openssl.git
10 months agoFix some SSL_export_keying_material() issues
Matt Caswell [Tue, 4 Dec 2018 08:37:04 +0000 (08:37 +0000)]
Fix some SSL_export_keying_material() issues

Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label length
in TLSv1.3.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)

10 months agoRevert "Reduce stack usage in tls13_hkdf_expand"
Matt Caswell [Mon, 3 Dec 2018 18:14:57 +0000 (18:14 +0000)]
Revert "Reduce stack usage in tls13_hkdf_expand"

This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.

SSL_export_keying_material() may use longer label lengths.

Fixes #7712

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)

10 months agobn/bn_{div|shift}.c: introduce fixed-top interfaces.
Andy Polyakov [Fri, 23 Nov 2018 16:23:31 +0000 (17:23 +0100)]
bn/bn_{div|shift}.c: introduce fixed-top interfaces.

Fixed-top interfaces tolerate zero-padded inputs and facilitate
constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend,
but not divisor. It's argued that divisor's length is public even
when value is secret.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

10 months agobn/bn_div.c: make conditional addition unconditional
Andy Polyakov [Wed, 7 Nov 2018 21:18:33 +0000 (22:18 +0100)]
bn/bn_div.c: make conditional addition unconditional

and add template for constant-time bn_div_3_words.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

10 months agoConfigure: recognize div3w modules and add -DBN_DIV3W.
Andy Polyakov [Mon, 12 Nov 2018 14:13:48 +0000 (15:13 +0100)]
Configure: recognize div3w modules and add -DBN_DIV3W.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

10 months agoConfigurations/10-main.conf: remove MIPS bn_div_3_words.
Andy Polyakov [Mon, 12 Nov 2018 14:03:39 +0000 (15:03 +0100)]
Configurations/10-main.conf: remove MIPS bn_div_3_words.

It's being replaced with constant-time alternative.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

10 months agoIgnore an auto-generated documentation file
Matt Caswell [Mon, 3 Dec 2018 14:37:07 +0000 (14:37 +0000)]
Ignore an auto-generated documentation file

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7746)

10 months agoAdd an Ed25519 signature maleability test
Matt Caswell [Fri, 23 Nov 2018 14:24:17 +0000 (14:24 +0000)]
Add an Ed25519 signature maleability test

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7697)

10 months agoDisallow Ed25519 signature maleability
Matt Caswell [Fri, 23 Nov 2018 13:50:43 +0000 (13:50 +0000)]
Disallow Ed25519 signature maleability

Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.1.7

Fixes #7693

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7697)

10 months agoDocs: better deprecation text
Richard Levitte [Mon, 3 Dec 2018 09:59:11 +0000 (10:59 +0100)]
Docs: better deprecation text

Expand the text on deprecation to be more descriptive and to refer
back to openssl_user_macros(7).

Incidently, this required a small change in util/find-doc-nits, to
have it skip over any line that isn't part of a block (i.e. that
hasn't been indented with at least one space.  That makes it skip over
deprecation text.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7745)

10 months agoDocs fixup: some man3 pages had unindented code in SYNOPSIS
Richard Levitte [Mon, 3 Dec 2018 09:57:01 +0000 (10:57 +0100)]
Docs fixup: some man3 pages had unindented code in SYNOPSIS

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7744)

10 months agoutil/process_docs.pl: handle multiple source directories for .pod files
Richard Levitte [Sun, 2 Dec 2018 19:39:46 +0000 (20:39 +0100)]
util/process_docs.pl: handle multiple source directories for .pod files

From now on, the default is to look in both the source directory and
the build directory.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)

10 months agoDoc: add doc/man7/openssl_user_macros.pod.in
Richard Levitte [Sun, 2 Dec 2018 19:37:30 +0000 (20:37 +0100)]
Doc: add doc/man7/openssl_user_macros.pod.in

This manual is a start to describe macros that users can use to affect
what symbols are exported by the public header files.

Because the macro OPENSSL_API_COMPAT has a default that's affected by
configuration choices, we must make it a generated manual.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)

10 months agoFix usage of deprecated SSL_set_tmp_ecdh()
Antoine Salon [Sat, 1 Dec 2018 00:50:29 +0000 (16:50 -0800)]
Fix usage of deprecated SSL_set_tmp_ecdh()

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7738)

10 months agorsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.
Andy Polyakov [Fri, 14 Sep 2018 15:24:13 +0000 (17:24 +0200)]
rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.

Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
if nul delimiter is preceded by 8 consecutive 0x03 bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
10 months agorsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.
Andy Polyakov [Thu, 6 Sep 2018 19:54:23 +0000 (21:54 +0200)]
rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.

And make RSAErr call unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
10 months agorsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.
Andy Polyakov [Sat, 1 Sep 2018 10:00:33 +0000 (12:00 +0200)]
rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.

And make RSAErr call unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
10 months agorsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.
Andy Polyakov [Fri, 14 Sep 2018 10:17:43 +0000 (12:17 +0200)]
rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
10 months agoerr/err.c: add err_clear_last_constant_time.
Andy Polyakov [Sat, 1 Sep 2018 10:19:30 +0000 (12:19 +0200)]
err/err.c: add err_clear_last_constant_time.

Expected usage pattern is to unconditionally set error and then
wipe it if there was no actual error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
10 months agoDon't test the collected system errors when configured to not have them
Richard Levitte [Tue, 27 Nov 2018 07:51:44 +0000 (07:51 +0000)]
Don't test the collected system errors when configured to not have them

Config options 'no-err' and 'no-autoerrinit'

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7711)

10 months agoFix access zero memory if SSL_DEBUG is enabled
Paul Yang [Mon, 26 Nov 2018 08:57:55 +0000 (16:57 +0800)]
Fix access zero memory if SSL_DEBUG is enabled

If compile OpenSSL with SSL_DEBUG macro, some test cases will cause the
process crashed in the debug code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7707)

10 months agoVMS build: don't forget the generation marker when removing files
Richard Levitte [Sat, 24 Nov 2018 23:56:54 +0000 (00:56 +0100)]
VMS build: don't forget the generation marker when removing files

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7703)

10 months agoVMS build: in descrip.mms.tmpl's src2obj, do .S -> .asm too
Richard Levitte [Sat, 24 Nov 2018 23:52:24 +0000 (00:52 +0100)]
VMS build: in descrip.mms.tmpl's src2obj, do .S -> .asm too

We only convert lowercase .s to .asm, that turned out not to be sufficient.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7703)

10 months agoClean up BN_consttime_swap.
Billy Brumley [Mon, 12 Nov 2018 13:47:54 +0000 (15:47 +0200)]
Clean up BN_consttime_swap.

Updated "condition" logic lifted from Theo Buehler's LibreSSL commit https://github.com/libressl-portable/openbsd/commit/517358603b4be76d48a50007a0d414c2072697dd

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7619)

10 months agoAvoid test_errstr in a cross compiled configuration
Richard Levitte [Fri, 23 Nov 2018 17:53:32 +0000 (18:53 +0100)]
Avoid test_errstr in a cross compiled configuration

There's too high a chance that the openssl app and perl get different
messages for some error numbers.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7699)

10 months agoHave util/mktar.sh display the absolute path to the tarball
Richard Levitte [Sat, 24 Nov 2018 16:51:24 +0000 (17:51 +0100)]
Have util/mktar.sh display the absolute path to the tarball

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

10 months agoMake sure to run util/mktar.sh from the source directory
Richard Levitte [Sat, 24 Nov 2018 10:27:50 +0000 (11:27 +0100)]
Make sure to run util/mktar.sh from the source directory

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

10 months agoDon't export the submodules 'boringssl', 'krb5' and 'pyca-cryptography'
Richard Levitte [Fri, 23 Nov 2018 23:59:33 +0000 (00:59 +0100)]
Don't export the submodules 'boringssl', 'krb5' and 'pyca-cryptography'

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

10 months agoDon't export util/mktar.sh
Richard Levitte [Fri, 23 Nov 2018 13:43:16 +0000 (14:43 +0100)]
Don't export util/mktar.sh

When creating a tarball, it's pointless to include scripts that assume
a git workspace.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

10 months agoDocument the removed 'dist' target
Richard Levitte [Fri, 23 Nov 2018 13:40:39 +0000 (14:40 +0100)]
Document the removed 'dist' target

Also adds missing copyright boilerplate to util/mktar.sh

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

10 months agoVMS build: typo in build file template, generatesrc
Richard Levitte [Sat, 24 Nov 2018 16:39:56 +0000 (17:39 +0100)]
VMS build: typo in build file template, generatesrc

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7700)

10 months agoVMS config: Typo fix, as -> AS
Richard Levitte [Sat, 24 Nov 2018 10:37:10 +0000 (11:37 +0100)]
VMS config: Typo fix, as -> AS

This typo prevented ia64 assembler to be compiled on VMS

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7700)

10 months agoVMS: fix collected error strings
Richard Levitte [Sat, 24 Nov 2018 12:08:56 +0000 (13:08 +0100)]
VMS: fix collected error strings

It turns out that on VMS, strerror() returns messages with added
spaces at the end.

We wouldn't had noticed if it wasn't for perl trimming those spaces
off for its own sake and thereby having test/recipes/02-test_errstr.t
fail on VMS.

The safe fix is to do the same trimming ourselves.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7701)

10 months agoRemove all 'make dist' artifacts
Richard Levitte [Thu, 22 Nov 2018 20:29:02 +0000 (21:29 +0100)]
Remove all 'make dist' artifacts

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7692)

10 months agoChange tarball making procedure
Richard Levitte [Thu, 22 Nov 2018 20:17:47 +0000 (21:17 +0100)]
Change tarball making procedure

Since recently, OpenSSL tarballs are produced with 'make tar' rather
than 'make dist', as the latter has turned out to be more troublesome
than useful.

The next step to look at is why we would need to configure at all to
produce a Makefile just to produce a tarball.  After all, the tarball
should now only contain source files that are present even without
configuring.

Furthermore, the current method for producing tarballs is a bit
complex, and can be greatly simplified with the right tools.  Since we
have everything versioned with git, we might as well use the tool that
comes with it.

Added: util/mktar.sh, a simple script to produce OpenSSL tarballs.  It
takes the options --name to modify the prefix of the distribution, and
--tarfile tp modify the tarball file name specifically.

This also adds a few entries in .gitattributes to specify files that
should never end up in a distribution tarball.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7692)

10 months agoAdd an error message test recipes for system error messages
Richard Levitte [Thu, 22 Nov 2018 09:52:51 +0000 (10:52 +0100)]
Add an error message test recipes for system error messages

This ensures we collected them properly and and as completely as can
be tested safely.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7681)

10 months agoSmarter build of system error text database
Richard Levitte [Wed, 21 Nov 2018 17:25:53 +0000 (18:25 +0100)]
Smarter build of system error text database

We stored copies of the system error texts in a fixed line size array,
which is a huge waste.  Instead, use a static memory pool and pack all
the string in there.  The wasted space at the end, if any, gives us
some leeway for longer strings than we have measured so far.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7681)

10 months agoopenssl s_server: don't use sendto() with connected UDP socket
Matthew Hodgson [Wed, 21 Nov 2018 02:00:52 +0000 (02:00 +0000)]
openssl s_server: don't use sendto() with connected UDP socket

Fixes #7675

On macOS, if you call `connect()` on a UDP socket you cannot then
call `sendto()` with a destination, otherwise it fails with Err#56
('socket is already connected').

By calling `BIO_ctrl_set_connected()` on the wbio we can tell it
that the socket has been connected and make it call `send()` rather
than `sendto()`.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7676)

10 months agorsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.
Andy Polyakov [Wed, 7 Nov 2018 21:07:22 +0000 (22:07 +0100)]
rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.

Blinding is performed more efficiently and securely if MONT_CTX for public
modulus is available by the time blinding parameter are instantiated. So
make sure it's the case.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7586)

10 months agoTravis CI: Use flake8 to find Python syntax errors or undefined names
cclauss [Tue, 16 Oct 2018 05:18:00 +0000 (07:18 +0200)]
Travis CI: Use flake8 to find Python syntax errors or undefined names

CLA: trivial

In Travis CI, add a Python linting step that runs flake8 tests in Travis CI
to find syntax errors and undefined names. (http://flake8.pycqa.org)

__E901,E999,F821,F822,F823__ are the "_showstopper_" flake8 issues that can halt
the runtime with a SyntaxError, NameError, etc. Most other flake8 issues are
merely "style violations" -- useful for readability but they do not effect
runtime safety.

* F821: undefined name `name`
* F822: undefined name `name` in `__all__`
* F823: local variable name referenced before assignment
* E901: SyntaxError or IndentationError
* E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7410)

10 months agoUpdate copyright year
Matt Caswell [Tue, 20 Nov 2018 13:13:00 +0000 (13:13 +0000)]
Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7668)

10 months agoUpdate CHANGES and NEWS for new release
Matt Caswell [Tue, 20 Nov 2018 10:52:53 +0000 (10:52 +0000)]
Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7663)

10 months agoUnix build: for mingw and cygwin, create the right location for DLLs
Richard Levitte [Mon, 19 Nov 2018 09:21:49 +0000 (10:21 +0100)]
Unix build: for mingw and cygwin, create the right location for DLLs

Mingw and Cygwin builds install the DLLs in the application directory,
not the library directory, so ensure that one is created for them when
installing the DLLs.

Fixes #7653

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7654)

10 months agoAdd documentation for -pkeyopt_passin
Johannes Bauer [Tue, 20 Mar 2018 19:06:13 +0000 (20:06 +0100)]
Add documentation for -pkeyopt_passin

Add documentation to new parameter and two examples showcasing scrypt
KDF.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5697)

10 months agoAdd option to read pkeyopts interactively
Johannes Bauer [Tue, 1 Aug 2017 17:38:32 +0000 (19:38 +0200)]
Add option to read pkeyopts interactively

This patch adds the ability to interactively enter passphrases for
the pkeyutl application. For example, you could use

$ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5
  -pkeyopt_passin secret -pkeyopt_passin seed

To have the "secret" and "seed" values read interactively from keyboard
(with hidden input). Alternatively, the pass phrase argument syntax is
also supported, e.g.:

$ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5
  -pkeyopt_passin secret:stdin -pkeyopt_passin seed:env:SEEDVAR

To have "secret" read from stdin and "seed" from the environment
variable SEEDVAR.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5697)

11 months agosha/asm/sha512p8-ppc.pl: optimize epilogue.
Andy Polyakov [Thu, 15 Nov 2018 14:47:46 +0000 (15:47 +0100)]
sha/asm/sha512p8-ppc.pl: optimize epilogue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7643)

11 months agosha/asm/sha512p8-ppc.pl: fix typo in prologue.
Andy Polyakov [Thu, 15 Nov 2018 14:42:02 +0000 (15:42 +0100)]
sha/asm/sha512p8-ppc.pl: fix typo in prologue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7643)

11 months agoConfiguration: only include shared_sources in dirinfo in shared config
Richard Levitte [Thu, 15 Nov 2018 20:37:55 +0000 (21:37 +0100)]
Configuration: only include shared_sources in dirinfo in shared config

Without this precaution, we end up having directory targets depend on
shlib object files for which there are no rules.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7644)

11 months agotest/siphash_internal_test.c: ensure the SIPHASH structure is zeroed
Richard Levitte [Thu, 15 Nov 2018 12:45:31 +0000 (13:45 +0100)]
test/siphash_internal_test.c: ensure the SIPHASH structure is zeroed

Fixes #7641

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7642)

11 months agoAdd a missing SSLfatal call
Matt Caswell [Thu, 8 Nov 2018 14:03:17 +0000 (14:03 +0000)]
Add a missing SSLfatal call

A missing SSLfatal call can result in an assertion failed error if the
condition gets triggered.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7594)

11 months agoDeprecate SSL_set_tmp_ecdh
Antoine Salon [Tue, 6 Nov 2018 21:26:49 +0000 (13:26 -0800)]
Deprecate SSL_set_tmp_ecdh

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

11 months agoMaking SRP_user_pwd functions public
Antoine Salon [Thu, 1 Nov 2018 22:41:16 +0000 (15:41 -0700)]
Making SRP_user_pwd functions public

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

11 months agoAdded SRP_VBASE_add0_user()
Antoine Salon [Thu, 1 Nov 2018 18:56:55 +0000 (11:56 -0700)]
Added SRP_VBASE_add0_user()

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

11 months agoSRP module documentation
Antoine Salon [Thu, 25 Oct 2018 22:43:35 +0000 (15:43 -0700)]
SRP module documentation

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

11 months agoAdd SSL_CTX_set_tmp_ecdh.pod
Antoine Salon [Tue, 16 Oct 2018 23:40:01 +0000 (16:40 -0700)]
Add SSL_CTX_set_tmp_ecdh.pod

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

11 months agoSSL extra chain certificates doc
Antoine Salon [Tue, 16 Oct 2018 16:07:00 +0000 (09:07 -0700)]
SSL extra chain certificates doc

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

11 months agoFix no-ec and no-tls1_2
Matt Caswell [Mon, 12 Nov 2018 14:23:07 +0000 (14:23 +0000)]
Fix no-ec and no-tls1_2

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7620)

11 months agoFix typo in util/perl/OpenSSL/Test.pm
Richard Levitte [Tue, 13 Nov 2018 16:57:45 +0000 (17:57 +0100)]
Fix typo in util/perl/OpenSSL/Test.pm

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7633)

11 months agotest/recipes/90-test_shlibload.t needs $target{shared_extension}
Richard Levitte [Tue, 13 Nov 2018 17:28:41 +0000 (18:28 +0100)]
test/recipes/90-test_shlibload.t needs $target{shared_extension}

We therefore must add defaults.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)

11 months agoFix rpath-related Linux "test_shlibload" failure.
Richard Levitte [Mon, 12 Nov 2018 23:16:55 +0000 (00:16 +0100)]
Fix rpath-related Linux "test_shlibload" failure.

When libssl and libcrypto are compiled on Linux with "-rpath", but
not "--enable-new-dtags", the RPATH takes precedence over
LD_LIBRARY_PATH, and we end up running with the wrong libraries.
This is resolved by using full (or at least relative, rather than
just the filename to be found on LD_LIBRARY_PATH) paths to the
shared objects.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)

11 months agoKMAC implementation using EVP_MAC
Shane Lontis [Fri, 9 Nov 2018 04:00:05 +0000 (14:00 +1000)]
KMAC implementation using EVP_MAC

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7597)

11 months agoRemove markdown links from HTML comments in issue templates
Richard Levitte [Tue, 13 Nov 2018 16:01:41 +0000 (17:01 +0100)]
Remove markdown links from HTML comments in issue templates

HTML comments aren't rendered, so markdown link syntax is irrelevant
inside them, and more confusing than useful.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7632)

11 months agoAdd issue templates and a user support page
Richard Levitte [Mon, 12 Nov 2018 13:17:24 +0000 (14:17 +0100)]
Add issue templates and a user support page

This will hopefully help directing our users to better user support
resources as well as give some relevant advice in issue templates.

https://help.github.com/articles/setting-up-your-project-for-healthy-contributions/

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7623)

11 months agoAdded missing signature algorithm reflection functions
Viktor Dukhovni [Sat, 10 Nov 2018 06:53:56 +0000 (01:53 -0500)]
Added missing signature algorithm reflection functions

    SSL_get_signature_nid()      -- local signature algorithm
    SSL_get_signature_type_nid() -- local signature algorithm key type
    SSL_get_peer_tmp_key()       -- Peer key-exchange public key
    SSL_get_tmp_key              -- local key exchange public key

Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key().  Changed internal
calls to use the new name.

Reviewed-by: Matt Caswell <matt@openssl.org>
11 months agoMerge the CA list documentation for clarity
Matt Caswell [Thu, 1 Nov 2018 11:53:49 +0000 (11:53 +0000)]
Merge the CA list documentation for clarity

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)

11 months agoAdd a test for SSL_CTX_set0_CA_list()/SSL_CTX_set_client_CA_list()
Matt Caswell [Fri, 26 Oct 2018 17:23:48 +0000 (18:23 +0100)]
Add a test for SSL_CTX_set0_CA_list()/SSL_CTX_set_client_CA_list()

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)

11 months agoSeparate ca_names handling for client and server
Matt Caswell [Fri, 26 Oct 2018 10:43:19 +0000 (11:43 +0100)]
Separate ca_names handling for client and server

SSL(_CTX)?_set_client_CA_list() was a server side only function in 1.1.0.
If it was called on the client side then it was ignored. In 1.1.1 it now
makes sense to have a CA list defined for both client and server (the
client now sends it the the TLSv1.3 certificate_authorities extension).
Unfortunately some applications were using the same SSL_CTX for both
clients and servers and this resulted in some client ClientHellos being
excessively large due to the number of certificate authorities being sent.

This commit seperates out the CA list updated by
SSL(_CTX)?_set_client_CA_list() and the more generic
SSL(_CTX)?_set0_CA_list(). This means that SSL(_CTX)?_set_client_CA_list()
still has no effect on the client side. If both CA lists are set then
SSL(_CTX)?_set_client_CA_list() takes priority.

Fixes #7411

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)

11 months agoTest use of a brainpool ECDSA certificate
Matt Caswell [Wed, 24 Oct 2018 13:48:44 +0000 (14:48 +0100)]
Test use of a brainpool ECDSA certificate

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

11 months agoAdd some test brainpool certificates
Matt Caswell [Wed, 24 Oct 2018 11:15:56 +0000 (12:15 +0100)]
Add some test brainpool certificates

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

11 months agoDon't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
Matt Caswell [Fri, 19 Oct 2018 13:01:22 +0000 (14:01 +0100)]
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable

TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

11 months agoFix SipHash init order.
Richard Levitte [Sun, 11 Nov 2018 11:23:26 +0000 (12:23 +0100)]
Fix SipHash init order.

Setting the SipHash hash size and setting its key is done with two
independent functions...  and yet, the internals depend on both.

Unfortunately, the function to change the size wasn't adapted for the
possibility that the key was set first, with a different hash size.

This changes the hash setting function to fix the internal values
(which is easy, fortunately) according to the hash size.

evpmac.txt value for digestsize:8 is also corrected.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7613)

11 months agoSome deabbreviations
Dmitry Belyavskiy [Sun, 11 Nov 2018 21:56:05 +0000 (07:56 +1000)]
Some deabbreviations

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7614)

11 months agoUnbreak SECLEVEL 3 regression causing it to not accept any ciphers.
Tomas Mraz [Fri, 12 Oct 2018 15:24:14 +0000 (17:24 +0200)]
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #7391

11 months agoRecreate the OS390-Unix config target
Richard Levitte [Mon, 8 Jan 2018 12:29:45 +0000 (13:29 +0100)]
Recreate the OS390-Unix config target

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5035)

11 months agoCheck return value of EVP_PKEY_new
Mansour Ahmadi [Wed, 17 Oct 2018 22:13:57 +0000 (18:13 -0400)]
Check return value of EVP_PKEY_new

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7427)

11 months ago[crypto/bn] swap BN_FLG_FIXED_TOP too
Billy Brumley [Fri, 9 Nov 2018 07:25:43 +0000 (09:25 +0200)]
[crypto/bn] swap BN_FLG_FIXED_TOP too

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7599)

11 months agoAdd EVP_PKEY_supports_digest_nid()
David Woodhouse [Mon, 22 Oct 2018 17:49:54 +0000 (18:49 +0100)]
Add EVP_PKEY_supports_digest_nid()

Rather than relying only on mandatory default digests, add a way for
the EVP_PKEY to individually report whether each digest algorithm is
supported.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)

11 months agoHonour mandatory digest on private key in has_usable_cert()
David Woodhouse [Tue, 16 Oct 2018 14:59:46 +0000 (07:59 -0700)]
Honour mandatory digest on private key in has_usable_cert()

If the private key says it can only support one specific digest, then
don't ask it to perform a different one.

Fixes: #7348

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)

11 months agoStop marking default digest for EC keys as mandatory
David Woodhouse [Tue, 16 Oct 2018 14:41:17 +0000 (07:41 -0700)]
Stop marking default digest for EC keys as mandatory

ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory
digest algorithm, when the key can't support any others. That isn't true
here, so return 1 instead.

Partially fixes #7348

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)

11 months agoFix issues with do_rand_init/rand_cleanup_int
Bernd Edlinger [Wed, 7 Nov 2018 20:53:30 +0000 (21:53 +0100)]
Fix issues with do_rand_init/rand_cleanup_int

Fixes #7022

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7588)

11 months agoVMS build: colon after target must be separated with a space
Richard Levitte [Fri, 9 Nov 2018 11:23:53 +0000 (12:23 +0100)]
VMS build: colon after target must be separated with a space

... otherwise, it's taken to be part of a device name.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7602)

11 months agoHave install targets depend on more precise build targets
Richard Levitte [Wed, 7 Nov 2018 15:13:57 +0000 (16:13 +0100)]
Have install targets depend on more precise build targets

We only had the main 'install' target depend on 'all'.  This changes
the dependencies so targets like install_dev, install_runtime_libs,
install_engines and install_programs depend on build targets that are
correspond to them more specifically.  This increases the parallel
possibilities.

Fixes #7466

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)

11 months agoAllow parallel install
Richard Levitte [Thu, 25 Oct 2018 07:09:20 +0000 (09:09 +0200)]
Allow parallel install

When trying 'make -j{n} install', you may occasionally run into
trouble because to sub-targets (install_dev and install_runtime) try
to install the same shared libraries.  That makes parallel install
difficult.

This is solved by dividing install_runtime into two parts, one for
libraries and one for programs, and have install_dev depend on
install_runtime_libs instead of installing the shared runtime
libraries itself.

Fixes #7466

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)

11 months agoVMS build: don't add a comma before 'extradefines'
Richard Levitte [Thu, 8 Nov 2018 09:28:33 +0000 (10:28 +0100)]
VMS build: don't add a comma before 'extradefines'

The variable extradefines will have the starting comma, if needed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7591)

11 months agorand_unix.c: open random devices on first use only
Dr. Matthias St. Pierre [Thu, 18 Oct 2018 11:27:14 +0000 (13:27 +0200)]
rand_unix.c: open random devices on first use only

Commit c7504aeb640a (pr #6432) fixed a regression for applications in
chroot environments, which compensated the fact that the new OpenSSL CSPRNG
(based on the NIST DRBG) now reseeds periodically, which the previous
one didn't. Now the reseeding could fail in the chroot environment if the
DEVRANDOM devices were not present anymore and no other entropy source
(e.g. getrandom()) was available.

The solution was to keep the file handles for the DEVRANDOM devices open
by default. In fact, the fix did more than this, it opened the DEVRANDOM
devices early and unconditionally in rand_pool_init(), which had the
unwanted side effect that the devices were opened (and kept open) even
in cases when they were not used at all, for example when the getrandom()
system call was available. Due  to a bug (issue #7419) this even happened
when the feature was disabled by the application.

This commit removes the unconditional opening of all DEVRANDOM devices.
They will now only be opened (and kept open) on first use. In particular,
if getrandom() is available, the handles will not be opened unnecessarily.

This change does not introduce a regression for applications compiled for
libcrypto 1.1.0, because the SSLEAY RNG also seeds on first use. So in the
above constellation the CSPRNG will only be properly seeded if it is happens
before the forking and chrooting.

Fixes #7419

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7437)

11 months agoTest: enable internal tests for shared Windows builds
Dr. Matthias St. Pierre [Thu, 25 Oct 2018 23:13:19 +0000 (01:13 +0200)]
Test: enable internal tests for shared Windows builds

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)

11 months agoTest: link drbgtest statically against libcrypto
Dr. Matthias St. Pierre [Mon, 22 Oct 2018 16:05:14 +0000 (18:05 +0200)]
Test: link drbgtest statically against libcrypto

and remove duplicate rand_drbg_seedlen() implementation again.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)

11 months agoGive a better error if an attempt is made to set a zero length groups list
Matt Caswell [Fri, 26 Oct 2018 14:29:15 +0000 (15:29 +0100)]
Give a better error if an attempt is made to set a zero length groups list

Previously we indicated this as a malloc failure which isn't very
helpful.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7479)

11 months agoIgnore disabled ciphers when deciding if we are using ECC
Matt Caswell [Wed, 24 Oct 2018 09:11:00 +0000 (10:11 +0100)]
Ignore disabled ciphers when deciding if we are using ECC

use_ecc() was always returning 1 because there are default (TLSv1.3)
ciphersuites that use ECC - even if those ciphersuites are disabled by
other options.

Fixes #7471

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7479)

11 months agoAdd missing RAND initialisation call.
Pauli [Wed, 7 Nov 2018 21:22:01 +0000 (07:22 +1000)]
Add missing RAND initialisation call.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7587)

11 months agoRename the rand_drbg_st data member "pool" to "seed_pool"
Bernd Edlinger [Mon, 5 Nov 2018 22:13:11 +0000 (23:13 +0100)]
Rename the rand_drbg_st data member "pool" to "seed_pool"

... to make the intended use more clear and differentiate
it from the data member "adin_pool".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7575)

11 months agoutil/add-depends.pl: go through shared_sources too
Richard Levitte [Thu, 1 Nov 2018 13:02:21 +0000 (14:02 +0100)]
util/add-depends.pl: go through shared_sources too

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7545)

11 months agoRemove outdated e_chil.txt file
Rich Salz [Tue, 23 Oct 2018 20:13:47 +0000 (16:13 -0400)]
Remove outdated e_chil.txt file

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7476)

11 months agoFix a race condition in drbgtest.c
Bernd Edlinger [Tue, 30 Oct 2018 21:21:34 +0000 (22:21 +0100)]
Fix a race condition in drbgtest.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7531)

11 months agoFix error handling in RAND_DRBG_uninstantiate
Bernd Edlinger [Fri, 2 Nov 2018 10:46:38 +0000 (11:46 +0100)]
Fix error handling in RAND_DRBG_uninstantiate

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)

11 months agoFix error handling in drbgtest.c
Bernd Edlinger [Tue, 30 Oct 2018 20:02:22 +0000 (21:02 +0100)]
Fix error handling in drbgtest.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)

11 months agoFix error handling in rand_drbg_new
Bernd Edlinger [Tue, 30 Oct 2018 19:57:53 +0000 (20:57 +0100)]
Fix error handling in rand_drbg_new

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)

11 months agoFix error handling in RAND_DRBG_set
Bernd Edlinger [Mon, 29 Oct 2018 12:48:53 +0000 (13:48 +0100)]
Fix error handling in RAND_DRBG_set

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)

11 months agoFix return formatting.
Pauli [Mon, 5 Nov 2018 21:06:25 +0000 (07:06 +1000)]
Fix return formatting.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7564)

11 months agoCleanse the key log buffer.
Pauli [Mon, 5 Nov 2018 01:04:23 +0000 (11:04 +1000)]
Cleanse the key log buffer.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7564)