openssl.git
4 years agoDocument -no_explicit
Dr. Stephen Henson [Tue, 24 Feb 2015 13:52:21 +0000 (13:52 +0000)]
Document -no_explicit

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b)

4 years agoFix null-pointer dereference
Edgar Pek [Sat, 21 Feb 2015 13:56:41 +0000 (14:56 +0100)]
Fix null-pointer dereference

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43)

4 years agoFix memory leak
Kurt Roeckx [Sat, 21 Feb 2015 13:51:50 +0000 (14:51 +0100)]
Fix memory leak

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit edac5dc220d494dff7ee259dfd84335ffa50e938)

4 years agoAvoid a double-free in an error path.
Doug Hogan [Thu, 8 Jan 2015 02:21:01 +0000 (18:21 -0800)]
Avoid a double-free in an error path.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 1549a265209d449b6aefd2b49d7d39f7fbe0689b)

4 years agoRestore -DTERMIO/-DTERMIOS on Windows platforms.
Richard Levitte [Sun, 22 Feb 2015 07:27:36 +0000 (08:27 +0100)]
Restore -DTERMIO/-DTERMIOS on Windows platforms.

The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically.  Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration.  The answer is to restore those macro definitions for
the affected configuration targets.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c)

Conflicts:
Configure

4 years agoAssume TERMIOS is default, remove TERMIO on all Linux.
Richard Levitte [Thu, 12 Feb 2015 10:41:48 +0000 (11:41 +0100)]
Assume TERMIOS is default, remove TERMIO on all Linux.

The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux.  For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.

crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 64e6bf64b36136d487e2fbf907f09612e69ae911)

Conflicts:
Configure
crypto/ui/ui_openssl.c

4 years agoRT3684: rand_egd needs stddef.h
Rich Salz [Thu, 12 Feb 2015 19:23:28 +0000 (14:23 -0500)]
RT3684: rand_egd needs stddef.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 872f91c4036e35d292d423e751741ba76f8c5594)

4 years agoRT3670: Check return from BUF_MEM_grow_clean
Graeme Perrow [Thu, 12 Feb 2015 18:00:42 +0000 (13:00 -0500)]
RT3670: Check return from BUF_MEM_grow_clean

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b0333e697c008d639c56f48e9148cb8cba957e32)

4 years agoMissing OPENSSL_free on error path.
Eric Dequin [Thu, 12 Feb 2015 15:44:30 +0000 (10:44 -0500)]
Missing OPENSSL_free on error path.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 1d2932de4cefcc200f175863a42c311916269981)

4 years agoBring objects.pl output even closer to new format.
Andy Polyakov [Mon, 9 Feb 2015 14:59:09 +0000 (15:59 +0100)]
Bring objects.pl output even closer to new format.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca)

4 years agoFix memory leak reporting.
Dr. Stephen Henson [Sun, 8 Feb 2015 13:14:05 +0000 (13:14 +0000)]
Fix memory leak reporting.

Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb)

4 years agoHarmonize objects.pl output with new format.
Andy Polyakov [Sat, 7 Feb 2015 09:15:32 +0000 (10:15 +0100)]
Harmonize objects.pl output with new format.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57)

4 years agoFix error handling in ssltest
Matt Caswell [Thu, 5 Feb 2015 10:19:55 +0000 (10:19 +0000)]
Fix error handling in ssltest

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67)

4 years agoFixed bad formatting in crypto/des/spr.h
Rich Salz [Thu, 5 Feb 2015 14:44:30 +0000 (09:44 -0500)]
Fixed bad formatting in crypto/des/spr.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b)

4 years agoMake objxref.pl output in correct format
Dr. Stephen Henson [Wed, 4 Feb 2015 03:31:34 +0000 (03:31 +0000)]
Make objxref.pl output in correct format

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434)

4 years agoCheck PKCS#8 pkey field is valid before cleansing.
Dr. Stephen Henson [Sun, 1 Feb 2015 13:06:32 +0000 (13:06 +0000)]
Check PKCS#8 pkey field is valid before cleansing.

PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770)

4 years agodso_vms needs to add the .EXE extension if there is none already
Richard Levitte [Fri, 30 Jan 2015 03:44:17 +0000 (04:44 +0100)]
dso_vms needs to add the .EXE extension if there is none already

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6)

4 years agoReplace exit() with error return.
Viktor Dkhovni [Fri, 23 Jan 2015 20:39:40 +0000 (15:39 -0500)]
Replace exit() with error return.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoRevert "Remove engine_rsax and its asm file."
Rich Salz [Tue, 27 Jan 2015 21:35:55 +0000 (16:35 -0500)]
Revert "Remove engine_rsax and its asm file."

This reverts commit 5226c62b7632dfaf38480919d406307318a7d145.

Reviewed-by: Andy Polyakov <appro@openssl.org>
4 years agoProvide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
Matt Caswell [Mon, 26 Jan 2015 23:28:31 +0000 (23:28 +0000)]
Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8507474564f3f743f5daa3468ca97a9b707b3583)

4 years agoRemove explicit setting of read_ahead for DTLS. It never makes sense not to
Matt Caswell [Mon, 26 Jan 2015 16:46:49 +0000 (16:46 +0000)]
Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe)

Conflicts:
apps/s_client.c
apps/s_server.c

4 years agoMake DTLS always act as if read_ahead is set. The actual value of read_ahead
Matt Caswell [Mon, 26 Jan 2015 16:47:36 +0000 (16:47 +0000)]
Make DTLS always act as if read_ahead is set. The actual value of read_ahead
is ignored for DTLS.

RT#3657

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)

4 years agoRemove engine_rsax and its asm file.
Rich Salz [Mon, 26 Jan 2015 15:59:14 +0000 (10:59 -0500)]
Remove engine_rsax and its asm file.

cherry-picked from db7cb7ab9a5968f32ddbe11c3fba71ccbf4ffa53
This wasn't cleanly cherry-picked, since the build
process changed a bit for 1.0.2.

Reviewed-by: Andy Polyakov <appro@openssl.org>
4 years agoMake OPENSSL_config truly ignore errors.
Rich Salz [Mon, 26 Jan 2015 02:15:57 +0000 (21:15 -0500)]
Make OPENSSL_config truly ignore errors.

Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860)

4 years agoFix segfault with empty fields as last in the config.
Kurt Roeckx [Sat, 24 Jan 2015 14:04:53 +0000 (15:04 +0100)]
Fix segfault with empty fields as last in the config.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoFix for reformat problems with e_padlock.c
Matt Caswell [Thu, 22 Jan 2015 11:44:18 +0000 (11:44 +0000)]
Fix for reformat problems with e_padlock.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0)

4 years agoFix formatting error in pem.h
Matt Caswell [Thu, 22 Jan 2015 10:42:48 +0000 (10:42 +0000)]
Fix formatting error in pem.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
Conflicts:
crypto/pem/pem.h

4 years agoUse inner algorithm when printing certificate.
Rob Stradling [Thu, 22 Jan 2015 12:18:30 +0000 (12:18 +0000)]
Use inner algorithm when printing certificate.

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 004efdbb41f731d36bf12d251909aaa08704a756)

4 years agoRe-align some comments after running the reformat script. OpenSSL_1_0_1-post-reformat
Matt Caswell [Mon, 5 Jan 2015 11:30:03 +0000 (11:30 +0000)]
Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 1.0.1 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoRerun util/openssl-format-source -v -c . OpenSSL_1_0_1-post-auto-reformat
Matt Caswell [Wed, 21 Jan 2015 23:56:21 +0000 (23:56 +0000)]
Rerun util/openssl-format-source -v -c .

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoRun util/openssl-format-source -v -c .
Matt Caswell [Wed, 21 Jan 2015 23:55:44 +0000 (23:55 +0000)]
Run util/openssl-format-source -v -c .

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoMore tweaks for comments due indent issues OpenSSL_1_0_1-pre-auto-reformat
Matt Caswell [Wed, 21 Jan 2015 23:54:59 +0000 (23:54 +0000)]
More tweaks for comments due indent issues

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoFix modes.h so that indent doesn't complain
Matt Caswell [Wed, 21 Jan 2015 22:38:06 +0000 (22:38 +0000)]
Fix modes.h so that indent doesn't complain

Conflicts:
crypto/modes/modes.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoBackport hw_ibmca.c from master due to failed merge
Matt Caswell [Wed, 21 Jan 2015 22:03:55 +0000 (22:03 +0000)]
Backport hw_ibmca.c from master due to failed merge

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoTweaks for comments due to indent's inability to handle them
Matt Caswell [Wed, 21 Jan 2015 21:22:49 +0000 (21:22 +0000)]
Tweaks for comments due to indent's inability to handle them

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoMove more comments that confuse indent
Matt Caswell [Wed, 21 Jan 2015 19:18:47 +0000 (19:18 +0000)]
Move more comments that confuse indent

Conflicts:
crypto/dsa/dsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl_locl.h

Conflicts:
crypto/bn/rsaz_exp.c
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoDelete trailing whitespace from output.
Dr. Stephen Henson [Wed, 21 Jan 2015 15:32:54 +0000 (15:32 +0000)]
Delete trailing whitespace from output.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoAdd -d debug option to save preprocessed files.
Dr. Stephen Henson [Tue, 20 Jan 2015 18:53:56 +0000 (18:53 +0000)]
Add -d debug option to save preprocessed files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoTest option -nc
Dr. Stephen Henson [Tue, 20 Jan 2015 18:49:04 +0000 (18:49 +0000)]
Test option -nc

Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoAdd ecp_nistz256.c to list of files skipped by openssl-format-source
Matt Caswell [Wed, 21 Jan 2015 16:37:58 +0000 (16:37 +0000)]
Add ecp_nistz256.c to list of files skipped by openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoManually reformat aes_x86core.c and add it to the list of files skipped by
Matt Caswell [Wed, 21 Jan 2015 16:34:27 +0000 (16:34 +0000)]
Manually reformat aes_x86core.c and add it to the list of files skipped by
openssl-format-source

Conflicts:
crypto/aes/aes_x86core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agocrypto/ofb128.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 15:51:06 +0000 (16:51 +0100)]
crypto/ofb128.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agomodes/ctr128.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 15:49:27 +0000 (16:49 +0100)]
modes/ctr128.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agomodes/cfb128.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 15:47:51 +0000 (16:47 +0100)]
modes/cfb128.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoFix indent comment corruption issue
Matt Caswell [Wed, 21 Jan 2015 16:12:59 +0000 (16:12 +0000)]
Fix indent comment corruption issue

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoAmend openssl-format-source so that it give more repeatable output
Matt Caswell [Wed, 21 Jan 2015 15:28:57 +0000 (15:28 +0000)]
Amend openssl-format-source so that it give more repeatable output

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agobn/bn_const.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 12:18:42 +0000 (13:18 +0100)]
bn/bn_const.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agobn/asm/x86_64-gcc.cL make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 10:54:03 +0000 (11:54 +0100)]
bn/asm/x86_64-gcc.cL make it indent-friendly.

Conflicts:
crypto/bn/asm/x86_64-gcc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agobn/bn_asm.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 10:50:56 +0000 (11:50 +0100)]
bn/bn_asm.c: make it indent-friendly.

Conflicts:
crypto/bn/bn_asm.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agobn/bn_exp.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 10:45:23 +0000 (11:45 +0100)]
bn/bn_exp.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoManually reformat aes_core.c
Matt Caswell [Wed, 21 Jan 2015 14:01:16 +0000 (14:01 +0000)]
Manually reformat aes_core.c
Add aes_core.c to the list of files not processed by openssl-format-source

Conflicts:
crypto/aes/aes_core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoAdd obj_dat.h to the list of files that will not be processed by
Matt Caswell [Wed, 21 Jan 2015 13:51:38 +0000 (13:51 +0000)]
Add obj_dat.h to the list of files that will not be processed by
openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoFix strange formatting by indent
Matt Caswell [Wed, 21 Jan 2015 12:19:08 +0000 (12:19 +0000)]
Fix strange formatting by indent

Conflicts:
crypto/hmac/hmac.h

Conflicts:
crypto/evp/e_aes_cbc_hmac_sha256.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agomodes/modes_lcl.h: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 10:11:32 +0000 (11:11 +0100)]
modes/modes_lcl.h: make it indent-friendly.

Conflicts:
crypto/modes/modes_lcl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoindent has problems with comments that are on the right hand side of a line.
Matt Caswell [Wed, 21 Jan 2015 11:09:58 +0000 (11:09 +0000)]
indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
crypto/bn/bn.h
crypto/ec/ec_lcl.h
crypto/rsa/rsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl.h
ssl/ssl3.h

Conflicts:
crypto/ec/ec_lcl.h
ssl/tls1.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agomodes/gcm128.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 09:25:54 +0000 (10:25 +0100)]
modes/gcm128.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agomodes/cts128.c: make it indent-friendly.
Andy Polyakov [Wed, 21 Jan 2015 08:11:28 +0000 (09:11 +0100)]
modes/cts128.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agocrypto/mem_dbg.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 22:45:19 +0000 (23:45 +0100)]
crypto/mem_dbg.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoMore indent fixes for STACK_OF
Matt Caswell [Wed, 21 Jan 2015 09:33:22 +0000 (09:33 +0000)]
More indent fixes for STACK_OF

Conflicts:
ssl/s3_lib.c

Conflicts:
apps/cms.c
crypto/x509/x509_lu.c
crypto/x509/x509_vfy.h
ssl/s3_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoFix indent issue with functions using STACK_OF
Matt Caswell [Tue, 20 Jan 2015 22:54:52 +0000 (22:54 +0000)]
Fix indent issue with functions using STACK_OF

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoFix indent issue with engine.h
Matt Caswell [Tue, 20 Jan 2015 22:17:03 +0000 (22:17 +0000)]
Fix indent issue with engine.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoFix logic to check for indent.pro
Matt Caswell [Tue, 20 Jan 2015 22:13:39 +0000 (22:13 +0000)]
Fix logic to check for indent.pro

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agocrypto/cryptlib.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 14:49:55 +0000 (15:49 +0100)]
crypto/cryptlib.c: make it indent-friendly.

Conflicts:
crypto/cryptlib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agobn/bntest.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 14:22:42 +0000 (15:22 +0100)]
bn/bntest.c: make it indent-friendly.

Conflicts:
crypto/bn/bntest.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agobn/bn_recp.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 14:12:07 +0000 (15:12 +0100)]
bn/bn_recp.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoengines/e_ubsec.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 13:57:46 +0000 (14:57 +0100)]
engines/e_ubsec.c: make it indent-friendly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoapps/speed.c: make it indent-friendly.
Andy Polyakov [Tue, 20 Jan 2015 13:15:44 +0000 (14:15 +0100)]
apps/speed.c: make it indent-friendly.

Conflicts:
apps/speed.c

Conflicts:
apps/speed.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoFix make errors
Matt Caswell [Wed, 14 Jan 2015 21:26:14 +0000 (21:26 +0000)]
Fix make errors

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoMake the script a little more location agnostic
Richard Levitte [Tue, 20 Jan 2015 15:18:23 +0000 (16:18 +0100)]
Make the script a little more location agnostic

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoProvide script for filtering data initialisers for structs/unions. indent just can...
Matt Caswell [Tue, 20 Jan 2015 12:37:42 +0000 (12:37 +0000)]
Provide script for filtering data initialisers for structs/unions. indent just can't handle it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoScript fixes.
Dr. Stephen Henson [Tue, 20 Jan 2015 14:12:10 +0000 (14:12 +0000)]
Script fixes.

Don't use double newline for headers.
Don't interpret ASN1_PCTX as start of an ASN.1 module.

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoRun expand before perl, to make sure things are properly aligned
Richard Levitte [Tue, 20 Jan 2015 14:17:02 +0000 (15:17 +0100)]
Run expand before perl, to make sure things are properly aligned

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoForce the use of our indent profile
Richard Levitte [Tue, 20 Jan 2015 14:14:24 +0000 (15:14 +0100)]
Force the use of our indent profile

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoProvide source reformating script. Requires GNU indent to be
Tim Hudson [Mon, 5 Jan 2015 10:17:50 +0000 (10:17 +0000)]
Provide source reformating script. Requires GNU indent to be
available.

Script written by Tim Hudson, with amendments by Steve Henson, Rich Salz and
Matt Caswell

Reviewed-by: Matt Caswell <matt@openssl.org>
4 years agoFix source where indent will not be able to cope
Matt Caswell [Mon, 19 Jan 2015 12:42:01 +0000 (12:42 +0000)]
Fix source where indent will not be able to cope

Conflicts:
apps/ciphers.c
ssl/s3_pkt.c

Conflicts:
crypto/ec/ec_curve.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoAdditional comment changes for reformat of 1.0.1
Matt Caswell [Fri, 16 Jan 2015 14:43:29 +0000 (14:43 +0000)]
Additional comment changes for reformat of 1.0.1

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoFurther comment changes for reformat
Matt Caswell [Fri, 16 Jan 2015 09:21:50 +0000 (09:21 +0000)]
Further comment changes for reformat

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agomark all block comments that need format preserving so that
Tim Hudson [Sun, 28 Dec 2014 02:48:40 +0000 (12:48 +1000)]
mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960)

Conflicts:
crypto/bn/bn_lcl.h
crypto/bn/bn_prime.c
crypto/engine/eng_all.c
crypto/rc4/rc4_utl.c
crypto/sha/sha.h
ssl/kssl.c
ssl/t1_lib.c

Conflicts:
crypto/rc4/rc4_enc.c
crypto/x509v3/v3_scts.c
crypto/x509v3/v3nametest.c
ssl/d1_both.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_locl.h
ssl/ssltest.c
ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
4 years agoPrepare for 1.0.1m-dev OpenSSL_1_0_1-pre-reformat
Matt Caswell [Thu, 15 Jan 2015 14:49:54 +0000 (14:49 +0000)]
Prepare for 1.0.1m-dev

Reviewed-by: Stephen Henson <steve@openssl.org>
4 years agoPrepare for 1.0.1l release OpenSSL_1_0_1l
Matt Caswell [Thu, 15 Jan 2015 14:45:15 +0000 (14:45 +0000)]
Prepare for 1.0.1l release

Reviewed-by: Stephen Henson <steve@openssl.org>
4 years agomake update
Matt Caswell [Thu, 15 Jan 2015 14:45:15 +0000 (14:45 +0000)]
make update

Reviewed-by: Stephen Henson <steve@openssl.org>
4 years agoUpdates to CHANGES and NEWS
Matt Caswell [Thu, 15 Jan 2015 13:04:01 +0000 (13:04 +0000)]
Updates to CHANGES and NEWS

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
4 years agoDefine CFLAGS as cflags on VMS as well
Richard Levitte [Tue, 13 Jan 2015 21:04:58 +0000 (22:04 +0100)]
Define CFLAGS as cflags on VMS as well

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 43257b9f51de749262258668c77c2f0f99d7a15b)

4 years agoMake output from openssl version -f consistent with previous versions
Matt Caswell [Tue, 13 Jan 2015 10:20:12 +0000 (10:20 +0000)]
Make output from openssl version -f consistent with previous versions

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 2d2671790ee12dedd92c97f35b6feb755b8d4374)

4 years agoFix warning where BIO_FLAGS_UPLINK was being redefined.
Matt Caswell [Sat, 10 Jan 2015 23:36:28 +0000 (23:36 +0000)]
Fix warning where BIO_FLAGS_UPLINK was being redefined.
This warning breaks the build in 1.0.0 and 0.9.8

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit b1ffc6ca1c387efad0772c16dfe426afef45dc4f)

4 years agoAvoid deprecation problems in Visual Studio 13
Matt Caswell [Fri, 9 Jan 2015 14:06:36 +0000 (14:06 +0000)]
Avoid deprecation problems in Visual Studio 13

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 86d21d0b9577322ac5da0114c5fac16eb49b4cef)

4 years agoRT3662: Allow leading . in nameConstraints
Dr. Stephen Henson [Tue, 6 Jan 2015 20:29:28 +0000 (15:29 -0500)]
RT3662: Allow leading . in nameConstraints

Change by SteveH from original by John Denker (in the RT)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1)

4 years agoFurther windows specific .gitignore entries
Matt Caswell [Fri, 9 Jan 2015 23:01:20 +0000 (23:01 +0000)]
Further windows specific .gitignore entries

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 41c9cfbc4ee7345547fb98cccb8511f082f0910b)

4 years agoUpdate .gitignore with windows files to be excluded from git
Matt Caswell [Fri, 9 Jan 2015 10:19:10 +0000 (10:19 +0000)]
Update .gitignore with windows files to be excluded from git

Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
.gitignore

(cherry picked from commit 04f670cf3d8f22e0d197a071d2db536fb7ebd9c7)

4 years agoFix build failure on Windows due to undefined cflags identifier
Matt Caswell [Thu, 8 Jan 2015 19:05:43 +0000 (19:05 +0000)]
Fix build failure on Windows due to undefined cflags identifier

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb)

4 years agoPrepare for 1.0.1l-dev
Matt Caswell [Thu, 8 Jan 2015 14:07:43 +0000 (14:07 +0000)]
Prepare for 1.0.1l-dev

Reviewed-by: Stephen Henson <steve@openssl.org>
4 years agoPrepare for 1.0.1k release OpenSSL_1_0_1k
Matt Caswell [Thu, 8 Jan 2015 14:03:40 +0000 (14:03 +0000)]
Prepare for 1.0.1k release

Reviewed-by: Stephen Henson <steve@openssl.org>
4 years agomake update
Matt Caswell [Thu, 8 Jan 2015 14:03:39 +0000 (14:03 +0000)]
make update

Reviewed-by: Stephen Henson <steve@openssl.org>
4 years agoCHANGES and NEWS updates for release
Matt Caswell [Thu, 8 Jan 2015 13:07:08 +0000 (13:07 +0000)]
CHANGES and NEWS updates for release

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Steve Henson <steve@openssl.org>
4 years agoA memory leak can occur in dtls1_buffer_record if either of the calls to
Matt Caswell [Wed, 7 Jan 2015 14:18:13 +0000 (14:18 +0000)]
A memory leak can occur in dtls1_buffer_record if either of the calls to
ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a
malloc failure, whilst the latter will fail if attempting to add a duplicate
record to the queue. This should never happen because duplicate records should
be detected and dropped before any attempt to add them to the queue.
Unfortunately records that arrive that are for the next epoch are not being
recorded correctly, and therefore replays are not being detected.
Additionally, these "should not happen" failures that can occur in
dtls1_buffer_record are not being treated as fatal and therefore an attacker
could exploit this by sending repeated replay records for the next epoch,
eventually causing a DoS through memory exhaustion.

Thanks to Chris Mueller for reporting this issue and providing initial
analysis and a patch. Further analysis and the final patch was performed by
Matt Caswell from the OpenSSL development team.

CVE-2015-0206

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
4 years agoUnauthenticated DH client certificate fix.
Dr. Stephen Henson [Thu, 23 Oct 2014 19:36:17 +0000 (20:36 +0100)]
Unauthenticated DH client certificate fix.

Fix to prevent use of DH client certificates without sending
certificate verify message.

If we've used a client certificate to generate the premaster secret
ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
never called.

We can only skip the certificate verify message in
ssl3_get_cert_verify if the client didn't send a certificate.

Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2015-0205
Reviewed-by: Matt Caswell <matt@openssl.org>
4 years agoFollow on from CVE-2014-3571. This fixes the code that was the original source
Matt Caswell [Sat, 3 Jan 2015 00:54:35 +0000 (00:54 +0000)]
Follow on from CVE-2014-3571. This fixes the code that was the original source
of the crash due to p being NULL. Steve's fix prevents this situation from
occuring - however this is by no means obvious by looking at the code for
dtls1_get_record. This fix just makes things look a bit more sane.

Reviewed-by: Dr Steve Henson <steve@openssl.org>
4 years agoFix crash in dtls1_get_record whilst in the listen state where you get two
Dr. Stephen Henson [Sat, 3 Jan 2015 00:45:13 +0000 (00:45 +0000)]
Fix crash in dtls1_get_record whilst in the listen state where you get two
separate reads performed - one for the header and one for the body of the
handshake record.

CVE-2014-3571

Reviewed-by: Matt Caswell <matt@openssl.org>
4 years agoFix for CVE-2014-3570.
Andy Polyakov [Mon, 5 Jan 2015 13:52:56 +0000 (14:52 +0100)]
Fix for CVE-2014-3570.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de)
(with 1.0.1-specific addendum)

4 years agofix error discrepancy
Dr. Stephen Henson [Wed, 7 Jan 2015 17:36:17 +0000 (17:36 +0000)]
fix error discrepancy

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4a4d4158572fd8b3dc641851b8378e791df7972d)