Andy Polyakov [Fri, 23 Nov 2018 16:23:31 +0000 (17:23 +0100)]
bn/bn_{div|shift}.c: introduce fixed-top interfaces.
Fixed-top interfaces tolerate zero-padded inputs and facilitate
constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend,
but not divisor. It's argued that divisor's length is public even
when value is secret.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)
Andy Polyakov [Wed, 7 Nov 2018 21:18:33 +0000 (22:18 +0100)]
bn/bn_div.c: make conditional addition unconditional
and add template for constant-time bn_div_3_words.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)
Andy Polyakov [Mon, 12 Nov 2018 14:13:48 +0000 (15:13 +0100)]
Configure: recognize div3w modules and add -DBN_DIV3W.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)
Andy Polyakov [Mon, 12 Nov 2018 14:03:39 +0000 (15:03 +0100)]
Configurations/10-main.conf: remove MIPS bn_div_3_words.
It's being replaced with constant-time alternative.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)
Matt Caswell [Mon, 3 Dec 2018 14:37:07 +0000 (14:37 +0000)]
Ignore an auto-generated documentation file
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7746)
Matt Caswell [Fri, 23 Nov 2018 14:24:17 +0000 (14:24 +0000)]
Add an
Ed25519 signature maleability test
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7697)
Matt Caswell [Fri, 23 Nov 2018 13:50:43 +0000 (13:50 +0000)]
Disallow
Ed25519 signature maleability
Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.1.7
Fixes #7693
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7697)
Richard Levitte [Mon, 3 Dec 2018 09:59:11 +0000 (10:59 +0100)]
Docs: better deprecation text
Expand the text on deprecation to be more descriptive and to refer
back to openssl_user_macros(7).
Incidently, this required a small change in util/find-doc-nits, to
have it skip over any line that isn't part of a block (i.e. that
hasn't been indented with at least one space. That makes it skip over
deprecation text.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7745)
Richard Levitte [Mon, 3 Dec 2018 09:57:01 +0000 (10:57 +0100)]
Docs fixup: some man3 pages had unindented code in SYNOPSIS
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7744)
Richard Levitte [Sun, 2 Dec 2018 19:39:46 +0000 (20:39 +0100)]
util/process_docs.pl: handle multiple source directories for .pod files
From now on, the default is to look in both the source directory and
the build directory.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)
Richard Levitte [Sun, 2 Dec 2018 19:37:30 +0000 (20:37 +0100)]
Doc: add doc/man7/openssl_user_macros.pod.in
This manual is a start to describe macros that users can use to affect
what symbols are exported by the public header files.
Because the macro OPENSSL_API_COMPAT has a default that's affected by
configuration choices, we must make it a generated manual.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)
Antoine Salon [Sat, 1 Dec 2018 00:50:29 +0000 (16:50 -0800)]
Fix usage of deprecated SSL_set_tmp_ecdh()
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7738)
Andy Polyakov [Fri, 14 Sep 2018 15:24:13 +0000 (17:24 +0200)]
rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.
Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
if nul delimiter is preceded by 8 consecutive 0x03 bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Thu, 6 Sep 2018 19:54:23 +0000 (21:54 +0200)]
rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.
And make RSAErr call unconditional.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Sat, 1 Sep 2018 10:00:33 +0000 (12:00 +0200)]
rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.
And make RSAErr call unconditional.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Fri, 14 Sep 2018 10:17:43 +0000 (12:17 +0200)]
rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Sat, 1 Sep 2018 10:19:30 +0000 (12:19 +0200)]
err/err.c: add err_clear_last_constant_time.
Expected usage pattern is to unconditionally set error and then
wipe it if there was no actual error.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Tue, 27 Nov 2018 07:51:44 +0000 (07:51 +0000)]
Don't test the collected system errors when configured to not have them
Config options 'no-err' and 'no-autoerrinit'
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7711)
Paul Yang [Mon, 26 Nov 2018 08:57:55 +0000 (16:57 +0800)]
Fix access zero memory if SSL_DEBUG is enabled
If compile OpenSSL with SSL_DEBUG macro, some test cases will cause the
process crashed in the debug code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7707)
Richard Levitte [Sat, 24 Nov 2018 23:56:54 +0000 (00:56 +0100)]
VMS build: don't forget the generation marker when removing files
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7703)
Richard Levitte [Sat, 24 Nov 2018 23:52:24 +0000 (00:52 +0100)]
VMS build: in descrip.mms.tmpl's src2obj, do .S -> .asm too
We only convert lowercase .s to .asm, that turned out not to be sufficient.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7703)
Billy Brumley [Mon, 12 Nov 2018 13:47:54 +0000 (15:47 +0200)]
Clean up BN_consttime_swap.
Updated "condition" logic lifted from Theo Buehler's LibreSSL commit https://github.com/libressl-portable/openbsd/commit/
517358603b4be76d48a50007a0d414c2072697dd
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7619)
Richard Levitte [Fri, 23 Nov 2018 17:53:32 +0000 (18:53 +0100)]
Avoid test_errstr in a cross compiled configuration
There's too high a chance that the openssl app and perl get different
messages for some error numbers.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7699)
Richard Levitte [Sat, 24 Nov 2018 16:51:24 +0000 (17:51 +0100)]
Have util/mktar.sh display the absolute path to the tarball
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)
Richard Levitte [Sat, 24 Nov 2018 10:27:50 +0000 (11:27 +0100)]
Make sure to run util/mktar.sh from the source directory
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)
Richard Levitte [Fri, 23 Nov 2018 23:59:33 +0000 (00:59 +0100)]
Don't export the submodules 'boringssl', 'krb5' and 'pyca-cryptography'
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)
Richard Levitte [Fri, 23 Nov 2018 13:43:16 +0000 (14:43 +0100)]
Don't export util/mktar.sh
When creating a tarball, it's pointless to include scripts that assume
a git workspace.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)
Richard Levitte [Fri, 23 Nov 2018 13:40:39 +0000 (14:40 +0100)]
Document the removed 'dist' target
Also adds missing copyright boilerplate to util/mktar.sh
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)
Richard Levitte [Sat, 24 Nov 2018 16:39:56 +0000 (17:39 +0100)]
VMS build: typo in build file template, generatesrc
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7700)
Richard Levitte [Sat, 24 Nov 2018 10:37:10 +0000 (11:37 +0100)]
VMS config: Typo fix, as -> AS
This typo prevented ia64 assembler to be compiled on VMS
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7700)
Richard Levitte [Sat, 24 Nov 2018 12:08:56 +0000 (13:08 +0100)]
VMS: fix collected error strings
It turns out that on VMS, strerror() returns messages with added
spaces at the end.
We wouldn't had noticed if it wasn't for perl trimming those spaces
off for its own sake and thereby having test/recipes/02-test_errstr.t
fail on VMS.
The safe fix is to do the same trimming ourselves.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7701)
Richard Levitte [Thu, 22 Nov 2018 20:29:02 +0000 (21:29 +0100)]
Remove all 'make dist' artifacts
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7692)
Richard Levitte [Thu, 22 Nov 2018 20:17:47 +0000 (21:17 +0100)]
Change tarball making procedure
Since recently, OpenSSL tarballs are produced with 'make tar' rather
than 'make dist', as the latter has turned out to be more troublesome
than useful.
The next step to look at is why we would need to configure at all to
produce a Makefile just to produce a tarball. After all, the tarball
should now only contain source files that are present even without
configuring.
Furthermore, the current method for producing tarballs is a bit
complex, and can be greatly simplified with the right tools. Since we
have everything versioned with git, we might as well use the tool that
comes with it.
Added: util/mktar.sh, a simple script to produce OpenSSL tarballs. It
takes the options --name to modify the prefix of the distribution, and
--tarfile tp modify the tarball file name specifically.
This also adds a few entries in .gitattributes to specify files that
should never end up in a distribution tarball.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7692)
Richard Levitte [Thu, 22 Nov 2018 09:52:51 +0000 (10:52 +0100)]
Add an error message test recipes for system error messages
This ensures we collected them properly and and as completely as can
be tested safely.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7681)
Richard Levitte [Wed, 21 Nov 2018 17:25:53 +0000 (18:25 +0100)]
Smarter build of system error text database
We stored copies of the system error texts in a fixed line size array,
which is a huge waste. Instead, use a static memory pool and pack all
the string in there. The wasted space at the end, if any, gives us
some leeway for longer strings than we have measured so far.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7681)
Matthew Hodgson [Wed, 21 Nov 2018 02:00:52 +0000 (02:00 +0000)]
openssl s_server: don't use sendto() with connected UDP socket
Fixes #7675
On macOS, if you call `connect()` on a UDP socket you cannot then
call `sendto()` with a destination, otherwise it fails with Err#56
('socket is already connected').
By calling `BIO_ctrl_set_connected()` on the wbio we can tell it
that the socket has been connected and make it call `send()` rather
than `sendto()`.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7676)
Andy Polyakov [Wed, 7 Nov 2018 21:07:22 +0000 (22:07 +0100)]
rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.
Blinding is performed more efficiently and securely if MONT_CTX for public
modulus is available by the time blinding parameter are instantiated. So
make sure it's the case.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7586)
cclauss [Tue, 16 Oct 2018 05:18:00 +0000 (07:18 +0200)]
Travis CI: Use flake8 to find Python syntax errors or undefined names
CLA: trivial
In Travis CI, add a Python linting step that runs flake8 tests in Travis CI
to find syntax errors and undefined names. (http://flake8.pycqa.org)
__E901,E999,F821,F822,F823__ are the "_showstopper_" flake8 issues that can halt
the runtime with a SyntaxError, NameError, etc. Most other flake8 issues are
merely "style violations" -- useful for readability but they do not effect
runtime safety.
* F821: undefined name `name`
* F822: undefined name `name` in `__all__`
* F823: local variable name referenced before assignment
* E901: SyntaxError or IndentationError
* E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7410)
Matt Caswell [Tue, 20 Nov 2018 13:13:00 +0000 (13:13 +0000)]
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7668)
Matt Caswell [Tue, 20 Nov 2018 10:52:53 +0000 (10:52 +0000)]
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7663)
Richard Levitte [Mon, 19 Nov 2018 09:21:49 +0000 (10:21 +0100)]
Unix build: for mingw and cygwin, create the right location for DLLs
Mingw and Cygwin builds install the DLLs in the application directory,
not the library directory, so ensure that one is created for them when
installing the DLLs.
Fixes #7653
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7654)
Johannes Bauer [Tue, 20 Mar 2018 19:06:13 +0000 (20:06 +0100)]
Add documentation for -pkeyopt_passin
Add documentation to new parameter and two examples showcasing scrypt
KDF.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5697)
Johannes Bauer [Tue, 1 Aug 2017 17:38:32 +0000 (19:38 +0200)]
Add option to read pkeyopts interactively
This patch adds the ability to interactively enter passphrases for
the pkeyutl application. For example, you could use
$ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5
-pkeyopt_passin secret -pkeyopt_passin seed
To have the "secret" and "seed" values read interactively from keyboard
(with hidden input). Alternatively, the pass phrase argument syntax is
also supported, e.g.:
$ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5
-pkeyopt_passin secret:stdin -pkeyopt_passin seed:env:SEEDVAR
To have "secret" read from stdin and "seed" from the environment
variable SEEDVAR.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5697)
Andy Polyakov [Thu, 15 Nov 2018 14:47:46 +0000 (15:47 +0100)]
sha/asm/sha512p8-ppc.pl: optimize epilogue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7643)
Andy Polyakov [Thu, 15 Nov 2018 14:42:02 +0000 (15:42 +0100)]
sha/asm/sha512p8-ppc.pl: fix typo in prologue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7643)
Richard Levitte [Thu, 15 Nov 2018 20:37:55 +0000 (21:37 +0100)]
Configuration: only include shared_sources in dirinfo in shared config
Without this precaution, we end up having directory targets depend on
shlib object files for which there are no rules.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7644)
Richard Levitte [Thu, 15 Nov 2018 12:45:31 +0000 (13:45 +0100)]
test/siphash_internal_test.c: ensure the SIPHASH structure is zeroed
Fixes #7641
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7642)
Matt Caswell [Thu, 8 Nov 2018 14:03:17 +0000 (14:03 +0000)]
Add a missing SSLfatal call
A missing SSLfatal call can result in an assertion failed error if the
condition gets triggered.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7594)
Antoine Salon [Tue, 6 Nov 2018 21:26:49 +0000 (13:26 -0800)]
Deprecate SSL_set_tmp_ecdh
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
Antoine Salon [Thu, 1 Nov 2018 22:41:16 +0000 (15:41 -0700)]
Making SRP_user_pwd functions public
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
Antoine Salon [Thu, 1 Nov 2018 18:56:55 +0000 (11:56 -0700)]
Added SRP_VBASE_add0_user()
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
Antoine Salon [Thu, 25 Oct 2018 22:43:35 +0000 (15:43 -0700)]
SRP module documentation
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
Antoine Salon [Tue, 16 Oct 2018 23:40:01 +0000 (16:40 -0700)]
Add SSL_CTX_set_tmp_ecdh.pod
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
Antoine Salon [Tue, 16 Oct 2018 16:07:00 +0000 (09:07 -0700)]
SSL extra chain certificates doc
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
Matt Caswell [Mon, 12 Nov 2018 14:23:07 +0000 (14:23 +0000)]
Fix no-ec and no-tls1_2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7620)
Richard Levitte [Tue, 13 Nov 2018 16:57:45 +0000 (17:57 +0100)]
Fix typo in util/perl/OpenSSL/Test.pm
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7633)
Richard Levitte [Tue, 13 Nov 2018 17:28:41 +0000 (18:28 +0100)]
test/recipes/90-test_shlibload.t needs $target{shared_extension}
We therefore must add defaults.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)
Richard Levitte [Mon, 12 Nov 2018 23:16:55 +0000 (00:16 +0100)]
Fix rpath-related Linux "test_shlibload" failure.
When libssl and libcrypto are compiled on Linux with "-rpath", but
not "--enable-new-dtags", the RPATH takes precedence over
LD_LIBRARY_PATH, and we end up running with the wrong libraries.
This is resolved by using full (or at least relative, rather than
just the filename to be found on LD_LIBRARY_PATH) paths to the
shared objects.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)
Shane Lontis [Fri, 9 Nov 2018 04:00:05 +0000 (14:00 +1000)]
KMAC implementation using EVP_MAC
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7597)
Richard Levitte [Tue, 13 Nov 2018 16:01:41 +0000 (17:01 +0100)]
Remove markdown links from HTML comments in issue templates
HTML comments aren't rendered, so markdown link syntax is irrelevant
inside them, and more confusing than useful.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7632)
Richard Levitte [Mon, 12 Nov 2018 13:17:24 +0000 (14:17 +0100)]
Add issue templates and a user support page
This will hopefully help directing our users to better user support
resources as well as give some relevant advice in issue templates.
https://help.github.com/articles/setting-up-your-project-for-healthy-contributions/
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7623)
Viktor Dukhovni [Sat, 10 Nov 2018 06:53:56 +0000 (01:53 -0500)]
Added missing signature algorithm reflection functions
SSL_get_signature_nid() -- local signature algorithm
SSL_get_signature_type_nid() -- local signature algorithm key type
SSL_get_peer_tmp_key() -- Peer key-exchange public key
SSL_get_tmp_key -- local key exchange public key
Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key(). Changed internal
calls to use the new name.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Thu, 1 Nov 2018 11:53:49 +0000 (11:53 +0000)]
Merge the CA list documentation for clarity
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)
Matt Caswell [Fri, 26 Oct 2018 17:23:48 +0000 (18:23 +0100)]
Add a test for SSL_CTX_set0_CA_list()/SSL_CTX_set_client_CA_list()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)
Matt Caswell [Fri, 26 Oct 2018 10:43:19 +0000 (11:43 +0100)]
Separate ca_names handling for client and server
SSL(_CTX)?_set_client_CA_list() was a server side only function in 1.1.0.
If it was called on the client side then it was ignored. In 1.1.1 it now
makes sense to have a CA list defined for both client and server (the
client now sends it the the TLSv1.3 certificate_authorities extension).
Unfortunately some applications were using the same SSL_CTX for both
clients and servers and this resulted in some client ClientHellos being
excessively large due to the number of certificate authorities being sent.
This commit seperates out the CA list updated by
SSL(_CTX)?_set_client_CA_list() and the more generic
SSL(_CTX)?_set0_CA_list(). This means that SSL(_CTX)?_set_client_CA_list()
still has no effect on the client side. If both CA lists are set then
SSL(_CTX)?_set_client_CA_list() takes priority.
Fixes #7411
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)
Matt Caswell [Wed, 24 Oct 2018 13:48:44 +0000 (14:48 +0100)]
Test use of a brainpool ECDSA certificate
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)
Matt Caswell [Wed, 24 Oct 2018 11:15:56 +0000 (12:15 +0100)]
Add some test brainpool certificates
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)
Matt Caswell [Fri, 19 Oct 2018 13:01:22 +0000 (14:01 +0100)]
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.
Fixes #7435
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)
Richard Levitte [Sun, 11 Nov 2018 11:23:26 +0000 (12:23 +0100)]
Fix SipHash init order.
Setting the SipHash hash size and setting its key is done with two
independent functions... and yet, the internals depend on both.
Unfortunately, the function to change the size wasn't adapted for the
possibility that the key was set first, with a different hash size.
This changes the hash setting function to fix the internal values
(which is easy, fortunately) according to the hash size.
evpmac.txt value for digestsize:8 is also corrected.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7613)
Dmitry Belyavskiy [Sun, 11 Nov 2018 21:56:05 +0000 (07:56 +1000)]
Some deabbreviations
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7614)
Tomas Mraz [Fri, 12 Oct 2018 15:24:14 +0000 (17:24 +0200)]
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #7391
Richard Levitte [Mon, 8 Jan 2018 12:29:45 +0000 (13:29 +0100)]
Recreate the OS390-Unix config target
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5035)
Mansour Ahmadi [Wed, 17 Oct 2018 22:13:57 +0000 (18:13 -0400)]
Check return value of EVP_PKEY_new
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7427)
Billy Brumley [Fri, 9 Nov 2018 07:25:43 +0000 (09:25 +0200)]
[crypto/bn] swap BN_FLG_FIXED_TOP too
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7599)
David Woodhouse [Mon, 22 Oct 2018 17:49:54 +0000 (18:49 +0100)]
Add EVP_PKEY_supports_digest_nid()
Rather than relying only on mandatory default digests, add a way for
the EVP_PKEY to individually report whether each digest algorithm is
supported.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
David Woodhouse [Tue, 16 Oct 2018 14:59:46 +0000 (07:59 -0700)]
Honour mandatory digest on private key in has_usable_cert()
If the private key says it can only support one specific digest, then
don't ask it to perform a different one.
Fixes: #7348
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
David Woodhouse [Tue, 16 Oct 2018 14:41:17 +0000 (07:41 -0700)]
Stop marking default digest for EC keys as mandatory
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory
digest algorithm, when the key can't support any others. That isn't true
here, so return 1 instead.
Partially fixes #7348
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
Bernd Edlinger [Wed, 7 Nov 2018 20:53:30 +0000 (21:53 +0100)]
Fix issues with do_rand_init/rand_cleanup_int
Fixes #7022
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7588)
Richard Levitte [Fri, 9 Nov 2018 11:23:53 +0000 (12:23 +0100)]
VMS build: colon after target must be separated with a space
... otherwise, it's taken to be part of a device name.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7602)
Richard Levitte [Wed, 7 Nov 2018 15:13:57 +0000 (16:13 +0100)]
Have install targets depend on more precise build targets
We only had the main 'install' target depend on 'all'. This changes
the dependencies so targets like install_dev, install_runtime_libs,
install_engines and install_programs depend on build targets that are
correspond to them more specifically. This increases the parallel
possibilities.
Fixes #7466
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)
Richard Levitte [Thu, 25 Oct 2018 07:09:20 +0000 (09:09 +0200)]
Allow parallel install
When trying 'make -j{n} install', you may occasionally run into
trouble because to sub-targets (install_dev and install_runtime) try
to install the same shared libraries. That makes parallel install
difficult.
This is solved by dividing install_runtime into two parts, one for
libraries and one for programs, and have install_dev depend on
install_runtime_libs instead of installing the shared runtime
libraries itself.
Fixes #7466
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)
Richard Levitte [Thu, 8 Nov 2018 09:28:33 +0000 (10:28 +0100)]
VMS build: don't add a comma before 'extradefines'
The variable extradefines will have the starting comma, if needed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7591)
Dr. Matthias St. Pierre [Thu, 18 Oct 2018 11:27:14 +0000 (13:27 +0200)]
rand_unix.c: open random devices on first use only
Commit
c7504aeb640a (pr #6432) fixed a regression for applications in
chroot environments, which compensated the fact that the new OpenSSL CSPRNG
(based on the NIST DRBG) now reseeds periodically, which the previous
one didn't. Now the reseeding could fail in the chroot environment if the
DEVRANDOM devices were not present anymore and no other entropy source
(e.g. getrandom()) was available.
The solution was to keep the file handles for the DEVRANDOM devices open
by default. In fact, the fix did more than this, it opened the DEVRANDOM
devices early and unconditionally in rand_pool_init(), which had the
unwanted side effect that the devices were opened (and kept open) even
in cases when they were not used at all, for example when the getrandom()
system call was available. Due to a bug (issue #7419) this even happened
when the feature was disabled by the application.
This commit removes the unconditional opening of all DEVRANDOM devices.
They will now only be opened (and kept open) on first use. In particular,
if getrandom() is available, the handles will not be opened unnecessarily.
This change does not introduce a regression for applications compiled for
libcrypto 1.1.0, because the SSLEAY RNG also seeds on first use. So in the
above constellation the CSPRNG will only be properly seeded if it is happens
before the forking and chrooting.
Fixes #7419
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7437)
Dr. Matthias St. Pierre [Thu, 25 Oct 2018 23:13:19 +0000 (01:13 +0200)]
Test: enable internal tests for shared Windows builds
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)
Dr. Matthias St. Pierre [Mon, 22 Oct 2018 16:05:14 +0000 (18:05 +0200)]
Test: link drbgtest statically against libcrypto
and remove duplicate rand_drbg_seedlen() implementation again.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)
Matt Caswell [Fri, 26 Oct 2018 14:29:15 +0000 (15:29 +0100)]
Give a better error if an attempt is made to set a zero length groups list
Previously we indicated this as a malloc failure which isn't very
helpful.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7479)
Matt Caswell [Wed, 24 Oct 2018 09:11:00 +0000 (10:11 +0100)]
Ignore disabled ciphers when deciding if we are using ECC
use_ecc() was always returning 1 because there are default (TLSv1.3)
ciphersuites that use ECC - even if those ciphersuites are disabled by
other options.
Fixes #7471
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7479)
Pauli [Wed, 7 Nov 2018 21:22:01 +0000 (07:22 +1000)]
Add missing RAND initialisation call.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7587)
Bernd Edlinger [Mon, 5 Nov 2018 22:13:11 +0000 (23:13 +0100)]
Rename the rand_drbg_st data member "pool" to "seed_pool"
... to make the intended use more clear and differentiate
it from the data member "adin_pool".
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7575)
Richard Levitte [Thu, 1 Nov 2018 13:02:21 +0000 (14:02 +0100)]
util/add-depends.pl: go through shared_sources too
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7545)
Rich Salz [Tue, 23 Oct 2018 20:13:47 +0000 (16:13 -0400)]
Remove outdated e_chil.txt file
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7476)
Bernd Edlinger [Tue, 30 Oct 2018 21:21:34 +0000 (22:21 +0100)]
Fix a race condition in drbgtest.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7531)
Bernd Edlinger [Fri, 2 Nov 2018 10:46:38 +0000 (11:46 +0100)]
Fix error handling in RAND_DRBG_uninstantiate
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)
Bernd Edlinger [Tue, 30 Oct 2018 20:02:22 +0000 (21:02 +0100)]
Fix error handling in drbgtest.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)
Bernd Edlinger [Tue, 30 Oct 2018 19:57:53 +0000 (20:57 +0100)]
Fix error handling in rand_drbg_new
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)
Bernd Edlinger [Mon, 29 Oct 2018 12:48:53 +0000 (13:48 +0100)]
Fix error handling in RAND_DRBG_set
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)
Pauli [Mon, 5 Nov 2018 21:06:25 +0000 (07:06 +1000)]
Fix return formatting.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7564)
Pauli [Mon, 5 Nov 2018 01:04:23 +0000 (11:04 +1000)]
Cleanse the key log buffer.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7564)
Pauli [Mon, 5 Nov 2018 04:30:37 +0000 (14:30 +1000)]
EVP_MAC ctrl numbering duplicate removal.
Both EVP_MAC_CTRL_SET_MD and EVP_MAC_CTRL_SET_CIPHER were numbered 4.
This would preclude any future MAC from using both.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7566)
Richard Levitte [Mon, 5 Nov 2018 15:52:46 +0000 (16:52 +0100)]
GMAC: Add subdir info in crypto/build.info for this to build
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/@7572)