oweals/openssl.git
5 years agoutil/find-docs-nits: Extend to handle internal documentation
Richard Levitte [Mon, 18 Feb 2019 15:00:06 +0000 (16:00 +0100)]
util/find-docs-nits: Extend to handle internal documentation

While we're at it, we also check for names that contain white-space,
as they are invalid.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8269)

5 years agocygwin: drop explicit O_TEXT
Corinna Vinschen [Fri, 15 Feb 2019 11:24:47 +0000 (12:24 +0100)]
cygwin: drop explicit O_TEXT

Cygwin binaries should not enforce text mode these days, just
use text mode if the underlying mount point requests it

CLA: trivial

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8248)

5 years agoConform to proper NAME section format
Richard Levitte [Mon, 18 Feb 2019 13:32:58 +0000 (14:32 +0100)]
Conform to proper NAME section format

The NAME section format is comma separated names to the left of the
left of the dash, free form on the right.  If we don't follow that
form, programs like apropos(1) and whatis(1) can't do their job
properly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8267)

5 years agoProperty: naming and manual clarifiations
Richard Levitte [Mon, 18 Feb 2019 08:40:07 +0000 (09:40 +0100)]
Property: naming and manual clarifiations

- Add a bit more text about that is expected of the user or
  OSSL_METHOD_STOREs.
- Clarify what a method and what a numeric identity are.
- Change all mentions of 'implementation' and 'result' to 'method'.

To clarify further: OpenSSL has used the term 'method' for structures
that mainly contains function pointers.  Those are the methods that
are expected to be stored away in OSSL_METHOD_STOREs.  In the end,
however, it's the caller's responsibility to define exactly what they
want to store, as long as its 'methods' are associated with a numeric
identity and properties.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8265)

5 years agoDon't leak EVP_KDF_CTX on error
Matt Caswell [Sun, 17 Feb 2019 16:13:08 +0000 (16:13 +0000)]
Don't leak EVP_KDF_CTX on error

Found by Coverity

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8260)

5 years agogenerated files
Pauli [Sat, 16 Feb 2019 08:33:37 +0000 (18:33 +1000)]
generated files

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8224)

5 years agoProperties for implementation selection.
Pauli [Fri, 16 Nov 2018 01:44:30 +0000 (11:44 +1000)]
Properties for implementation selection.

Properties are a sequence of comma separated name=value pairs.  A name
without a corresponding value is assumed to be a Boolean and have the
true value 'yes'.  Values are either strings or numbers.  Strings can be
quoted either _"_ or _'_ or unquoted (with restrictions).  There are no
escape characters inside strings.  Number are either decimal digits or
'0x' followed by hexidecimal digits.  Numbers are represented internally
as signed sixty four bit values.

Queries on properties are a sequence comma separated conditional tests.
These take the form of name=value (equality test), name!=value (inequality
test) or name (Boolean test for truth).  Queries can be parsed, compared
against a definition or merged pairwise.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8224)

5 years agoAdd missing dots in dgst man page
Vedran Miletić [Fri, 1 Feb 2019 14:03:09 +0000 (15:03 +0100)]
Add missing dots in dgst man page

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #8142

5 years agoFixed typo
Jan Macku [Wed, 30 Jan 2019 15:09:50 +0000 (16:09 +0100)]
Fixed typo

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #8121

5 years agoCheck for unpaired .cfi_remember_state
David Benjamin [Tue, 29 Jan 2019 23:41:39 +0000 (17:41 -0600)]
Check for unpaired .cfi_remember_state

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8109

5 years agoFix some CFI issues in x86_64 assembly
David Benjamin [Tue, 29 Jan 2019 05:12:15 +0000 (05:12 +0000)]
Fix some CFI issues in x86_64 assembly

The add/double shortcut in ecp_nistz256-x86_64.pl left one instruction
point that did not unwind, and the "slow" path in AES_cbc_encrypt was
not annotated correctly. For the latter, add
.cfi_{remember,restore}_state support to perlasm.

Next, fill in a bunch of functions that are missing no-op .cfi_startproc
and .cfi_endproc blocks. libunwind cannot unwind those stack frames
otherwise.

Finally, work around a bug in libunwind by not encoding rflags. (rflags
isn't a callee-saved register, so there's not much need to annotate it
anyway.)

These were found as part of ABI testing work in BoringSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8109

5 years ago[test] unit test for field_inv function pointer in EC_METHOD
Billy Brumley [Tue, 12 Feb 2019 14:00:20 +0000 (16:00 +0200)]
[test] unit test for field_inv function pointer in EC_METHOD

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8254)

5 years agoSCA hardening for mod. field inversion in EC_GROUP
Billy Brumley [Sat, 2 Feb 2019 08:53:29 +0000 (10:53 +0200)]
SCA hardening for mod. field inversion in EC_GROUP

This commit adds a dedicated function in `EC_METHOD` to access a modular
field inversion implementation suitable for the specifics of the
implemented curve, featuring SCA countermeasures.

The new pointer is defined as:
`int (*field_inv)(const EC_GROUP*, BIGNUM *r, const BIGNUM *a, BN_CTX*)`
and computes the multiplicative inverse of `a` in the underlying field,
storing the result in `r`.

Three implementations are included, each including specific SCA
countermeasures:
  - `ec_GFp_simple_field_inv()`, featuring SCA hardening through
    blinding.
  - `ec_GFp_mont_field_inv()`, featuring SCA hardening through Fermat's
    Little Theorem (FLT) inversion.
  - `ec_GF2m_simple_field_inv()`, that uses `BN_GF2m_mod_inv()` which
    already features SCA hardening through blinding.

From a security point of view, this also helps addressing a leakage
previously affecting conversions from projective to affine coordinates.

This commit also adds a new error reason code (i.e.,
`EC_R_CANNOT_INVERT`) to improve consistency between the three
implementations as all of them could fail for the same reason but
through different code paths resulting in inconsistent error stack
states.

Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8254)

5 years agoARM64 assembly pack: make it Windows-friendly.
Andy Polyakov [Fri, 15 Feb 2019 21:16:41 +0000 (22:16 +0100)]
ARM64 assembly pack: make it Windows-friendly.

"Windows friendliness" means a) unified PIC-ification, unified across
all platforms; b) unified commantary delimiter; c) explicit ldur/stur,
as Visual Studio assembler can't automatically encode ldr/str as
ldur/stur when needed.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8256)

5 years agoARM assembly pack: make it Windows-friendly.
Andy Polyakov [Fri, 15 Feb 2019 08:44:39 +0000 (09:44 +0100)]
ARM assembly pack: make it Windows-friendly.

"Windows friendliness" means a) flipping .thumb and .text directives,
b) always generate Thumb-2 code when asked(*); c) Windows-specific
references to external OPENSSL_armcap_P.

(*) so far *some* modules were compiled as .code 32 even if Thumb-2
was targeted. It works at hardware level because processor can alternate
between the modes with no overhead. But clang --target=arm-windows's
builtin assembler just refuses to compile .code 32...

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8252)

5 years agos390x assembly pack: fix formal interface bug in chacha module
Patrick Steuer [Fri, 15 Feb 2019 21:59:09 +0000 (22:59 +0100)]
s390x assembly pack: fix formal interface bug in chacha module

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8257)

5 years agoAdd an OpenSSL library context
Richard Levitte [Wed, 6 Feb 2019 16:42:50 +0000 (17:42 +0100)]
Add an OpenSSL library context

The context builds on CRYPTO_EX_DATA, allowing it to be dynamically
extended with new data from the different parts of libcrypto.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8225)

5 years agoAdd CRYPTO_alloc_ex_data()
Richard Levitte [Fri, 8 Feb 2019 15:46:28 +0000 (16:46 +0100)]
Add CRYPTO_alloc_ex_data()

This allows allocation of items at indexes that were created after the
CRYPTO_EX_DATA variable was initialized, using the exact same method
that was used then.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8225)

5 years agoAdd EC_GROUP_get0_field
David Asraf [Thu, 7 Feb 2019 09:51:39 +0000 (11:51 +0200)]
Add  EC_GROUP_get0_field

New function to return internal pointer for field.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8195)

5 years agoMark generated functions unused (applies to safestack, lhash, sparse_array)
Richard Levitte [Fri, 15 Feb 2019 07:06:36 +0000 (08:06 +0100)]
Mark generated functions unused (applies to safestack, lhash, sparse_array)

safestack.h, lhash.h and sparse_array.h all define macros to generate
a full API for the containers as static inline functions.  This
potentially generates unused code, which some compilers may complain
about.

We therefore need to mark those generated functions as unused, so the
compiler knows that we know, and stops complaining about it.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8246)

5 years agoAdd option to disable Extended Master Secret
Todd Short [Mon, 10 Jul 2017 17:28:35 +0000 (13:28 -0400)]
Add option to disable Extended Master Secret

Add SSL_OP64_NO_EXTENDED_MASTER_SECRET, that can be set on either
an SSL or an SSL_CTX. When processing a ClientHello, if this flag
is set, do not indicate that the EMS TLS extension was received in
either the ssl3 object or the SSL_SESSION.  Retain most of the
sanity checks between the previous and current session during
session resumption, but weaken the check when the current SSL
object is configured to not use EMS.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3910)

5 years agoUse order not degree to calculate a buffer size in ecdsatest
Matt Caswell [Thu, 14 Feb 2019 12:21:20 +0000 (12:21 +0000)]
Use order not degree to calculate a buffer size in ecdsatest

Otherwise this can result in an incorrect calculation of the maximum
encoded integer length, meaning an insufficient buffer size is allocated.

Thanks to Billy Brumley for helping to track this down.

Fixes #8209

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8237)

5 years agoFix no-stdio
Matt Caswell [Thu, 14 Feb 2019 15:22:59 +0000 (15:22 +0000)]
Fix no-stdio

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8238)

5 years agoConfigure: make --strict-warnings a regular user provided compiler option
Richard Levitte [Thu, 14 Feb 2019 15:26:40 +0000 (16:26 +0100)]
Configure: make --strict-warnings a regular user provided compiler option

This makes `--strict-warnings` into a compiler pseudo-option, i.e. it
gets treated the same way as any other compiler option given on the
configuration command line, but is retroactively replaced by actual
compiler warning options, depending on what compiler is used.

This makes it easier to see in what order options are given to the
compiler from the configuration command line, i.e. this:

    ./config -Wall --strict-warnings

would give the compiler flags in the same order as they're given,
i.e.:

    -Wall -Werror -Wno-whatever ...

instead of what we got previously:

    -Werror -Wno-whatever ... -Wall

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8239)

5 years agoFix -verify_return_error in s_client
Matt Caswell [Thu, 24 Jan 2019 12:21:39 +0000 (12:21 +0000)]
Fix -verify_return_error in s_client

The "verify_return_error" option in s_client is documented as:

 Return verification errors instead of continuing. This will typically
 abort the handshake with a fatal error.

In practice this option was ignored unless also accompanied with the
"-verify" option. It's unclear what the original intention was. One fix
could have been to change the documentation to match the actual behaviour.
However it seems unecessarily complex and unexpected that you should need
to have both options. Instead the fix implemented here is make the option
match the documentation so that "-verify" is not also required.

Note that s_server has a similar option where "-verify" (or "-Verify") is
still required. This makes more sense because those options additionally
request a certificate from the client. Without a certificate there is no
possibility of a verification failing, and so "-verify_return_error" doing
nothing seems ok.

Fixes #8079

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8080)

5 years agoDon't signal SSL_CB_HANDSHAKE_START for TLSv1.3 post-handshake messages
Matt Caswell [Sun, 27 Jan 2019 11:00:16 +0000 (11:00 +0000)]
Don't signal SSL_CB_HANDSHAKE_START for TLSv1.3 post-handshake messages

The original 1.1.1 design was to use SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal start/end of a post-handshake message
exchange in TLSv1.3. Unfortunately experience has shown that this confuses
some applications who mistake it for a TLSv1.2 renegotiation. This means
that KeyUpdate messages are not handled properly.

This commit removes the use of SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal the start/end of a post-handshake
message exchange. Individual post-handshake messages are still signalled in
the normal way.

This is a potentially breaking change if there are any applications already
written that expect to see these TLSv1.3 events. However, without it,
KeyUpdate is not currently usable for many applications.

Fixes #8069

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8096)

5 years agoIgnore cipher suites when setting cipher list
Sam Roberts [Mon, 26 Nov 2018 21:58:52 +0000 (13:58 -0800)]
Ignore cipher suites when setting cipher list

set_cipher_list() sets TLSv1.2 (and below) ciphers, and its success or
failure should not depend on whether set_ciphersuites() has been used to
setup TLSv1.3 ciphers.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7759)

5 years agoConfigure: stop forcing use of DEFINE macros in headers
Richard Levitte [Thu, 14 Feb 2019 08:25:40 +0000 (09:25 +0100)]
Configure: stop forcing use of DEFINE macros in headers

There are times when one might want to use something like
DEFINE_STACK_OF in a .c file, because it defines a stack for a type
defined in that .c file.  Unfortunately, when configuring with
`--strict-warnings`, clang aggressively warn about unused functions in
such cases, which forces the use of such DEFINE macros to header
files.

We therefore disable this warning from the `--strict-warnings`
definition for clang.

(note for the curious: `-Wunused-function` is enabled via `-Wall`)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8234)

5 years agoSparse array iterators include index position.
Pauli [Wed, 13 Feb 2019 22:13:58 +0000 (08:13 +1000)]
Sparse array iterators include index position.

Iterators over the sparse array structures have gained an initial argument
which indicates the index into the array of the element.  This can be used,
e.g., to delete or modify the associated value.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8229)

5 years agoWindows/Cygwin dlls need the executable bit set
Michael Haubenwallner [Wed, 13 Feb 2019 15:52:04 +0000 (16:52 +0100)]
Windows/Cygwin dlls need the executable bit set

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8226)

5 years agotest/build.info: add missing ../apps/include
Richard Levitte [Wed, 13 Feb 2019 17:59:13 +0000 (18:59 +0100)]
test/build.info: add missing ../apps/include

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8227)

5 years agoAdded new EVP/KDF API.
David Makepeace [Thu, 21 Jun 2018 21:16:18 +0000 (07:16 +1000)]
Added new EVP/KDF API.
Changed PKEY/KDF API to call the new API.
Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs.
Documentation updated.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6674)

5 years agoSparse array limit testing: reduce the range limit for the number of bits
Pauli [Wed, 13 Feb 2019 06:11:16 +0000 (16:11 +1000)]
Sparse array limit testing: reduce the range limit for the number of bits
in a sparse array pointer block.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8221)

5 years agoFix null pointer dereference in cms_RecipientInfo_kari_init
Daniel DeFreez [Wed, 13 Feb 2019 06:26:14 +0000 (14:26 +0800)]
Fix null pointer dereference in cms_RecipientInfo_kari_init

CLA: trivial

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8137)

5 years agoMove libapps headers into their own directory
Richard Levitte [Tue, 12 Feb 2019 10:37:43 +0000 (11:37 +0100)]
Move libapps headers into their own directory

This got triggered by test/testutil.h including ../apps/opt.h.

Some compilers do all inclusions from the directory of the C file
being compiled, so when a C file includes a header file with a
relative file spec, and that header file also includes another header
file with a relative file spec, the compiler no longer follows.

As a specific example, test/testutil/basic_output.c included
../testutil.h.  Fine so far, but then, test/testutil.h includes
../apps/opt.h, and the compiler ends up trying to include (seen from
the source top) test/apps/opt.h rather than apps/opt.h, and fails.

The solution could have been to simply add apps/ as an inclusion
directory.  However, that directory also has header files that have
nothing to do with libapps, so we take this a bit further, create
apps/include and move libapps specific headers there, and then add
apps/include as inclusion directory in the build.info files where
needed.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8210)

5 years agoFix master build.
Pauli [Tue, 12 Feb 2019 23:30:20 +0000 (09:30 +1000)]
Fix master build.
The recent change from ENGINES to MODULES broke the configure it seems.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8219)

5 years agoMacro typo fix not propagated
Pauli [Tue, 12 Feb 2019 22:30:49 +0000 (08:30 +1000)]
Macro typo fix not propagated

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8217)

5 years agoFix typo in comment
Pauli [Tue, 12 Feb 2019 23:22:36 +0000 (09:22 +1000)]
Fix typo in comment

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8218)

5 years agoTo use BN_BITS2, we'd better include openssl/bn.h
Richard Levitte [Tue, 12 Feb 2019 18:54:08 +0000 (19:54 +0100)]
To use BN_BITS2, we'd better include openssl/bn.h

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8212)

5 years agoeng_devcrypto.c: close open session on init
Eneas U de Queiroz [Tue, 12 Feb 2019 12:44:19 +0000 (10:44 -0200)]
eng_devcrypto.c: close open session on init

cipher_init may be called on an already initialized context, without a
necessary cleanup.  This separates cleanup from initialization, closing
an eventual open session before creating a new one.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7859)

5 years agoCHANGES: add note about building devcrypto dynamic
Eneas U de Queiroz [Thu, 8 Nov 2018 13:07:44 +0000 (11:07 -0200)]
CHANGES: add note about building devcrypto dynamic

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7859)

5 years agoe_devcrypto: make the /dev/crypto engine dynamic
Eneas U de Queiroz [Tue, 6 Nov 2018 12:57:03 +0000 (10:57 -0200)]
e_devcrypto: make the /dev/crypto engine dynamic

Engine has been moved from crypto/engine/eng_devcrypto.c to
engines/e_devcrypto.c.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7859)

5 years agoAArch64 assembly pack: authenticate return addresses.
Andy Polyakov [Mon, 11 Feb 2019 14:33:43 +0000 (15:33 +0100)]
AArch64 assembly pack: authenticate return addresses.

ARMv8.3 adds pointer authentication extension, which in this case allows
to ensure that, when offloaded to stack, return address is same at return
as at entry to the subroutine. The new instructions are nops on processors
that don't implement the extension, so that the vetification is backward
compatible.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8205)

5 years agoAdd sparse array data type.
Pauli [Thu, 24 Jan 2019 02:15:54 +0000 (12:15 +1000)]
Add sparse array data type.

This commit adds a space and time efficient sparse array data structure.
The structure's raw API is wrapped by inline functions which provide type
safety.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8197)

5 years agoRework build: small correction in unix-Makefile.tmpl
Richard Levitte [Tue, 5 Feb 2019 15:21:59 +0000 (16:21 +0100)]
Rework build: small correction in unix-Makefile.tmpl

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8162)

5 years agoRework build: add special cases for AIX
Richard Levitte [Mon, 4 Feb 2019 20:28:43 +0000 (21:28 +0100)]
Rework build: add special cases for AIX

When reworking the way library file names and extensions were formed,
AIX was lost in the process.  This restores the previous
functionality.

Fixes #8156

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8162)

5 years agoapps/ocsp.c Use the same HAVE_FORK / NO_FORK as in speed.c
Richard Levitte [Mon, 12 Nov 2018 17:16:27 +0000 (18:16 +0100)]
apps/ocsp.c Use the same HAVE_FORK / NO_FORK as in speed.c

This allows the user to override our defaults if needed, and in a
consistent manner.

Partial fix for #7607

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7624)

5 years agotest/recipes/02-err_errstr: skip errors that may not be loaded on Windows
Richard Levitte [Fri, 25 Jan 2019 22:57:09 +0000 (23:57 +0100)]
test/recipes/02-err_errstr: skip errors that may not be loaded on Windows

Fixes #8091

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8094)

(cherry picked from commit 0e1b0e510dfe078b3fb2586d987d7b49ff8ef0b2)

5 years agoBuild: correct BASE shlib_version_as_filename
Richard Levitte [Sat, 2 Feb 2019 08:47:16 +0000 (09:47 +0100)]
Build: correct BASE shlib_version_as_filename

This function is designed to use $config{shlib_version} directly
instead of taking an input argument, yet the BASE variant didn't do
this.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8146)

5 years agoENGINE modules aren't special, so call them MODULES
Richard Levitte [Wed, 30 Jan 2019 23:06:50 +0000 (00:06 +0100)]
ENGINE modules aren't special, so call them MODULES

The only thing that makes an ENGINE module special is its entry
points.  Other than that, it's a normal dynamically loadable module,
nothing special about it.  This change has us stop pretending anything
else.

We retain using ENGINE as a term for installation, because it's
related to a specific installation directory, and we therefore also
mark ENGINE modules specifically as such with an attribute in the
build.info files.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8147)

5 years agoUpdated test command line parsing to support commmon commands
Shane Lontis [Thu, 16 Aug 2018 02:36:01 +0000 (12:36 +1000)]
Updated test command line parsing to support commmon commands

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6975)

5 years agoAllow the syntax of the .include directive to optionally have '='
Tomas Mraz [Fri, 1 Feb 2019 13:32:36 +0000 (14:32 +0100)]
Allow the syntax of the .include directive to optionally have '='

If the old openssl versions not supporting the .include directive
load a config file with it, they will bail out with error.

This change allows using the .include = <filename> syntax which
is interpreted as variable assignment by the old openssl
config file parser.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8141)

5 years agoFix comment typo
Pauli [Thu, 24 Jan 2019 02:22:48 +0000 (12:22 +1000)]
Fix comment typo

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8196)

5 years agoFix null pointer dereference in ssl_module_init
Daniel DeFreez [Thu, 7 Feb 2019 17:55:14 +0000 (09:55 -0800)]
Fix null pointer dereference in ssl_module_init

CLA: Trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8183)

5 years agoUpdate d2i_PrivateKey documentation
Todd Short [Wed, 6 Feb 2019 14:28:22 +0000 (09:28 -0500)]
Update d2i_PrivateKey documentation

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8168)

5 years agoFix d2i_PublicKey() for EC keys
Todd Short [Mon, 4 Feb 2019 21:04:11 +0000 (16:04 -0500)]
Fix d2i_PublicKey() for EC keys

o2i_ECPublicKey() requires an EC_KEY structure filled with an EC_GROUP.

o2i_ECPublicKey() is called by d2i_PublicKey(). In order to fulfill the
o2i_ECPublicKey()'s requirement, d2i_PublicKey() needs to be called with
an EVP_PKEY with an EC_KEY containing an EC_GROUP.

However, the call to EVP_PKEY_set_type() frees any existing key structure
inside the EVP_PKEY, thus freeing the EC_KEY with the EC_GROUP that
o2i_ECPublicKey() needs.

This means you can't d2i_PublicKey() for an EC key...

The fix is to check to see if the type is already set appropriately, and
if so, not call EVP_PKEY_set_type().

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8168)

5 years agoAddress a bug in the DRBG tests where the reseeding wasn't properly
Pauli [Fri, 21 Dec 2018 02:03:19 +0000 (12:03 +1000)]
Address a bug in the DRBG tests where the reseeding wasn't properly
reinstantiating the DRBG.

Bug reported by Doug Gibbons.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8184)

5 years agotest/drbgtest.c: call OPENSSL_thread_stop() explicitly
Richard Levitte [Wed, 6 Feb 2019 19:51:47 +0000 (20:51 +0100)]
test/drbgtest.c: call OPENSSL_thread_stop() explicitly

The manual says this in its notes:

    ... and therefore applications using static linking should also call
    OPENSSL_thread_stop() on each thread. ...

Fixes #8171

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8173)

5 years agoMake OPENSSL_malloc_init() a no-op
Matt Caswell [Tue, 5 Feb 2019 14:25:18 +0000 (14:25 +0000)]
Make OPENSSL_malloc_init() a no-op

Making this a no-op removes a potential infinite loop than can occur in
some situations.

Fixes #2865

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8167)

5 years agoAdd CHANGES entry for blake2mac
Antoine Salon [Wed, 6 Feb 2019 19:49:19 +0000 (11:49 -0800)]
Add CHANGES entry for blake2mac

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8172)

5 years agoblake2: avoid writing to output buffer when using default digest length
Antoine Salon [Mon, 7 Jan 2019 23:09:55 +0000 (15:09 -0800)]
blake2: avoid writing to output buffer when using default digest length

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)

5 years agoblake2: add evpmac test vectors
Antoine Salon [Thu, 20 Dec 2018 23:36:40 +0000 (15:36 -0800)]
blake2: add evpmac test vectors

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)

5 years agoblake2: backport changes to blake2s
Antoine Salon [Thu, 20 Dec 2018 23:36:07 +0000 (15:36 -0800)]
blake2: backport changes to blake2s

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)

5 years agoblake2: add EVP_MAC man page
Antoine Salon [Thu, 20 Dec 2018 23:34:22 +0000 (15:34 -0800)]
blake2: add EVP_MAC man page

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)

5 years agoblake2: register MAC objects
Antoine Salon [Thu, 20 Dec 2018 23:32:58 +0000 (15:32 -0800)]
blake2: register MAC objects

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)

5 years agoblake2b: add EVP_MAC API
Antoine Salon [Thu, 20 Dec 2018 23:28:10 +0000 (15:28 -0800)]
blake2b: add EVP_MAC API

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)

5 years agoblake2b: add support for parameter setting and keyed hash
Antoine Salon [Thu, 20 Dec 2018 23:20:00 +0000 (15:20 -0800)]
blake2b: add support for parameter setting and keyed hash

The param block structure is used as a container for parameter values
Added blake2b keyed init

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)

5 years agoblake2: add implementation support for variable digest length
Antoine Salon [Thu, 20 Dec 2018 23:08:23 +0000 (15:08 -0800)]
blake2: add implementation support for variable digest length

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)

5 years agoRemove unnecessary trailing whitespace
Sam Roberts [Thu, 31 Jan 2019 17:55:30 +0000 (09:55 -0800)]
Remove unnecessary trailing whitespace

Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.

Trailing whitespace remains in test data and external source.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8092)

5 years agocrypto/poly1305/asm/poly1305-s390x.pl: add vx code path.
Patrick Steuer [Mon, 6 Feb 2017 09:54:54 +0000 (10:54 +0100)]
crypto/poly1305/asm/poly1305-s390x.pl: add vx code path.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7991)

5 years agoMake some simple getters take const SSL/SSL_CTX
Sam Roberts [Fri, 1 Feb 2019 23:06:26 +0000 (15:06 -0800)]
Make some simple getters take const SSL/SSL_CTX

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8145)

5 years agoFix Invalid Argument return code from IP_Factory in connect_to_server().
Matthias Kraft [Mon, 4 Feb 2019 08:55:07 +0000 (09:55 +0100)]
Fix Invalid Argument return code from IP_Factory in connect_to_server().

Fixes #7732

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8158)

5 years agoAndroid build: fix usage of NDK home variable ($ndk_var)
batist73 [Sat, 2 Feb 2019 10:45:06 +0000 (13:45 +0300)]
Android build: fix usage of NDK home variable ($ndk_var)

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8153)

5 years agoBuild: correct assembler generation in crypto/rc4/build.info
Richard Levitte [Mon, 4 Feb 2019 06:55:56 +0000 (07:55 +0100)]
Build: correct assembler generation in crypto/rc4/build.info

In the removal of BEGINRAW / ENDRAW, attention to the difference
between capital .S and lowercase .s wasn't duly paid.  This corrects
the error.

Fixes #8155

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8157)

5 years agoAdd an entry to the CHANGES for the d2i_X509_PUBKEY fix
Bernd Edlinger [Wed, 30 Jan 2019 15:20:31 +0000 (16:20 +0100)]
Add an entry to the CHANGES for the d2i_X509_PUBKEY fix

The commit 5dc40a83c74be579575a512b30d9c1e0364e6a7b forgot
to add a short description to the CHANGES file.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8144)

5 years agoVMS: Clean away stray debugging prints from descrip.mms.tmpl
Richard Levitte [Fri, 1 Feb 2019 09:51:20 +0000 (10:51 +0100)]
VMS: Clean away stray debugging prints from descrip.mms.tmpl

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8140)

5 years agoFix end-point shared secret for DTLS/SCTP
Michael Tuexen [Wed, 26 Dec 2018 11:44:53 +0000 (12:44 +0100)]
Fix end-point shared secret for DTLS/SCTP

When computing the end-point shared secret, don't take the
terminating NULL character into account.
Please note that this fix breaks interoperability with older
versions of OpenSSL, which are not fixed.

Fixes #7956

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7957)

5 years agopoly1305/asm/poly1305-ppc.pl: add vector base 2^26 implementation.
Andy Polyakov [Wed, 23 Jan 2019 13:56:19 +0000 (14:56 +0100)]
poly1305/asm/poly1305-ppc.pl: add vector base 2^26 implementation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8120)

5 years agoperlasm/ppc-xlate.pl: add VSX word load/store instructions.
Andy Polyakov [Wed, 23 Jan 2019 14:03:23 +0000 (15:03 +0100)]
perlasm/ppc-xlate.pl: add VSX word load/store instructions.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8120)

5 years agoFix a crash in reuse of i2d_X509_PUBKEY
Bernd Edlinger [Wed, 30 Jan 2019 15:20:31 +0000 (16:20 +0100)]
Fix a crash in reuse of i2d_X509_PUBKEY

If the second PUBKEY is malformed there is use after free.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8122)

5 years agoFixed d2i_X509 in-place not re-hashing the ex_flags
Bernd Edlinger [Tue, 29 Jan 2019 18:51:59 +0000 (19:51 +0100)]
Fixed d2i_X509 in-place not re-hashing the ex_flags

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8116)

5 years agoFix a memory leak with di2_X509_CRL reuse
Bernd Edlinger [Tue, 29 Jan 2019 13:16:28 +0000 (14:16 +0100)]
Fix a memory leak with di2_X509_CRL reuse

Additionally avoid undefined behavior with
in-place memcpy in X509_CRL_digest.

Fixes #8099

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8112)

5 years agoBetter phrasing around 1.1.0
Richard Levitte [Thu, 31 Jan 2019 12:42:46 +0000 (13:42 +0100)]
Better phrasing around 1.1.0

Fixes #8129

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8130)

5 years agoConfigure: clean away unused variables and double assignments
Richard Levitte [Wed, 30 Jan 2019 18:25:01 +0000 (19:25 +0100)]
Configure: clean away unused variables and double assignments

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)

5 years agoBuild: clean away RENAME and SHARED_NAME
Richard Levitte [Wed, 30 Jan 2019 18:12:38 +0000 (19:12 +0100)]
Build: clean away RENAME and SHARED_NAME

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)

5 years agoBuild: remove EXTRA
Richard Levitte [Wed, 30 Jan 2019 18:10:26 +0000 (19:10 +0100)]
Build: remove EXTRA

We never used it for anything

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)

5 years agoBuild: Remove BEGINRAW / ENDRAW / OVERRIDE
Richard Levitte [Wed, 30 Jan 2019 17:58:01 +0000 (18:58 +0100)]
Build: Remove BEGINRAW / ENDRAW / OVERRIDE

It was an ugly hack to avoid certain problems that are no more.

Also added GENERATE lines for perlasm scripts that didn't have that
explicitly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)

5 years agoBuild cleanup: Remove the VMS hack from test/build.info
Richard Levitte [Wed, 30 Jan 2019 17:18:34 +0000 (18:18 +0100)]
Build cleanup: Remove the VMS hack from test/build.info

There was a hack specifically for VMS, which involved setting a make
variable to indicate that test/libtestutil contains a 'main'.

Instead, we use the new attributes 'has_main' to indicate this, and
let the VMS build file template fend with it appropriately.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)

5 years agoVMS: force 'pinshared'
Richard Levitte [Thu, 31 Jan 2019 13:23:22 +0000 (14:23 +0100)]
VMS: force 'pinshared'

VMS doesn't currently support unloading of shared object, and we need
to reflect that.  Without this, the shlibload test fails

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8131)

5 years agoFix error message for s_server -psk option
weinholtendian [Thu, 31 Jan 2019 07:16:20 +0000 (15:16 +0800)]
Fix error message for s_server -psk option

Previously if -psk was given a bad key it would print "Not a hex
number 's_server'".

CLA: Trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8113)

5 years agoReuse already defined macros
Petr Vorel [Wed, 30 Jan 2019 18:21:42 +0000 (19:21 +0100)]
Reuse already defined macros

instead of duplicity the code.

CLA: trivial

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8127)

5 years agoDocument and add macros for additional DSA options
David Benjamin [Fri, 25 Jan 2019 19:56:45 +0000 (13:56 -0600)]
Document and add macros for additional DSA options

EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS and EVP_PKEY_CTRL_DSA_PARAMGEN_MD are only
exposed from EVP_PKEY_CTX_ctrl, which means callers must write more error-prone
code (see also issue #1319). Add the missing wrapper macros and document them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8093)

5 years agoComplain if -twopass is used incorrectly
Matt Caswell [Tue, 29 Jan 2019 15:04:38 +0000 (15:04 +0000)]
Complain if -twopass is used incorrectly

The option -twopass to the pkcs12 app is ignored if -passin, -passout
or -password is used. We should complain if an attempt is made to use
it in combination with those options.

Fixes #8107

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8114)

5 years agoFix no-dso builds
Matt Caswell [Tue, 29 Jan 2019 11:41:32 +0000 (11:41 +0000)]
Fix no-dso builds

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8111)

5 years agoDon't leak memory from ERR_add_error_vdata()
Matt Caswell [Mon, 28 Jan 2019 17:17:59 +0000 (17:17 +0000)]
Don't leak memory from ERR_add_error_vdata()

If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then
a mem leak can occur. This commit checks that we successfully added the
error data, and if not frees the buffer.

Fixes #8085

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8105)

5 years agoAndroid build: use ANDROID_NDK_HOME rather than ANDROID_NDK
Richard Levitte [Mon, 28 Jan 2019 13:53:19 +0000 (14:53 +0100)]
Android build: use ANDROID_NDK_HOME rather than ANDROID_NDK

It apepars that ANDROID_NDK_HOME is the recommended standard
environment variable for the NDK.

We retain ANDROID_NDK as a fallback.

Fixes #8101

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8103)

5 years agocrypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
Antonio Iacono [Wed, 12 Dec 2018 22:08:49 +0000 (23:08 +0100)]
crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)

A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of  Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).

This patch adds support for adding  ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create signatures
which comply with legal requirements of some European States (e.g Italy).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7893)

5 years agoadd an additional async notification communication method based on callback
Ping Yu [Mon, 5 Nov 2018 20:41:01 +0000 (15:41 -0500)]
add an additional async notification communication method based on callback

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Signed-off-by: Ping Yu <ping.yu@intel.com>
Signed-off-by: Steven Linsell <stevenx.linsell@intel.com>
(Merged from https://github.com/openssl/openssl/pull/7573)

5 years agoclarify which functions are the CMS functions which must have CMS_PARTIAL set
Michael Richardson [Thu, 27 Dec 2018 18:26:49 +0000 (13:26 -0500)]
clarify which functions are the CMS functions which must have CMS_PARTIAL set

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7960)

5 years agocrypto/bn: fix return value in BN_generate_prime
David Asraf [Wed, 23 Jan 2019 11:10:11 +0000 (11:10 +0000)]
crypto/bn: fix return value in BN_generate_prime

When the ret parameter is NULL the generated prime
is in rnd variable and not in ret.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8076)