPLEMENT_ASN1_SET_OF
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-09 12:47:28 +00:00
Andy Polyakov
bdc985b133
evp/e_aes.c: fix pair of SPARC T4-specific problems:
...
- SIGSEGV/ILL in CCM (RT#3688);
- SIGBUS in OCB;
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 10:26:20 +01:00
Andy Polyakov
7ce3862319
Harmonize objects.pl output with new format.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 09:53:24 +01:00
Andy Polyakov
719122c759
des/asm/des_enc.m4: fix brown-bag typo in last commit.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 08:58:43 +01:00
Rich Salz
06cf881a3a
Final (for me, for now) dead code cleanup
...
This is a final pass looking for '#if 0'/'#if 1' controls and
removing the appropriate pieces.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-08 18:48:09 -05:00