summaryrefslogtreecommitdiffstats
path: root/include
AgeCommit message (Collapse)Author
2015-10-11embed support for ASN1_STRINGDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-11Embed various OCSP fields.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-09DTLS: remove unused cookie fieldEmilia Kasper
Note that this commit constifies a user callback parameter and therefore will break compilation for applications using this callback. But unless they are abusing write access to the buffer, the fix is trivial. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-09Initial commit for Certificate Transparency supportAdam Eijdenberg
Original authors: Rob Stradling <rob@comodo.com> Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Kasper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-08PACKET: simplify ServerKeyExchange parsingEmilia Kasper
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-08Fix no-ripemd on WindowsMatt Caswell
mkdef.pl was getting confused by: # ifdef OPENSSL_NO_RMD160 # error RIPEMD is disabled. # endif Changing RIPEMD to RMD160 solves it. Fix suggested by Steve Henson. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-06Address more Windows warnings illuminated by mingw.Andy Polyakov
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-05New cipher and cipher modes standardized in RussiaDmitry Belyavskiy
This change introduces short names and NIDs for Russian GOST ciphers according to GOST R 34.13-2015 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05ssl3_get_client_hello: rearrange logicEmilia Kasper
Move all packet parsing to the beginning of the method. This limits the SSLv2 compatibility soup to the parsing, and makes the rest of the processing uniform. This is also needed for simpler EMS support: EMS servers need to do an early scan for EMS to make resumption decisions. This'll be easier when the entire ClientHello is parsed in the beginning. As a side effect, 1) PACKETize ssl_get_prev_session and tls1_process_ticket; and 2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05Free up ASN.1 structures at top level only.Dr. Stephen Henson
When a decoding error in ASN.1 occurs only free up the partial structure at the top level. This simplifies embedded handling and fixes freeing up of structures when presented with malformed input. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-02Remove BIO_s_file_internal macro.Rich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-01Revert "Custom cipher constants"Matt Caswell
This reverts commit 3aabc1dd1c969e60bdea8f827d6645ff04c56b67. Reviewed-by: Stephen Henson <steve@openssl.org>
2015-10-01Custom cipher constantsDmitry Belyavskiy
Add some custom ctrls for Engine specific use. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-30Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2Matt Caswell
This patch updates the "DEFAULT" cipherstring to be "ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined internally by a flag on each ciphersuite indicating whether it should be excluded from DEFAULT or not. This gives us control at an individual ciphersuite level as to exactly what is in DEFAULT and what is not. Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT and hence removed from DEFAULT. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-30Make update / libeay.num fixRich Salz
Looks like someone forgot to do a "make update" since crypto/ts/Makefile keeps changing. So include that. Second is that the declare_dh_bn macro fools the libeay.num script. The declarations are only needed in one file (dh_rfc5114) so remove them from the header and put the "raw" declarations directly into that file. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-29Fix no-stdio buildDavid Woodhouse
Much related/similar work also done by Ivan Nestlerode <ivan.nestlerode@sonos.com> +Replace FILE BIO's with dummy ops that fail. +Include <stdio.h> for sscanf() even with no-stdio (since the declaration is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment variable, since it can be larger than a 'long'. And we don't rely on the availability of strtoull(). +Remove OPENSSL_stderr(); not used. +Make OPENSSL_showfatal() do nothing (currently without stdio there's nothing we can do). +Remove file-based functionality from ssl/. The function prototypes were already gone, but not the functions themselves. +Remove unviable conf functionality via SYS_UEFI +Add fallback definition of BUFSIZ. +Remove functions taking FILE * from header files. +Add missing DECLARE_PEM_write_fp_const +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out, so remove its prototype. +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid(). +Eliminate SRP_VBASE_init() and supporting functions. Users will need to build the verifier manually instead. +Eliminate compiler warning for unused do_pk8pkey_fp(). +Disable TEST_ENG_OPENSSL_PKEY. +Disable GOST engine as is uses [f]printf all over the place. +Eliminate compiler warning for unused send_fp_chars(). Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-29asn1t.h: silence -Wmissing-prototype in Windows builds.Andy Polyakov
On Windows OPENSSL_EXPORT_VAR_AS_FUNCTION is defined and in a sense this modification simply harmonizes it with "VAR_AS_VAR". Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-28RT3948: Some structs have confusing names.Nicholas Cooper
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-25Add ability to set default CA path and file locations individuallyMatt Caswell
Previously you could only set both the default path and file locations together. This adds the ability to set one without the other. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23DTLSv1_listen rewriteMatt Caswell
The existing implementation of DTLSv1_listen() is fundamentally flawed. This function is used in DTLS solutions to listen for new incoming connections from DTLS clients. A client will send an initial ClientHello. The server will respond with a HelloVerifyRequest containing a unique cookie. The client the responds with a second ClientHello - which this time contains the cookie. Once the cookie has been verified then DTLSv1_listen() returns to user code, which is typically expected to continue the handshake with a call to (for example) SSL_accept(). Whilst listening for incoming ClientHellos, the underlying BIO is usually in an unconnected state. Therefore ClientHellos can come in from *any* peer. The arrival of the first ClientHello without the cookie, and the second one with it, could be interspersed with other intervening messages from different clients. The whole purpose of this mechanism is as a defence against DoS attacks. The idea is to avoid allocating state on the server until the client has verified that it is capable of receiving messages at the address it claims to come from. However the existing DTLSv1_listen() implementation completely fails to do this. It attempts to super-impose itself on the standard state machine and reuses all of this code. However the standard state machine expects to operate in a stateful manner with a single client, and this can cause various problems. A second more minor issue is that the return codes from this function are quite confused, with no distinction made between fatal and non-fatal errors. Most user code treats all errors as non-fatal, and simply retries the call to DTLSv1_listen(). This commit completely rewrites the implementation of DTLSv1_listen() and provides a stand alone implementation that does not rely on the existing state machine. It also provides more consistent return codes. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23Add BIO_CTRL_DGRAM_SET_PEEK_MODEMatt Caswell
Add the ability to peek at a message from the DTLS read BIO. This is needed for the DTLSv1_listen rewrite. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-22New function X509_get0_subject_key_id()Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22Make X509 opaqueDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22BUF_strndup: tidyEmilia Kasper
Fix comment, add another overflow check, tidy style Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22Make BUF_strndup() read-safe on arbitrary inputsAlessandro Ghedini
BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading past the input if the input was not a C string. Make it explicitly part of BUF_strndup's contract to never read more than |siz| input bytes. This augments the standard strndup contract to be safer. The commit also adds a check for siz overflow and some brief documentation for BUF_strndup(). Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22New accessor X509_REQ_get_X509_PUBKEY()Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22Additional X509_CRL accessors.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22Add accessors for X509_REVOKED.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-22Add accessors for request and CRL signaturesDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-20Move EVP_PKEY_METHOD into private headers.Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-17Embed various signature algorithms.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16Embed X509_CINFDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16Change X509_VAL in X509 structure to embedded.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16New ASN.1 embed macro.Dr. Stephen Henson
New ASN.1 macro ASN1_EMBED. This is the same as ASN1_SIMPLE except the structure is not allocated: it is part of the parent. That is instead of FOO *x; it must be: FOO x; This reduces memory fragmentation and make it impossible to accidentally set a mandatory field to NULL. This currently only works for SEQUENCE and since it is equivalent to ASN1_SIMPLE it cannot be tagged, OPTIONAL, SET OF or SEQUENCE OF. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16Fix build on mingwAlessandro Ghedini
When OPENSSL_EXPORT_VAR_AS_FUNCTION is defined, the static_ASN1_ITEM_start macro doesn't exist so the build fails. This problem was introduced in commit df2ee0e. Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-12Constify ECDSA_METHOD_new.Dr. Stephen Henson
PR#3920. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11Enable -Wmissing-variable-declarations andBen Laurie
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require any code changes). Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-10EVP_PKEY_METHOD accessor functions.Dr. Stephen Henson
Functions to retrieve the function pointer of an existing method: this can be used to create a method which intercepts or modifies the behaviour of an existing method while retaining most of the existing behaviour. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-08RT3969: Add OPENSSL_SYS_UEFIDavid Woodhouse
This provides support for building in the EDK II reference implementation of UEFI. Most UEFI firmware in existence uses OpenSSL for implementing the core cryptographic functionality needed for Secure Boot. This has always previously been handled with external patches to OpenSSL but we are now making a concerted effort to eliminate those. In this mode, we don't actually use the OpenSSL makefiles; we process the MINFO file generated by 'make files' and incorporate it into the EDK2 build system. Since EDK II builds for various targets with varying word size and we need to have a single prepackaged configuration, we deliberately don't hard-code the setting of SIXTY_FOUR_BIT vs. THIRTY_TWO_BIT in opensslconf.h. We bypass that for OPENSSL_SYS_UEFI and allow EDK II itself to set those, depending on the architecture. For x86_64, EDK II sets SIXTY_FOUR_BIT and thus uses 'long long' for the 64-bit type, even when building with GCC where 'long' is also 64-bit. We do this because the Microsoft toolchain has 32-bit 'long'. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06Replace X509 macros with functionsDr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05Make TS structures opaque.Rich Salz
Most of the accessors existed and were already used so it was easy. TS_VERIFY_CTX didn't have accessors/settors so I added the simple and obvious ones, and changed the app to use them. Also, within crypto/ts, replaced the functions with direct access to the structure members since we generally aren't opaque within a directory. Also fix RT3901. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time checkDavid Woodhouse
In some environments, such as firmware, the current system time is entirely meaningless. Provide a clean mechanism to suppress the checks against it. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05make X509_REVOKED opaqueDr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-04RT3998: Allow scrypt to be disabledRich Salz
This does 64-bit division and multiplication, and on 32-bit platforms pulls in libgcc symbols (and MSVC does similar) which may not be available. Mostly done by David Woodhouse. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-09-03Revert "OPENSSL_NO_xxx cleanup: RFC3779"David Woodhouse
This reverts the non-cleanup parts of commit c73ad69017. We do actually have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI build, since we don't have a strspn() function in our runtime environment and we don't want the RFC3779 functionality anyway. In addition, it changes the default behaviour of the Configure script so that RFC3779 support isn't disabled by default. It was always disabled from when it was first added in 2006, right up until the point where OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the Configure script was left *trying* to disable it, but not actually working. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03RT3674: Make no-cms build work.David Bar
Also has changes from from David Woodhouse <David.Woodhouse@intel.com> and some tweaks from me. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03PBE lookup testDr. Stephen Henson
Add test to check PBE lookups: these can fail if the PBE table is not correctly orders. Add to "make test". Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-02Add and use OPENSSL_zallocRich Salz
There are many places (nearly 50) where we malloc and then memset. Add an OPENSSL_zalloc routine to encapsulate that. (Missed one conversion; thanks Richard) Also fixes GH328 Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-02make X509_CRL opaqueDr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-02delete unused structureDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>