openssl.git
16 months agoRemove -Wmisleading-indentation from gcc devteam warning options
Bernd Edlinger [Fri, 30 Mar 2018 18:03:37 +0000 (20:03 +0200)]
Remove -Wmisleading-indentation from gcc devteam warning options
because this one is enabled by default anyways

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5817)

16 months agoFix a gcc-8 warning -Wcast-function-type
Bernd Edlinger [Fri, 30 Mar 2018 17:17:39 +0000 (19:17 +0200)]
Fix a gcc-8 warning -Wcast-function-type

Casting to the generic function type "void (*)(void)"
prevents the warning.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5816)

16 months agoRefuse to run test_cipherlist unless shared library matches build
Richard Levitte [Mon, 26 Mar 2018 09:00:05 +0000 (11:00 +0200)]
Refuse to run test_cipherlist unless shared library matches build

test/cipherlist_test.c is an internal consistency check, and therefore
requires that the shared library it runs against matches what it was
built for.  test/recipes/test_cipherlist.t is made to refuse running
unless library version and build version match.

This adds a helper program test/versions.c, that simply displays the
library and the build version.

Partially fixes #5751

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5753)

(cherry picked from commit cde87deafa7486f26bdf954867a6d72ca4ea06e7)

16 months agoFix a possible crash in BN_from_montgomery_word
Bernd Edlinger [Thu, 29 Mar 2018 09:27:29 +0000 (11:27 +0200)]
Fix a possible crash in BN_from_montgomery_word

Thanks to Darovskikh Andrei for for reporting this issue.

Fixes: #5785

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5793)

16 months agoRevert commit 4a56d9a2
Matt Caswell [Fri, 30 Mar 2018 13:35:52 +0000 (14:35 +0100)]
Revert commit 4a56d9a2

We have been unable to trace the contributor of that code to gain their
agreement for the licence change so the code has to be removed.

This commit reverts that contribution. The contribution had no functional
impact so the original way of doing things is still valid. However the
surrounding code has changed significantly so that the exact code as it
was orignally cannot be used. This commit uses the original code as a basis,
but rewrites it to use the PACKET API.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5808)

16 months agoGOST MAC algorithms don't support EVP_PKEY_new_raw_private_key()
Matt Caswell [Fri, 30 Mar 2018 13:33:55 +0000 (14:33 +0100)]
GOST MAC algorithms don't support EVP_PKEY_new_raw_private_key()

We should use the old EVP_PKEY_new_mac_key() instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5808)

16 months agoUpdate trace code to know about GOST ciphersuites
Matt Caswell [Fri, 30 Mar 2018 13:33:21 +0000 (14:33 +0100)]
Update trace code to know about GOST ciphersuites

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5808)

16 months agoRemove some code
Rich Salz [Fri, 30 Mar 2018 16:40:08 +0000 (12:40 -0400)]
Remove some code

This commit removes the contribution of a user that we cannot
trace to gain their consent for the licence change.

I also cleaned up the return/error-return flow a bit.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5811)

16 months agoAdd documentation for the RAND_DRBG API
Dr. Matthias St. Pierre [Tue, 27 Feb 2018 18:02:24 +0000 (19:02 +0100)]
Add documentation for the RAND_DRBG API

The RAND_DRBG API was added in PR #5462 and modified by PR #5547.
This commit adds the corresponding documention.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5461)

16 months agoEVP,KDF: Add more error code along some return 0 in ...
FdaSilvaYY [Thu, 29 Mar 2018 18:59:58 +0000 (20:59 +0200)]
EVP,KDF: Add more error code along some return 0 in ...
methods :
 - EVP_PBE_scrypt
 - EVP_PKEY_meth_add0
 - EVP_PKEY_meth_new
 - EVP_PKEY_CTX_dup

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5783)

16 months agoBIO_s_accept.pod: add documentation for the new macros
Vitezslav Cizek [Tue, 9 Jan 2018 19:18:24 +0000 (20:18 +0100)]
BIO_s_accept.pod: add documentation for the new macros

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5007)

16 months agoDocument BIO_{get,set}_conn_ip_family macros.
Vitezslav Cizek [Tue, 9 Jan 2018 16:56:57 +0000 (17:56 +0100)]
Document BIO_{get,set}_conn_ip_family macros.

Add BIO_get_conn_ip_family and BIO_set_conn_ip_family macros to
util/private.num and document them in BIO_s_connect.pod.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5007)

16 months agoUpdate the BIO_s_connect documentation after the BIO refactoring.
Vitezslav Cizek [Tue, 2 Jan 2018 13:43:18 +0000 (14:43 +0100)]
Update the BIO_s_connect documentation after the BIO refactoring.

The BIO was refactored in 417be660e1cd21a2ee085569ff98b0c4249b5416,
but the manual wasn't fully updated to reflect some of the changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5007)

16 months agoDocument RAND_DRBG fork-safety locking model
Benjamin Kaduk [Mon, 7 Aug 2017 14:55:48 +0000 (09:55 -0500)]
Document RAND_DRBG fork-safety locking model

Add some more exposition on why unlocked access to the global rand_fork_count
is safe, and provide a comment for the struct rand_drbg_st fork_count field.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/4110)

16 months agoConfigurations/10-main.conf: fix VC-noCE-common template.
Andy Polyakov [Wed, 28 Mar 2018 08:07:32 +0000 (10:07 +0200)]
Configurations/10-main.conf: fix VC-noCE-common template.

picker() is type agnostic, but its output consumer is not. Or rather
it doesn't work if picker() picks nothing when consumer expects
array. So ensure array is returned when array is expected.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5770)

16 months agoConfigure: harmonize syntax.
Andy Polyakov [Wed, 28 Mar 2018 08:06:32 +0000 (10:06 +0200)]
Configure: harmonize syntax.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5770)

16 months agoFix setbuf use for VMS C
Richard Levitte [Thu, 29 Mar 2018 08:34:11 +0000 (10:34 +0200)]
Fix setbuf use for VMS C

The VMS C RTL has setbuf() working for short pointers only, probably
the FILE pointer will always be in P0 (the lower 4GB).  Fortunately,
this only generates a warning about possible data loss (doesn't apply
in this case) that we can simply turn off.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5789)

16 months ago.travis.yml: with fast fuzz testing, there is no point avoiding it
Richard Levitte [Wed, 28 Mar 2018 08:38:56 +0000 (10:38 +0200)]
.travis.yml: with fast fuzz testing, there is no point avoiding it

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5776)

16 months agoFaster fuzz test: teach the fuzz test programs to handle directories
Richard Levitte [Wed, 28 Mar 2018 13:46:28 +0000 (15:46 +0200)]
Faster fuzz test: teach the fuzz test programs to handle directories

Instead of invoking the fuzz test programs once for every corpora
file, we invoke them once for each directory of corpora files.  This
dramatically reduces the number of program invikations, as well as the
time 99-test_fuzz.t takes to complete.

fuzz/test-corpus.c was enhanced to handle directories as well as
regular files.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5776)

16 months agoRevert "util/dofile.pl: only quote stuff that actually needs quoting"
Richard Levitte [Wed, 28 Mar 2018 12:46:27 +0000 (14:46 +0200)]
Revert "util/dofile.pl: only quote stuff that actually needs quoting"

This wasn't a good solution, too many things depend on the quotes being
there consistently.

This reverts commit 49cd47eaababc8c57871b929080fc1357e2ad7b8.

Fixes #5772

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5773)

16 months agocrypto/e_aes.c: use S390X_AES_FC macro
Patrick Steuer [Wed, 28 Mar 2018 12:23:56 +0000 (13:23 +0100)]
crypto/e_aes.c: use S390X_AES_FC macro

... to compute s390x aes function code from keylength.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5250)

16 months agocrypto/evp/e_aes.c: add size_t casts to increase readability
Patrick Steuer [Wed, 28 Mar 2018 12:21:29 +0000 (13:21 +0100)]
crypto/evp/e_aes.c: add size_t casts to increase readability

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5250)

16 months agos390x assembly pack: add KMF code path for aes-cfb/cfb8
Patrick Steuer [Wed, 28 Mar 2018 12:09:24 +0000 (13:09 +0100)]
s390x assembly pack: add KMF code path for aes-cfb/cfb8

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5250)

16 months agos390x assembly pack: add KMO code path for aes-ofb
Patrick Steuer [Wed, 28 Mar 2018 11:54:50 +0000 (12:54 +0100)]
s390x assembly pack: add KMO code path for aes-ofb

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5250)

16 months agos390x assembly pack: add KM code path for aes-ecb
Patrick Steuer [Wed, 28 Mar 2018 11:43:15 +0000 (12:43 +0100)]
s390x assembly pack: add KM code path for aes-ecb

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5250)

16 months agoRewrite the X509->alert mapping code
Rich Salz [Wed, 28 Mar 2018 19:34:16 +0000 (15:34 -0400)]
Rewrite the X509->alert mapping code

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5780)

16 months agoRemove some code
Matt Caswell [Tue, 27 Mar 2018 16:31:56 +0000 (17:31 +0100)]
Remove some code

This commit removes the contribution of a user that we cannot trace to
gain their consent for the licence change.

After this commit the various IS_*() macros in the auto-generated file
conf_def.h may incorrectly return true if the supplied character has its
most significant bit set. The IS_*() macros should be able to correctly
handle 8-bit characters. Note that UTF-8 support is not a requirement.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5767)

16 months agoTolerate a Certificate using a non-supported group on server side
Matt Caswell [Mon, 12 Mar 2018 17:15:25 +0000 (17:15 +0000)]
Tolerate a Certificate using a non-supported group on server side

If a server has been configured to use an ECDSA certificate, we should
allow it regardless of whether the server's own supported groups list
includes the certificate's group.

Fixes #2033

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5601)

16 months agoRevert "Temporarily disable some tests that hang"
Matt Caswell [Tue, 27 Mar 2018 21:37:19 +0000 (22:37 +0100)]
Revert "Temporarily disable some tests that hang"

This reverts commit 37a385956461ab526ecea2739a8a40364a8db259.

These tests should now be fixed by commit e6e9170d6.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5765)

16 months agoAllow NULL for some _free routines.
Rich Salz [Tue, 27 Mar 2018 20:25:08 +0000 (16:25 -0400)]
Allow NULL for some _free routines.

Based on the description in https://github.com/openssl/openssl/pull/5757,
this re-implements the "allow NULL to be passed" behavior of a number of
xxx_free routines.  I also fixed up some egregious formatting errors
that were nearby.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5761)

16 months agoo_time.c: use gmtime_s with MSVC
Miroslav Suk [Thu, 22 Mar 2018 08:20:43 +0000 (09:20 +0100)]
o_time.c: use gmtime_s with MSVC
ts/ts_rsp_sign.c: change to OPENSSL_gmtime.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5720)

16 months agodoc/man1/x509.pod: corrected "S/MIME signing" requirements
Konstantin Shemyak [Thu, 22 Mar 2018 17:53:59 +0000 (19:53 +0200)]
doc/man1/x509.pod: corrected "S/MIME signing" requirements

When the "certificate purpose" is checked and KeyUsage extension is present,
either 'digitalSignature' or 'nonRepudiation' is accepted.

Manual page corrected to reflect the above.

Signed-off-by: Konstantin Shemyak <konstantin@shemyak.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5727)

16 months agostatem/statem_clnt.c: omit redundant check in tls_construct_client_hello.
Philippe Antoine [Mon, 26 Mar 2018 08:29:56 +0000 (10:29 +0200)]
statem/statem_clnt.c: omit redundant check in tls_construct_client_hello.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5729)

16 months agorand/randfile.c: permit non-regular files in RAND_load_file.
Andy Polyakov [Fri, 23 Mar 2018 14:12:20 +0000 (15:12 +0100)]
rand/randfile.c: permit non-regular files in RAND_load_file.

Apparently applications rely on RAND_load_file's ability to work with
non-regular files, customarily with /dev/urandom, so that the ban was
not exactly appropriate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5737)

16 months agoConfigure: make LIST command work with dynamic 15-android.conf.
Andy Polyakov [Mon, 26 Mar 2018 10:35:57 +0000 (12:35 +0200)]
Configure: make LIST command work with dynamic 15-android.conf.

This is quick-n-dirty ad-hoc solution, the problem asks for more
elegant one...

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5755)

16 months agoTemporarily disable some tests that hang
Matt Caswell [Mon, 26 Mar 2018 22:36:37 +0000 (23:36 +0100)]
Temporarily disable some tests that hang

The previous commit causes some tests to hang so we temporarily disable them.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5757)

16 months agoRemove some code for a contributor that we cannot find
Matt Caswell [Mon, 26 Mar 2018 18:12:25 +0000 (19:12 +0100)]
Remove some code for a contributor that we cannot find

This removes some code because we cannot trace the original contributor
to get their agreement for the licence change (original commit e03ddfae).

After this change there will be numerous failures in the test cases until
someone rewrites the missing code.

All *_free functions should accept a NULL parameter. After this change
the following *_free functions will fail if a NULL parameter is passed:

BIO_ACCEPT_free()
BIO_CONNECT_free()
BN_BLINDING_free()
BN_CTX_free()
BN_MONT_CTX_free()
BN_RECP_CTX_free()
BUF_MEM_free()
COMP_CTX_free()
ERR_STATE_free()
TXT_DB_free()
X509_STORE_free()
ssl3_free()
ssl_cert_free()
SSL_SESSION_free()
SSL_free()

[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5757)

16 months agoAssert that alpn_selected is NULL before we assign it
Matt Caswell [Wed, 21 Mar 2018 20:19:37 +0000 (20:19 +0000)]
Assert that alpn_selected is NULL before we assign it

The alpn_selected value in the session should be NULL before we first
populate it if this is a new session. We assert to make sure it is.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5715)

16 months agoDon't write out a bad OID
Matt Caswell [Thu, 22 Mar 2018 14:33:05 +0000 (14:33 +0000)]
Don't write out a bad OID

If we don't have OID data for an object then we should fail if we
are asked to encode the ASN.1 for that OID.

Fixes #5723

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5725)

16 months agoUpdate CHANGES and NEWS for the new release
Matt Caswell [Tue, 27 Mar 2018 09:58:34 +0000 (10:58 +0100)]
Update CHANGES and NEWS for the new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
16 months agotest/test_test.c: add CRYPTO_memcmp regression test.
Andy Polyakov [Mon, 26 Mar 2018 08:55:35 +0000 (10:55 +0200)]
test/test_test.c: add CRYPTO_memcmp regression test.

Reviewed-by: Matt Caswell <matt@openssl.org>
16 months agopariscid.pl: fix nasty typo in CRYPTO_memcmp.
Andy Polyakov [Wed, 21 Mar 2018 22:48:10 +0000 (23:48 +0100)]
pariscid.pl: fix nasty typo in CRYPTO_memcmp.

Comparison was effectively reduced to least significant bits.

CVE-2018-0733

Reviewed-by: Matt Caswell <matt@openssl.org>
16 months agoAdd fuzz corpora file that found the ASN.1 stack depth issue
Matt Caswell [Fri, 26 Jan 2018 16:23:03 +0000 (16:23 +0000)]
Add fuzz corpora file that found the ASN.1 stack depth issue

Reviewed-by: Rich Salz <rsalz@openssl.org>
16 months agoLimit ASN.1 constructed types recursive definition depth
Matt Caswell [Thu, 22 Mar 2018 09:39:53 +0000 (09:39 +0000)]
Limit ASN.1 constructed types recursive definition depth

Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
16 months agoRemove QNX support
Rich Salz [Mon, 26 Mar 2018 18:10:57 +0000 (14:10 -0400)]
Remove QNX support

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5756)

16 months agoConfigurations/README: mention Libs.private in ex_libs description.
Andy Polyakov [Sun, 25 Mar 2018 14:51:55 +0000 (16:51 +0200)]
Configurations/README: mention Libs.private in ex_libs description.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
16 months agoPreviously this x509 command line was working, restore that
Bernd Edlinger [Sun, 25 Mar 2018 12:00:33 +0000 (14:00 +0200)]
Previously this x509 command line was working, restore that

openssl x509 -in server.pem -signkey privkey.pem -out server.pem

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5746)

16 months agoFix dsaparam -genkey with DER outform
Bernd Edlinger [Sun, 25 Mar 2018 10:50:17 +0000 (12:50 +0200)]
Fix dsaparam -genkey with DER outform

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5744)

16 months agoFix ecparam -genkey with point compression or DER outform
Bernd Edlinger [Sat, 24 Mar 2018 14:17:11 +0000 (15:17 +0100)]
Fix ecparam -genkey with point compression or DER outform

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5741)

16 months agoAdds multiple checks to avoid buffer over reads
Philippe Antoine [Fri, 23 Mar 2018 19:51:38 +0000 (20:51 +0100)]
Adds multiple checks to avoid buffer over reads

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5675)

17 months agoConfigurations/windows-makefile.tmpl: refine clean targets.
Andy Polyakov [Thu, 22 Mar 2018 21:55:35 +0000 (22:55 +0100)]
Configurations/windows-makefile.tmpl: refine clean targets.

'nmake clean' was leaving some artefacts behind.

Reviewed-by: Richard Levitte <levitte@openssl.org>
17 months agotest/shlibloadtest.c: make some variables block local
Richard Levitte [Fri, 23 Mar 2018 13:18:16 +0000 (14:18 +0100)]
test/shlibloadtest.c: make some variables block local

myDSO_dsobyaddr and myDSO_free are only used in a narrow block of
code, and can therefore be made local to that block.  Otherwise, some
compilers may warn that they are unused.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5733)

17 months agotest/shlibloadtest.c: fix various errors
Richard Levitte [Fri, 23 Mar 2018 00:05:41 +0000 (01:05 +0100)]
test/shlibloadtest.c: fix various errors

These errors were hidden because compiling this file didn't get the
macros derived from the dso_scheme attribute, and therefore, some code
never got compiled.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5733)

17 months agoInclude "internal/dso_conf.h" where needed and appropriate
Richard Levitte [Fri, 23 Mar 2018 00:05:23 +0000 (01:05 +0100)]
Include "internal/dso_conf.h" where needed and appropriate

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5733)

17 months agoMove the handling of dso_scheme to dso_conf.h
Richard Levitte [Fri, 23 Mar 2018 00:02:08 +0000 (01:02 +0100)]
Move the handling of dso_scheme to dso_conf.h

The macros resulting from the dso_scheme attribute were defined for
libraries only, but there's a test program that uses the macros as
well.  The easier way is to move the handling of this macro to
crypto/include/internal/dso_conf.h and having the modules that need it
include it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5733)

17 months agoConfigurations/unix-Makefile.tmpl: fix inconsistencies with resource files
Richard Levitte [Thu, 22 Mar 2018 21:15:04 +0000 (22:15 +0100)]
Configurations/unix-Makefile.tmpl: fix inconsistencies with resource files

.res files weren't treated consistently.  They weren't included at all
in the build of a shared library, and were named inconsistently; .res
sometimes, and .res.o otherwise.  Now we standardise it to .res.o,
which is the recommended way with GNU tools.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5730)

17 months agoConfigurations/10-main.conf: correct AIX targets.
Andy Polyakov [Wed, 21 Mar 2018 19:04:49 +0000 (20:04 +0100)]
Configurations/10-main.conf: correct AIX targets.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5713)

17 months agoHandle partial messages in TLSProxy
Bernd Edlinger [Thu, 22 Mar 2018 16:28:39 +0000 (17:28 +0100)]
Handle partial messages in TLSProxy

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5412)

17 months agoFix resource files
Rich Salz [Thu, 22 Mar 2018 14:21:33 +0000 (10:21 -0400)]
Fix resource files

Add it to apps as well as libraries.
Fix the copyright year generation.
Thanks to user RTT for pointing this out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5704)

17 months agoinclude/openssl/rand.h: omit intermediate typedef.
Andy Polyakov [Wed, 21 Mar 2018 12:12:15 +0000 (13:12 +0100)]
include/openssl/rand.h: omit intermediate typedef.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4159)

17 months agoopenssl/rand.h: fix formatting.
Andy Polyakov [Mon, 14 Aug 2017 19:38:23 +0000 (21:38 +0200)]
openssl/rand.h: fix formatting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4159)

17 months agoRemove presumably temporary left-over file.
Andy Polyakov [Wed, 21 Mar 2018 15:34:11 +0000 (16:34 +0100)]
Remove presumably temporary left-over file.

Reviewed-by: Rich Salz <rsalz@openssl.org>
17 months agoman3/OPENSSL_ia32cap.pod: update assembler version requirements.
Andy Polyakov [Wed, 21 Mar 2018 15:20:59 +0000 (16:20 +0100)]
man3/OPENSSL_ia32cap.pod: update assembler version requirements.

Reviewed-by: Rich Salz <rsalz@openssl.org>
17 months agocurve448/field.h: relax alignment, as it doesn't work universally.
Andy Polyakov [Wed, 21 Mar 2018 10:19:58 +0000 (11:19 +0100)]
curve448/field.h: relax alignment, as it doesn't work universally.

Some platforms, cough-DJGPP, fail to compile claiming that requested
alignment is greater than maximum possible. Supposedly original
alignment was result of an attempt to utilize AVX2...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5708)

17 months agobio/bss_log.c: on DJGPP syslog facility is part of sockets library.
Andy Polyakov [Wed, 21 Mar 2018 10:19:49 +0000 (11:19 +0100)]
bio/bss_log.c: on DJGPP syslog facility is part of sockets library.

In other words no-sock DJGPP build should suppress syslogging.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5708)

17 months agoo_fopen.c: compensate for e_os.h omission.
Andy Polyakov [Wed, 21 Mar 2018 10:16:50 +0000 (11:16 +0100)]
o_fopen.c: compensate for e_os.h omission.

At earlier point e_os.h was omitted from a number of headers (in order
to emphasize OS neutrality), but this affected o_fopen.c, which is not
OS-neutral, and contains some DJGPP-specific code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5708)

17 months agoDon't call strsignal, just print the signal number.
Pauli [Mon, 19 Mar 2018 21:17:32 +0000 (07:17 +1000)]
Don't call strsignal, just print the signal number.
The strsignal call is not supported by some machines, so avoid its use.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5658)

17 months agoaes ctr_drbg: add cavs tests
Patrick Steuer [Sat, 10 Mar 2018 18:06:43 +0000 (19:06 +0100)]
aes ctr_drbg: add cavs tests

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #5580

17 months agoDRBG: Use the EVP layer to do AES encryption
Kurt Roeckx [Sat, 10 Mar 2018 11:23:21 +0000 (12:23 +0100)]
DRBG: Use the EVP layer to do AES encryption

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #5580

17 months agoUnify s_client/s_server srtp profiles option handling
FdaSilvaYY [Wed, 21 Mar 2018 20:01:24 +0000 (16:01 -0400)]
Unify s_client/s_server srtp profiles option handling

Add missing guards around STRP-related fields
Remove two unneeded global variables: my 2'cents to #4679
Merge definition and instantiation of srpsrvparm global.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4908)

17 months agoThe default conv_form is uncompressed
Matt Caswell [Wed, 21 Mar 2018 16:27:55 +0000 (16:27 +0000)]
The default conv_form is uncompressed

Fixes #5711

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5712)

17 months agoFixes integer underflow with SSL_trace support
Philippe Antoine [Wed, 21 Mar 2018 07:27:34 +0000 (08:27 +0100)]
Fixes integer underflow with SSL_trace support

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5706)

17 months agoDocument EC_POINT_get_affine_coordinates_*.
David Benjamin [Tue, 6 Mar 2018 19:00:24 +0000 (14:00 -0500)]
Document EC_POINT_get_affine_coordinates_*.

In particular, x and y may be NULL, as used in ecdsa_ossl.c. Make use of
this in ecdh_ossl.c as well, to save an otherwise unnecessary temporary.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5532)

17 months agoCleanup the s_time command.
Bernd Edlinger [Wed, 21 Mar 2018 15:23:57 +0000 (16:23 +0100)]
Cleanup the s_time command.

Various code-cleanups.
Use SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) insead of handling
SSL_ERROR_WANT_READ everywhere.
Turn off the linger option on connected sockets to avoid failure.
Add BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) to improve thruput.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3952)

17 months agoConvert _meth_get_ functions to const getters
Jack Bates [Thu, 5 Jan 2017 16:58:18 +0000 (09:58 -0700)]
Convert _meth_get_ functions to const getters

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2181)

17 months agoDon't wait for dry at the end of a handshake
Matt Caswell [Tue, 16 Jan 2018 11:26:50 +0000 (11:26 +0000)]
Don't wait for dry at the end of a handshake

For DTLS/SCTP we were waiting for a dry event during the call to
tls_finish_handshake(). This function just tidies up various internal
things, and after it completes the handshake is over. I can find no good
reason for waiting for a dry event here, and nothing in RFC6083 suggests
to me that we should need to. More importantly though it seems to be
wrong. It is perfectly possible for a peer to send app data/alerts/new
handshake while we are still cleaning up our handshake. If this happens
then we will never get the dry event and so we cannot continue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)

17 months agoCheck for alerts while waiting for a dry event
Matt Caswell [Tue, 16 Jan 2018 10:48:01 +0000 (10:48 +0000)]
Check for alerts while waiting for a dry event

At a couple of points in a DTLS/SCTP handshake we need to wait for a dry
event before continuing. However if an alert has been sent by the peer
then we will never receive that dry event and an infinite loop results.

This commit changes things so that we attempt to read a message if we
are waiting for a dry event but haven't got one yet. This should never
succeed, but any alerts will be processed.

Fixes #4763

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)

17 months agoFix stack-use-after-scope
Peter Wu [Tue, 20 Mar 2018 22:47:06 +0000 (23:47 +0100)]
Fix stack-use-after-scope

Fixes regression from #5667.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5701)

17 months agoo_fopen.c,rand/randfile.c: compensate for e_os.h omission.
Andy Polyakov [Mon, 19 Mar 2018 17:12:31 +0000 (18:12 +0100)]
o_fopen.c,rand/randfile.c: compensate for e_os.h omission.

At earlier point e_os.h was omitted from a number of headers (in order
to emphasize OS neutrality), but this affected o_fopen.c and randfile.c
which are not OS-neutral, and contain some Win32-specific code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5676)

17 months agoAdd dladdr() for AIX
Matthias Kraft [Mon, 19 Mar 2018 17:37:46 +0000 (13:37 -0400)]
Add dladdr() for AIX

Although it deviates from the actual prototype of DSO_dsobyaddr(), this
is now ISO C compliant and gcc -Wpedantic accepts the code.

Added DATA segment checking to catch ptrgl virtual addresses. Avoid
memleaks with every AIX/dladdr() call. Removed debug-fprintf()s.
Added test case for DSO_dsobyaddr(), which will eventually call dladdr().
Removed unecessary AIX ifdefs again.

The implementation can only lookup function symbols, no data symbols.
Added PIC-flag to aix*-cc build targets.

As AIX is missing a dladdr() implementation it is currently uncertain our
exit()-handlers can still be called when the application exits. After
dlclose() the whole library might have been unloaded already.

Signed-off-by: Matthias Kraft <makr@gmx.eu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5668)

17 months agoDo not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER
Benjamin Kaduk [Fri, 26 Jan 2018 17:16:21 +0000 (11:16 -0600)]
Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER

The sid_ctx is something of a "certificate request context" or a
"session ID context" -- something from the application that gives
extra indication of what sort of thing this session is/was for/from.
Without a sid_ctx, we only know that there is a session that we
issued, but it could have come from a number of things, especially
with an external (shared) session cache.  Accordingly, when resuming,
we will hard-error the handshake when presented with a session with
zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no
information about the peer to verify, so the verification must fail.

In order to prevent these future handshake failures, proactively
decline to add the problematic sessions to the session cache.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5175)

17 months agoRemove mention of link between message digests and public key algorithms.
Pauli [Tue, 20 Mar 2018 00:03:10 +0000 (10:03 +1000)]
Remove mention of link between message digests and public key algorithms.

The comment in EVP_DigestInit.pod is:

> Returns the NID of the public key signing algorithm associated with this
digest. For example EVP_sha1() is associated with RSA so this will return
B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms are no
longer linked this function is only retained for compatibility reasons.

I.e. there is no link anymore.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5682)

17 months agoaix compat fixes for ocsp.c
Eric Covener [Sat, 17 Mar 2018 18:00:15 +0000 (14:00 -0400)]
aix compat fixes for ocsp.c

WCOREDUMP and vsyslog are not portable

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5657)

17 months agoMake pkeyutl a bit more user-friendly
Johannes Bauer [Fri, 21 Jul 2017 20:19:35 +0000 (22:19 +0200)]
Make pkeyutl a bit more user-friendly

Give meaningful error messages when the user incorrectly uses pkeyutl.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3987)

17 months agoReduce the verbosity of test_store
Matt Caswell [Tue, 20 Mar 2018 15:48:33 +0000 (15:48 +0000)]
Reduce the verbosity of test_store

The travis logs are going above 4Mb causing the builds to fail. One
test creates excessive output. This change reduces that output by approx
180k.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5694)

17 months agoFix the OCSP responder mode
Matt Caswell [Tue, 20 Mar 2018 11:16:39 +0000 (11:16 +0000)]
Fix the OCSP responder mode

Broken by commit 3e3c7c36.

Fixes #5681

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5688)

17 months agoPrepare for 1.1.1-pre4-dev
Matt Caswell [Tue, 20 Mar 2018 13:15:39 +0000 (13:15 +0000)]
Prepare for 1.1.1-pre4-dev

Reviewed-by: Richard Levitte <levitte@openssl.org>
17 months agoPrepare for 1.1.1-pre3 release OpenSSL_1_1_1-pre3
Matt Caswell [Tue, 20 Mar 2018 13:13:56 +0000 (13:13 +0000)]
Prepare for 1.1.1-pre3 release

Reviewed-by: Richard Levitte <levitte@openssl.org>
17 months agoUpdate copyright year
Matt Caswell [Tue, 20 Mar 2018 13:00:17 +0000 (13:00 +0000)]
Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5689)

17 months agocrypto/rand/rand_vms.c: include "internal/rand_int.h"
Richard Levitte [Tue, 20 Mar 2018 07:31:10 +0000 (08:31 +0100)]
crypto/rand/rand_vms.c: include "internal/rand_int.h"

Without it, the RAND_POOL typedef is missing

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5685)

17 months agoFix: drbgtest fails when tests are executed in random order
Dr. Matthias St. Pierre [Mon, 19 Mar 2018 20:11:50 +0000 (21:11 +0100)]
Fix: drbgtest fails when tests are executed in random order

[extended tests]

The test_rand_reseed assumed that the global DRBGs were not used
previously. This assumption is false when the tests are executed
in random order (OPENSSL_TEST_RAND_ORDER). So we uninstantiate
them first and add a test for the first instantiation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5680)

17 months agos_client, s_server: do generic SSL configuration first, specialization after
Richard Levitte [Mon, 19 Mar 2018 19:33:50 +0000 (20:33 +0100)]
s_client, s_server: do generic SSL configuration first, specialization after

We did the SSL_CONF_cmd() pass last of all things that could affect
the SSL ctx.  However, the results of this, for example:

    -max_protocol TLSv1.3 -tls1_2

... would mean that the protocol min got set to TLSv1.2 and the
protocol max to TLSv1.3, when they should clearly both be TLSv1.2.

However, if we see the SSL_CONF_cmd() switches as generic and those
internal to s_client and s_server as specialisations, we get something
that makes a little more sense.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5679)

17 months agoFix no-sm3/no-sm2 (with strict-warnings)
Todd Short [Mon, 19 Mar 2018 18:22:56 +0000 (14:22 -0400)]
Fix no-sm3/no-sm2 (with strict-warnings)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5677)

17 months agoFix no-sm3 (and no-sm2)
Todd Short [Mon, 19 Mar 2018 17:21:13 +0000 (13:21 -0400)]
Fix no-sm3 (and no-sm2)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5677)

17 months agoDon't generate buildtest_*err.c
Richard Levitte [Mon, 19 Mar 2018 17:54:27 +0000 (18:54 +0100)]
Don't generate buildtest_*err.c

The error string header files aren't supposed to be included directly,
so there's no point testing that they can.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5678)

17 months agoEnhance ssltestlib's create_ssl_ctx_pair to take min and max proto version
Richard Levitte [Mon, 19 Mar 2018 08:08:06 +0000 (09:08 +0100)]
Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version

Have all test programs using that function specify those versions.
Additionally, have the remaining test programs that use SSL_CTX_new
directly specify at least the maximum protocol version.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)

17 months agoIn TLSProxy::Proxy, specify TLSv1.3 as maximum allowable protocol
Richard Levitte [Mon, 19 Mar 2018 07:44:04 +0000 (08:44 +0100)]
In TLSProxy::Proxy, specify TLSv1.3 as maximum allowable protocol

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)

17 months agoSupport "-min_protocol" and "-max_protocol" in s_server and s_client
Richard Levitte [Mon, 19 Mar 2018 06:46:10 +0000 (07:46 +0100)]
Support "-min_protocol" and "-max_protocol" in s_server and s_client

If for nothing else, they are needed when doing a regression test

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)

17 months agoFix no-ec
Matt Caswell [Mon, 19 Mar 2018 16:24:49 +0000 (16:24 +0000)]
Fix no-ec

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)

17 months agoFix no-sm2
Matt Caswell [Mon, 19 Mar 2018 16:17:58 +0000 (16:17 +0000)]
Fix no-sm2

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)