oweals/openssl.git
7 years agoRemove NO_DIRENT; it isn't used anywhere
Rich Salz [Fri, 25 Aug 2017 13:11:09 +0000 (09:11 -0400)]
Remove NO_DIRENT; it isn't used anywhere

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4261)

7 years agoFix guarding macro in include/internal/sockets.h
Richard Levitte [Fri, 25 Aug 2017 12:48:04 +0000 (14:48 +0200)]
Fix guarding macro in include/internal/sockets.h

The guard was checked but never defined.  Also, rename it to reflect
that this is an internal header file, not a public one.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4254)

7 years agoMove more socket stuff
Richard Levitte [Fri, 25 Aug 2017 12:36:01 +0000 (14:36 +0200)]
Move more socket stuff

The socket stuff for DJGPP and VMS was only partially moved to
include/internal/sockets.h...

Remains vxWorks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4254)

7 years agoThis part fixes braces around if-else.
Paul Yang [Tue, 22 Aug 2017 17:36:49 +0000 (01:36 +0800)]
This part fixes braces around if-else.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4223)

7 years agoFix coding style in crypto/rsa directory
Paul Yang [Tue, 22 Aug 2017 17:25:23 +0000 (01:25 +0800)]
Fix coding style in crypto/rsa directory

this part contains only the return (x) fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4223)

7 years agoUse strcpy instead of sprintf %s
Rich Salz [Fri, 25 Aug 2017 13:01:17 +0000 (09:01 -0400)]
Use strcpy instead of sprintf %s

Also use a local variable, collapse some code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4258)

7 years agoClear secret stack values after use in the ED25519-functions
Bernd Edlinger [Thu, 24 Aug 2017 06:09:31 +0000 (08:09 +0200)]
Clear secret stack values after use in the ED25519-functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4242)

7 years agoClear secret stack values after use in curve25519.c
Bernd Edlinger [Thu, 24 Aug 2017 05:53:13 +0000 (07:53 +0200)]
Clear secret stack values after use in curve25519.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4242)

7 years agoFix no-tls and no-tls1_2
Matt Caswell [Fri, 25 Aug 2017 12:58:46 +0000 (13:58 +0100)]
Fix no-tls and no-tls1_2

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4257)

7 years agoFix no-scrypt
Matt Caswell [Fri, 25 Aug 2017 10:18:23 +0000 (11:18 +0100)]
Fix no-scrypt

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4252)

7 years agoNO_SYS_TYPES_H isn't defined anywhere, stop using it as a guard
Richard Levitte [Fri, 25 Aug 2017 12:51:45 +0000 (14:51 +0200)]
NO_SYS_TYPES_H isn't defined anywhere, stop using it as a guard

This is a vestige from pre-1.1.0 OpenSSL

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4256)

7 years agoFix description of how to report a bug in INSTALL
Matt Caswell [Fri, 25 Aug 2017 13:16:20 +0000 (14:16 +0100)]
Fix description of how to report a bug in INSTALL

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4259)

7 years agoClarify the meaning of no-stdio in INSTALL
Matt Caswell [Fri, 25 Aug 2017 13:14:27 +0000 (14:14 +0100)]
Clarify the meaning of no-stdio in INSTALL

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4259)

7 years agoDo not lookup zero-length session ID
Kazuki Yamaguchi [Fri, 31 Mar 2017 13:52:56 +0000 (22:52 +0900)]
Do not lookup zero-length session ID

A condition was removed by commit 1053a6e2281d; presumably it was an
unintended change. Restore the previous behavior so the get_session_cb
won't be called with zero-length session ID.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4236)

7 years agoFix no-chacha and no-poly1305
Matt Caswell [Fri, 25 Aug 2017 10:02:47 +0000 (11:02 +0100)]
Fix no-chacha and no-poly1305

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4251)

7 years agoEnsure we exchange cookies in s_server even if SCTP is disabled
Matt Caswell [Thu, 24 Aug 2017 08:52:11 +0000 (09:52 +0100)]
Ensure we exchange cookies in s_server even if SCTP is disabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4243)

7 years agoDon't run a CT specifc test if CT is disabled
Matt Caswell [Thu, 24 Aug 2017 13:49:32 +0000 (14:49 +0100)]
Don't run a CT specifc test if CT is disabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4245)

7 years agoAllow --strict-warnings with the icc compiler as well
Meena Vyas [Thu, 24 Aug 2017 16:42:43 +0000 (02:42 +1000)]
Allow --strict-warnings with the icc compiler as well

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4250)

7 years agopassed TARFILE="$(TARFILE)" NAME="$(NAME)" to tar target
Meena Vyas [Thu, 24 Aug 2017 16:38:45 +0000 (02:38 +1000)]
passed TARFILE="$(TARFILE)" NAME="$(NAME)" to tar target

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4249)

7 years agoCheck range of test values using isascii before diving into the full
Pauli [Tue, 22 Aug 2017 22:10:31 +0000 (08:10 +1000)]
Check range of test values using isascii before diving into the full
range of ctype functions.

Revert "Don't try to compare the ctype functions on values > 127"
This reverts commit 6ac589081b53a62bff5f0abe62c1c109c419c7a0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4225)

7 years agoapps/passwd.c: Make MD5 and SHA password making EBCDIC aware
Richard Levitte [Wed, 23 Aug 2017 14:03:18 +0000 (16:03 +0200)]
apps/passwd.c: Make MD5 and SHA password making EBCDIC aware

This mimics the behaviour of DES_crypt, where the salt and password
are expected to be in EBCDIC when CHARSET_EBCDIC is defined, and are
converted internally to ASCII.  This is also done with the magic ID
string if it's not already ASCII.  The resulting output is entirely
built up of ASCII components and is converted back to EBCDIC at the
end.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4229)

7 years agoapps/passwd.c: Fix code layout
Richard Levitte [Wed, 23 Aug 2017 09:43:36 +0000 (11:43 +0200)]
apps/passwd.c: Fix code layout

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4229)

7 years agoapps/passwd.c: Don't disable MD5 and SHA when CHARSET_EBCDIC is defined
Richard Levitte [Wed, 23 Aug 2017 09:41:20 +0000 (11:41 +0200)]
apps/passwd.c: Don't disable MD5 and SHA when CHARSET_EBCDIC is defined

Fixes #4130

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4229)

7 years agoCheck for EOF in ASCII conversions.
Pauli [Thu, 24 Aug 2017 00:46:31 +0000 (10:46 +1000)]
Check for EOF in ASCII conversions.

The C standard defines EOF as:

    ... an integer constant expression, with type int and a negative value...

This means a conforming implemenetation could define this as a one of the
printable characters.  This won't be a problem for ASCII.

A specific test case has been added for EOF.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4240)

7 years agoFix enable-sctp
Matt Caswell [Thu, 24 Aug 2017 11:25:09 +0000 (12:25 +0100)]
Fix enable-sctp

Commit b99fe5f4 broke SCTP. This fixes it again.

Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4244)

7 years agoAdd documentation for SRTP functions
Matt Caswell [Mon, 21 Aug 2017 07:44:14 +0000 (08:44 +0100)]
Add documentation for SRTP functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4205)

7 years agoCorrect GCM docs.
Dr. Stephen Henson [Wed, 23 Aug 2017 12:07:23 +0000 (13:07 +0100)]
Correct GCM docs.

Fix GCM documentation: the tag does not have to be supplied before
decrypting any data any more.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4231)

7 years agoTweak wording to be more clear.
Rich Salz [Wed, 23 Aug 2017 16:06:41 +0000 (12:06 -0400)]
Tweak wording to be more clear.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4234)

7 years agoFix BN_print()
Kazuki Yamaguchi [Wed, 23 Aug 2017 16:28:05 +0000 (01:28 +0900)]
Fix BN_print()

Fix a typo made in commit 27c6d63dad08 (#4202).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4235)

7 years agoMove randomness to allocated buffer
Rich Salz [Tue, 22 Aug 2017 22:24:23 +0000 (18:24 -0400)]
Move randomness to allocated buffer

Don't keep it in the DRBG object, just allocate/free as needed.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4226)

7 years agoImprovement the formatting in bn_print.c
Pauli [Sun, 20 Aug 2017 21:23:36 +0000 (07:23 +1000)]
Improvement the formatting in bn_print.c
Movely removal of unnecessary brackets but some could be bugs addressed too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4202)

7 years ago(Re)move some things from e_os.h
Rich Salz [Mon, 21 Aug 2017 21:22:19 +0000 (17:22 -0400)]
(Re)move some things from e_os.h

Remove GETPID_IS_MEANINGLESS and osslargused.

Move socket-related things to new file internal/sockets.h; this is now
only needed by four(!!!) files.  Compiles should be a bit faster.
Remove USE_SOCKETS ifdef's

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4209)

7 years agoRemove useless macros in apps/speed.c
Paul Yang [Tue, 22 Aug 2017 17:04:28 +0000 (01:04 +0800)]
Remove useless macros in apps/speed.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4221)

7 years agoUse "" not <> on e_os.h include
Rich Salz [Tue, 22 Aug 2017 15:07:56 +0000 (11:07 -0400)]
Use "" not <> on e_os.h include

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4220)

7 years agoRemove custom base64 code.
Rich Salz [Mon, 21 Aug 2017 16:51:36 +0000 (12:51 -0400)]
Remove custom base64 code.

Use EVP_EncodeBlock/EVP_DecodeBlock

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4207)

7 years agoDon't try to compare the ctype functions on values > 127
Richard Levitte [Tue, 22 Aug 2017 13:53:39 +0000 (15:53 +0200)]
Don't try to compare the ctype functions on values > 127

Our internal replacement functions return 0 for those values.
However, depending on locale, the C RTL functions may return 1.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4219)

7 years agoDon't try to test ctype functions for values < 0 or > 255
Richard Levitte [Tue, 22 Aug 2017 13:51:35 +0000 (15:51 +0200)]
Don't try to test ctype functions for values < 0 or > 255

Values that aren't representable as unsigned give undefined results.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4219)

7 years agoUse "" not <> for internal/ includes
Rich Salz [Tue, 22 Aug 2017 12:35:43 +0000 (08:35 -0400)]
Use "" not <> for internal/ includes

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4217)

7 years agoFix the lack of isblank() with VMS C
Richard Levitte [Tue, 22 Aug 2017 08:48:08 +0000 (10:48 +0200)]
Fix the lack of isblank() with VMS C

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4216)

7 years agoAdd random serial# support.
Rich Salz [Wed, 16 Aug 2017 19:49:25 +0000 (15:49 -0400)]
Add random serial# support.

Add -rand_serial to CA command and "serial_rand" config option.

Up RAND_BITS to 159, and comment why: now confirms to CABForum
guidelines (Ballot 164) as well as IETF RFC 5280 (PKIX).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4185)

7 years agoAvoid a self-assignment.
Pauli [Tue, 22 Aug 2017 03:05:30 +0000 (13:05 +1000)]
Avoid a self-assignment.

Clang is generating a warning over an assignment of a variable to itself.
This occurs on an ASCII based machine where the convert to ASCII macro doesn't
do anything.  The fix is to introduce a temporary variable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4214)

7 years agoDead code elimination.
Pauli [Tue, 22 Aug 2017 00:36:26 +0000 (10:36 +1000)]
Dead code elimination.

Remove the exit_main function which is never used.
Remove the exit_options array which is also unreferenced.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4213)

7 years agoThis has been added to avoid the situation where some host ctype.h functions
Pauli [Sun, 20 Aug 2017 21:19:17 +0000 (07:19 +1000)]
This has been added to avoid the situation where some host ctype.h functions
return true for characters > 127.  I.e. they are allowing extended ASCII
characters through which then cause problems.  E.g. marking superscript '2' as
a number then causes the common (ch - '0') conversion to number to fail
miserably.  Likewise letters with diacritical marks can also cause problems.

If a non-ASCII character set is being used (currently only EBCDIC), it is
adjusted for.

The implementation uses a single table with a bit for each of the defined
classes.  These functions accept an int argument and fail for
values out of range or for characters outside of the ASCII set.  They will
work for both signed and unsigned character inputs.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4102)

7 years agoFix ctype arguments.
Pauli [Sun, 20 Aug 2017 21:36:23 +0000 (07:36 +1000)]
Fix ctype arguments.

Cast arguments to the various ctype functions to unsigned char to match their
documentation.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4203)

7 years agoSafely display SNI (just in case)
Rich Salz [Mon, 21 Aug 2017 19:28:56 +0000 (15:28 -0400)]
Safely display SNI (just in case)

Thanks to Hubert Kario for pointing this out.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4193)

7 years agoDocument missing EVP_PKEY_method_* items
Paul Yang [Mon, 21 Aug 2017 15:47:17 +0000 (11:47 -0400)]
Document missing EVP_PKEY_method_* items

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4104)

7 years agoCheck # of arguments for remaining commands.
Rich Salz [Sun, 20 Aug 2017 21:10:48 +0000 (17:10 -0400)]
Check # of arguments for remaining commands.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4201)

7 years agoAdd PKEY_CTX setter tests for TLS1-PRF
Johannes Bauer [Sat, 19 Aug 2017 16:05:30 +0000 (18:05 +0200)]
Add PKEY_CTX setter tests for TLS1-PRF

PKEY_CTX setters tests were previously present for HKDF and scrypt; this
patch also adds tests for the third currently supported KDF, TLS1-PRF.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4196)

7 years agoMore updates following review feedback
Matt Caswell [Wed, 2 Aug 2017 14:29:31 +0000 (15:29 +0100)]
More updates following review feedback

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoUpdates following feedback on OPENSSL_assert() removal
Matt Caswell [Mon, 3 Jul 2017 10:47:10 +0000 (11:47 +0100)]
Updates following feedback on OPENSSL_assert() removal

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/x509v3
Matt Caswell [Wed, 21 Jun 2017 14:56:56 +0000 (15:56 +0100)]
Remove OPENSSL_assert() from crypto/x509v3

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/x509
Matt Caswell [Wed, 21 Jun 2017 14:56:36 +0000 (15:56 +0100)]
Remove OPENSSL_assert() from crypto/x509

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/threads_none.c
Matt Caswell [Wed, 21 Jun 2017 14:56:12 +0000 (15:56 +0100)]
Remove OPENSSL_assert() from crypto/threads_none.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/pem
Matt Caswell [Wed, 21 Jun 2017 14:55:56 +0000 (15:55 +0100)]
Remove OPENSSL_assert() from crypto/pem

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/kdf
Matt Caswell [Wed, 21 Jun 2017 14:55:38 +0000 (15:55 +0100)]
Remove OPENSSL_assert() from crypto/kdf

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/hmac
Matt Caswell [Wed, 21 Jun 2017 14:55:20 +0000 (15:55 +0100)]
Remove OPENSSL_assert() from crypto/hmac

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/ec
Matt Caswell [Wed, 21 Jun 2017 14:54:45 +0000 (15:54 +0100)]
Remove OPENSSL_assert() from crypto/ec

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from conf_api.c
Matt Caswell [Wed, 21 Jun 2017 14:54:25 +0000 (15:54 +0100)]
Remove OPENSSL_assert() from conf_api.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() usage from crypto/bn
Matt Caswell [Wed, 21 Jun 2017 14:52:52 +0000 (15:52 +0100)]
Remove OPENSSL_assert() usage from crypto/bn

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from various crypto/bio files
Matt Caswell [Wed, 21 Jun 2017 14:52:11 +0000 (15:52 +0100)]
Remove OPENSSL_assert() from various crypto/bio files

bss_dgram.c is deferred until later due to ongoing discussions.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/asn1/bio_asn1.c
Matt Caswell [Wed, 21 Jun 2017 14:51:27 +0000 (15:51 +0100)]
Remove OPENSSL_assert() from crypto/asn1/bio_asn1.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove double error messages
Pauli [Mon, 21 Aug 2017 00:37:34 +0000 (10:37 +1000)]
Remove double error messages

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4204)

7 years agoFix ui_write in apps/apps.c
Richard Levitte [Sat, 19 Aug 2017 16:45:43 +0000 (18:45 +0200)]
Fix ui_write in apps/apps.c

It used the default UI reader as fallback instead of the UI writer.

Fixes #4147
Fixes #4195

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4198)

7 years agoPut thread-fork-init inside a run-once guard
Rich Salz [Fri, 18 Aug 2017 15:47:21 +0000 (11:47 -0400)]
Put thread-fork-init inside a run-once guard

Thanks to Christian Heimes for pointing this out.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4191)

7 years agoReorder extensions to put SigAlgs last
Todd Short [Fri, 18 Aug 2017 13:32:29 +0000 (09:32 -0400)]
Reorder extensions to put SigAlgs last

Force non-empty padding extension.
When enabled, force the padding extension to be at least 1 byte long.
WebSphere application server cannot handle having an empty
extension (e.g. EMS/EtM) as the last extension in a client hello.
This moves the SigAlgs extension last for TLSv1.2 to avoid this
issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3921)

7 years agoAddressed build failure because of missing #ifdef AF_UNIX guard
Balaji Marisetti [Tue, 1 Aug 2017 11:24:13 +0000 (16:54 +0530)]
Addressed build failure because of missing #ifdef AF_UNIX guard
CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4067)

7 years agoAdd a comment on expectations in the "tar" target
Richard Levitte [Thu, 17 Aug 2017 12:08:43 +0000 (14:08 +0200)]
Add a comment on expectations in the "tar" target

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)

7 years agoPrepare tarball in dist directory
Richard Levitte [Thu, 17 Aug 2017 12:04:36 +0000 (14:04 +0200)]
Prepare tarball in dist directory

We changed directory to the wrong directory.
This change also separates the preparation phase from the tarball
building phase.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)

7 years agoTurn on error sensitivity in the "tar" target
Richard Levitte [Thu, 17 Aug 2017 12:04:18 +0000 (14:04 +0200)]
Turn on error sensitivity in the "tar" target

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)

7 years agotest/asn1_time_test.c: Better check of signed time_t
Richard Levitte [Thu, 17 Aug 2017 16:03:22 +0000 (18:03 +0200)]
test/asn1_time_test.c: Better check of signed time_t

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4182)

7 years agoerr/err.c: improve readability.
Andy Polyakov [Wed, 16 Aug 2017 21:08:03 +0000 (23:08 +0200)]
err/err.c: improve readability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoerr/err.c: fix "wraparound" bug in ERR_set_error_data.
Andy Polyakov [Wed, 16 Aug 2017 21:06:57 +0000 (23:06 +0200)]
err/err.c: fix "wraparound" bug in ERR_set_error_data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoFix windows build after too aggressive e_os.h removal
Pauli [Fri, 18 Aug 2017 00:09:27 +0000 (10:09 +1000)]
Fix windows build after too aggressive e_os.h removal

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4187)

7 years agoRemove tests dependence on e_os.h
Pauli [Thu, 17 Aug 2017 23:50:25 +0000 (09:50 +1000)]
Remove tests dependence on e_os.h

Apart from ssltest_old.c, the test suite relied on e_os.h for the
OSSL_NELEM macro and nothing else.

The ssltest_old.c also requires EXIT and some socket macros.

Create a new header to define the OSSL_NELEM macro and use that instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4186)

7 years agoClear outputs in PKCS12_parse error handling.
Bernd Edlinger [Sat, 12 Aug 2017 08:11:09 +0000 (10:11 +0200)]
Clear outputs in PKCS12_parse error handling.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4145)

7 years agoWhen building a tarball, avoid trying to copy submodules
Richard Levitte [Thu, 17 Aug 2017 07:38:02 +0000 (09:38 +0200)]
When building a tarball, avoid trying to copy submodules

submodules are directories that we don't want in our tarballs, so
avoid them.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4178)

7 years agoDetermine the number of output columns for the list and help commands using
Pauli [Tue, 15 Aug 2017 04:41:34 +0000 (14:41 +1000)]
Determine the number of output columns for the list and help commands using
the command names rather than hard coding it (conditionally).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4162)

7 years agoFix OCSP_basic_verify() cert chain construction in case bs->certs is NULL
David von Oheimb [Wed, 16 Aug 2017 18:00:05 +0000 (14:00 -0400)]
Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL

Now the certs arg is not any more neglected when building the signer cert chain.
Added case to test/recipes/80-test_ocsp.t proving fix for 3-level CA hierarchy.

See also http://rt.openssl.org/Ticket/Display.html?id=4620

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4124)

7 years agosha/asm/keccak1600-armv4.pl: optimize for Thumb-2.
Andy Polyakov [Mon, 14 Aug 2017 14:33:36 +0000 (16:33 +0200)]
sha/asm/keccak1600-armv4.pl: optimize for Thumb-2.

Reduce per-round instruction count in Thumb-2 case by 16%. This is
achieved by folding ldr/str pairs to their double-word counterparts.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoFix some documentation typos.
David Benjamin [Wed, 16 Aug 2017 17:07:43 +0000 (13:07 -0400)]
Fix some documentation typos.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4173)

7 years agofix some typos
FdaSilvaYY [Wed, 16 Aug 2017 13:40:11 +0000 (15:40 +0200)]
fix some typos

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)

7 years agoFix two MSVC warnings in apps.c
FdaSilvaYY [Wed, 16 Aug 2017 13:40:40 +0000 (15:40 +0200)]
Fix two MSVC warnings in apps.c

warning C4996: 'fileno': The POSIX name for this item is deprecated.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)

7 years ago[Win] Fix some test method signatures ...
FdaSilvaYY [Tue, 15 Aug 2017 21:39:03 +0000 (23:39 +0200)]
[Win] Fix some test method signatures ...

to halves MSVC warnings.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)

7 years agoCopy dlls into fuzz directory
Matt Caswell [Wed, 16 Aug 2017 13:33:13 +0000 (14:33 +0100)]
Copy dlls into fuzz directory

This should fix the recent AppVeyor failures.

[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4171)

7 years agobndiv fuzzer: limit the size of the input to avoid timeout
gbrl [Tue, 8 Aug 2017 13:17:01 +0000 (15:17 +0200)]
bndiv fuzzer: limit the size of the input to avoid timeout

CLA: trivial

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4119)

7 years agoFix coding style of EVP_PKEY_CTX_ctrl_uint64
Johannes Bauer [Tue, 15 Aug 2017 16:52:24 +0000 (18:52 +0200)]
Fix coding style of EVP_PKEY_CTX_ctrl_uint64

Code review of @dot-asm pointed out style guide violation; this patch
fixes it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4166)

7 years agoPrint pathnames for 'version -r'
Rich Salz [Tue, 15 Aug 2017 19:50:14 +0000 (15:50 -0400)]
Print pathnames for 'version -r'

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4168)

7 years agoSTORE: Add documentation on the expectations for returned names
Richard Levitte [Wed, 5 Jul 2017 14:08:19 +0000 (16:08 +0200)]
STORE: Add documentation on the expectations for returned names

Returned OSSL_STORE_INFO_NAME typed infos are supposed to be a
canonical URI for the corresponding object.  For example, when using
the 'file' scheme loader, the file name is returned, possibly prefixed
with 'file://'

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3856)

7 years agoSTORE: Add info on the expected post_process callback behavior
Richard Levitte [Wed, 5 Jul 2017 14:00:30 +0000 (16:00 +0200)]
STORE: Add info on the expected post_process callback behavior

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3856)

7 years agoFix overzealous cleanup command
FdaSilvaYY [Tue, 15 Aug 2017 16:42:02 +0000 (18:42 +0200)]
Fix overzealous cleanup command

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4167)

7 years agoAdd SSL_get_pending_cipher()
Benjamin Kaduk [Tue, 1 Aug 2017 20:28:14 +0000 (15:28 -0500)]
Add SSL_get_pending_cipher()

The existing function SSL_get_current_cipher() queries the
current session for the ciphersuite in use, but there is no way
for application code to determine what ciphersuite has been
negotiated and will be used in the future, prior to ChangeCipherState
(or the TLS 1.3 equivalent) causing the new cipher to take effect and
become visible in the session information.  Expose this information
to appropriate application callbacks to use during the handshake.

The name SSL_get_pending_cipher() was chosen for compatibility with
BoringSSL's routine of that name.

Improve the note on macro implementations in SSL_get_current_cipher.pod
while here.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4070)

7 years agoMove ALPN handling from finalizer to delayed call
Benjamin Kaduk [Tue, 1 Aug 2017 19:50:22 +0000 (14:50 -0500)]
Move ALPN handling from finalizer to delayed call

Commit 02f0274e8c0596dcf7e2d104250232a42c650b96 moved ALPN processing
into an extension finalization function, as the only documented ordering
requirement from previous commits was that ALPN processing occur after
SNI processing, and SNI processing is performed before the extension
finalization step.  However, it is useful for applications'
alpn_select callbacks to run after ciphersuite selection as well -- at
least one application protocol specification (HTTP/2) imposes restrictions
on which ciphersuites are usable with that protocol.  Since it is generally
more preferrable to have a successful TLS connection with a default application
protocol than to fail the TLS connection and not be able to have the preferred
application protocol, it is good to give the alpn_select callback information
about the ciphersuite to be used, so that appropriate restrctions can be
enforced in application code.

Accordingly, split the ALPN handling out into a separate tls_handl_alpn()
function akin to tls_handle_status_request(), called from
tls_post_process_client_hello().  This is an alternative to resuscitating
ssl_check_clienthello_tlsext_late(), something of an awkwward name itself.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4070)

7 years agoRevert "Add some casts for %j"
Rich Salz [Tue, 15 Aug 2017 13:42:38 +0000 (09:42 -0400)]
Revert "Add some casts for %j"

This reverts commit c4d2e483a39176a476c56d35879423fe6e33c0cd.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4160)

7 years agoUse new setup_tests in code of rsa_test
Paul Yang [Tue, 15 Aug 2017 03:44:56 +0000 (11:44 +0800)]
Use new setup_tests in code of rsa_test

Although this piece of code will not be compiled at current stage, but
there seems a plan to re-open the 'no-rsa' option in the future so this
should be fixed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4161)

7 years agoClear error stack on successful OSSL_STORE_open()
Richard Levitte [Sat, 5 Aug 2017 12:56:13 +0000 (14:56 +0200)]
Clear error stack on successful OSSL_STORE_open()

Since OSSL_STORE_open() tries with the 'file' scheme loader first, and
then on the loader implied by the URI if the former fails, the former
leaves an error on the error stack.  This is confusing, so let's clear
the error stack on success.  The implementation uses ERR_set_mark,
ERR_pop_to_mark and ERR_clear_last_mark to make sure caller errors are
preserved as much as possible.

Fixes #4089

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4094)

7 years agoAdd ERR_clear_last_mark()
Richard Levitte [Sat, 5 Aug 2017 19:47:00 +0000 (21:47 +0200)]
Add ERR_clear_last_mark()

This allows callers to set a mark, and then clear it without removing
the errors.  Useful in case an error is encountered that should be
returned up the call stack.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4094)

7 years agoRename crypto/evp/scrypt.c to crypto/evp/pbe_scrypt.c
Richard Levitte [Tue, 15 Aug 2017 10:32:55 +0000 (12:32 +0200)]
Rename crypto/evp/scrypt.c to crypto/evp/pbe_scrypt.c

There already is a scrypt.c in crypto/kdf/, both becoming script.o or
script.obj.  With some linkers, the same object files name more than
once means one of them is dropped, either when building shared
libraries or when building executables from static libraries.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4164)

7 years agoFile::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper
Richard Levitte [Tue, 1 Aug 2017 20:43:56 +0000 (22:43 +0200)]
File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)

7 years agoConsolidate the locations where we have our internal perl modules
Richard Levitte [Tue, 1 Aug 2017 20:10:39 +0000 (22:10 +0200)]
Consolidate the locations where we have our internal perl modules

Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)

7 years agoAdd some casts for %j
Rich Salz [Mon, 14 Aug 2017 23:59:54 +0000 (19:59 -0400)]
Add some casts for %j

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4160)