oweals/openssl.git
7 years agoRemove OPENSSL_assert() from crypto/x509v3
Matt Caswell [Wed, 21 Jun 2017 14:56:56 +0000 (15:56 +0100)]
Remove OPENSSL_assert() from crypto/x509v3

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/x509
Matt Caswell [Wed, 21 Jun 2017 14:56:36 +0000 (15:56 +0100)]
Remove OPENSSL_assert() from crypto/x509

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/threads_none.c
Matt Caswell [Wed, 21 Jun 2017 14:56:12 +0000 (15:56 +0100)]
Remove OPENSSL_assert() from crypto/threads_none.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/pem
Matt Caswell [Wed, 21 Jun 2017 14:55:56 +0000 (15:55 +0100)]
Remove OPENSSL_assert() from crypto/pem

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/kdf
Matt Caswell [Wed, 21 Jun 2017 14:55:38 +0000 (15:55 +0100)]
Remove OPENSSL_assert() from crypto/kdf

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/hmac
Matt Caswell [Wed, 21 Jun 2017 14:55:20 +0000 (15:55 +0100)]
Remove OPENSSL_assert() from crypto/hmac

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/ec
Matt Caswell [Wed, 21 Jun 2017 14:54:45 +0000 (15:54 +0100)]
Remove OPENSSL_assert() from crypto/ec

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from conf_api.c
Matt Caswell [Wed, 21 Jun 2017 14:54:25 +0000 (15:54 +0100)]
Remove OPENSSL_assert() from conf_api.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() usage from crypto/bn
Matt Caswell [Wed, 21 Jun 2017 14:52:52 +0000 (15:52 +0100)]
Remove OPENSSL_assert() usage from crypto/bn

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from various crypto/bio files
Matt Caswell [Wed, 21 Jun 2017 14:52:11 +0000 (15:52 +0100)]
Remove OPENSSL_assert() from various crypto/bio files

bss_dgram.c is deferred until later due to ongoing discussions.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove OPENSSL_assert() from crypto/asn1/bio_asn1.c
Matt Caswell [Wed, 21 Jun 2017 14:51:27 +0000 (15:51 +0100)]
Remove OPENSSL_assert() from crypto/asn1/bio_asn1.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

7 years agoRemove double error messages
Pauli [Mon, 21 Aug 2017 00:37:34 +0000 (10:37 +1000)]
Remove double error messages

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4204)

7 years agoFix ui_write in apps/apps.c
Richard Levitte [Sat, 19 Aug 2017 16:45:43 +0000 (18:45 +0200)]
Fix ui_write in apps/apps.c

It used the default UI reader as fallback instead of the UI writer.

Fixes #4147
Fixes #4195

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4198)

7 years agoPut thread-fork-init inside a run-once guard
Rich Salz [Fri, 18 Aug 2017 15:47:21 +0000 (11:47 -0400)]
Put thread-fork-init inside a run-once guard

Thanks to Christian Heimes for pointing this out.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4191)

7 years agoReorder extensions to put SigAlgs last
Todd Short [Fri, 18 Aug 2017 13:32:29 +0000 (09:32 -0400)]
Reorder extensions to put SigAlgs last

Force non-empty padding extension.
When enabled, force the padding extension to be at least 1 byte long.
WebSphere application server cannot handle having an empty
extension (e.g. EMS/EtM) as the last extension in a client hello.
This moves the SigAlgs extension last for TLSv1.2 to avoid this
issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3921)

7 years agoAddressed build failure because of missing #ifdef AF_UNIX guard
Balaji Marisetti [Tue, 1 Aug 2017 11:24:13 +0000 (16:54 +0530)]
Addressed build failure because of missing #ifdef AF_UNIX guard
CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4067)

7 years agoAdd a comment on expectations in the "tar" target
Richard Levitte [Thu, 17 Aug 2017 12:08:43 +0000 (14:08 +0200)]
Add a comment on expectations in the "tar" target

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)

7 years agoPrepare tarball in dist directory
Richard Levitte [Thu, 17 Aug 2017 12:04:36 +0000 (14:04 +0200)]
Prepare tarball in dist directory

We changed directory to the wrong directory.
This change also separates the preparation phase from the tarball
building phase.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)

7 years agoTurn on error sensitivity in the "tar" target
Richard Levitte [Thu, 17 Aug 2017 12:04:18 +0000 (14:04 +0200)]
Turn on error sensitivity in the "tar" target

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)

7 years agotest/asn1_time_test.c: Better check of signed time_t
Richard Levitte [Thu, 17 Aug 2017 16:03:22 +0000 (18:03 +0200)]
test/asn1_time_test.c: Better check of signed time_t

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4182)

7 years agoerr/err.c: improve readability.
Andy Polyakov [Wed, 16 Aug 2017 21:08:03 +0000 (23:08 +0200)]
err/err.c: improve readability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoerr/err.c: fix "wraparound" bug in ERR_set_error_data.
Andy Polyakov [Wed, 16 Aug 2017 21:06:57 +0000 (23:06 +0200)]
err/err.c: fix "wraparound" bug in ERR_set_error_data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoFix windows build after too aggressive e_os.h removal
Pauli [Fri, 18 Aug 2017 00:09:27 +0000 (10:09 +1000)]
Fix windows build after too aggressive e_os.h removal

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4187)

7 years agoRemove tests dependence on e_os.h
Pauli [Thu, 17 Aug 2017 23:50:25 +0000 (09:50 +1000)]
Remove tests dependence on e_os.h

Apart from ssltest_old.c, the test suite relied on e_os.h for the
OSSL_NELEM macro and nothing else.

The ssltest_old.c also requires EXIT and some socket macros.

Create a new header to define the OSSL_NELEM macro and use that instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4186)

7 years agoClear outputs in PKCS12_parse error handling.
Bernd Edlinger [Sat, 12 Aug 2017 08:11:09 +0000 (10:11 +0200)]
Clear outputs in PKCS12_parse error handling.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4145)

7 years agoWhen building a tarball, avoid trying to copy submodules
Richard Levitte [Thu, 17 Aug 2017 07:38:02 +0000 (09:38 +0200)]
When building a tarball, avoid trying to copy submodules

submodules are directories that we don't want in our tarballs, so
avoid them.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4178)

7 years agoDetermine the number of output columns for the list and help commands using
Pauli [Tue, 15 Aug 2017 04:41:34 +0000 (14:41 +1000)]
Determine the number of output columns for the list and help commands using
the command names rather than hard coding it (conditionally).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4162)

7 years agoFix OCSP_basic_verify() cert chain construction in case bs->certs is NULL
David von Oheimb [Wed, 16 Aug 2017 18:00:05 +0000 (14:00 -0400)]
Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL

Now the certs arg is not any more neglected when building the signer cert chain.
Added case to test/recipes/80-test_ocsp.t proving fix for 3-level CA hierarchy.

See also http://rt.openssl.org/Ticket/Display.html?id=4620

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4124)

7 years agosha/asm/keccak1600-armv4.pl: optimize for Thumb-2.
Andy Polyakov [Mon, 14 Aug 2017 14:33:36 +0000 (16:33 +0200)]
sha/asm/keccak1600-armv4.pl: optimize for Thumb-2.

Reduce per-round instruction count in Thumb-2 case by 16%. This is
achieved by folding ldr/str pairs to their double-word counterparts.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoFix some documentation typos.
David Benjamin [Wed, 16 Aug 2017 17:07:43 +0000 (13:07 -0400)]
Fix some documentation typos.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4173)

7 years agofix some typos
FdaSilvaYY [Wed, 16 Aug 2017 13:40:11 +0000 (15:40 +0200)]
fix some typos

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)

7 years agoFix two MSVC warnings in apps.c
FdaSilvaYY [Wed, 16 Aug 2017 13:40:40 +0000 (15:40 +0200)]
Fix two MSVC warnings in apps.c

warning C4996: 'fileno': The POSIX name for this item is deprecated.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)

7 years ago[Win] Fix some test method signatures ...
FdaSilvaYY [Tue, 15 Aug 2017 21:39:03 +0000 (23:39 +0200)]
[Win] Fix some test method signatures ...

to halves MSVC warnings.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)

7 years agoCopy dlls into fuzz directory
Matt Caswell [Wed, 16 Aug 2017 13:33:13 +0000 (14:33 +0100)]
Copy dlls into fuzz directory

This should fix the recent AppVeyor failures.

[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4171)

7 years agobndiv fuzzer: limit the size of the input to avoid timeout
gbrl [Tue, 8 Aug 2017 13:17:01 +0000 (15:17 +0200)]
bndiv fuzzer: limit the size of the input to avoid timeout

CLA: trivial

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4119)

7 years agoFix coding style of EVP_PKEY_CTX_ctrl_uint64
Johannes Bauer [Tue, 15 Aug 2017 16:52:24 +0000 (18:52 +0200)]
Fix coding style of EVP_PKEY_CTX_ctrl_uint64

Code review of @dot-asm pointed out style guide violation; this patch
fixes it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4166)

7 years agoPrint pathnames for 'version -r'
Rich Salz [Tue, 15 Aug 2017 19:50:14 +0000 (15:50 -0400)]
Print pathnames for 'version -r'

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4168)

7 years agoSTORE: Add documentation on the expectations for returned names
Richard Levitte [Wed, 5 Jul 2017 14:08:19 +0000 (16:08 +0200)]
STORE: Add documentation on the expectations for returned names

Returned OSSL_STORE_INFO_NAME typed infos are supposed to be a
canonical URI for the corresponding object.  For example, when using
the 'file' scheme loader, the file name is returned, possibly prefixed
with 'file://'

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3856)

7 years agoSTORE: Add info on the expected post_process callback behavior
Richard Levitte [Wed, 5 Jul 2017 14:00:30 +0000 (16:00 +0200)]
STORE: Add info on the expected post_process callback behavior

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3856)

7 years agoFix overzealous cleanup command
FdaSilvaYY [Tue, 15 Aug 2017 16:42:02 +0000 (18:42 +0200)]
Fix overzealous cleanup command

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4167)

7 years agoAdd SSL_get_pending_cipher()
Benjamin Kaduk [Tue, 1 Aug 2017 20:28:14 +0000 (15:28 -0500)]
Add SSL_get_pending_cipher()

The existing function SSL_get_current_cipher() queries the
current session for the ciphersuite in use, but there is no way
for application code to determine what ciphersuite has been
negotiated and will be used in the future, prior to ChangeCipherState
(or the TLS 1.3 equivalent) causing the new cipher to take effect and
become visible in the session information.  Expose this information
to appropriate application callbacks to use during the handshake.

The name SSL_get_pending_cipher() was chosen for compatibility with
BoringSSL's routine of that name.

Improve the note on macro implementations in SSL_get_current_cipher.pod
while here.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4070)

7 years agoMove ALPN handling from finalizer to delayed call
Benjamin Kaduk [Tue, 1 Aug 2017 19:50:22 +0000 (14:50 -0500)]
Move ALPN handling from finalizer to delayed call

Commit 02f0274e8c0596dcf7e2d104250232a42c650b96 moved ALPN processing
into an extension finalization function, as the only documented ordering
requirement from previous commits was that ALPN processing occur after
SNI processing, and SNI processing is performed before the extension
finalization step.  However, it is useful for applications'
alpn_select callbacks to run after ciphersuite selection as well -- at
least one application protocol specification (HTTP/2) imposes restrictions
on which ciphersuites are usable with that protocol.  Since it is generally
more preferrable to have a successful TLS connection with a default application
protocol than to fail the TLS connection and not be able to have the preferred
application protocol, it is good to give the alpn_select callback information
about the ciphersuite to be used, so that appropriate restrctions can be
enforced in application code.

Accordingly, split the ALPN handling out into a separate tls_handl_alpn()
function akin to tls_handle_status_request(), called from
tls_post_process_client_hello().  This is an alternative to resuscitating
ssl_check_clienthello_tlsext_late(), something of an awkwward name itself.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4070)

7 years agoRevert "Add some casts for %j"
Rich Salz [Tue, 15 Aug 2017 13:42:38 +0000 (09:42 -0400)]
Revert "Add some casts for %j"

This reverts commit c4d2e483a39176a476c56d35879423fe6e33c0cd.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4160)

7 years agoUse new setup_tests in code of rsa_test
Paul Yang [Tue, 15 Aug 2017 03:44:56 +0000 (11:44 +0800)]
Use new setup_tests in code of rsa_test

Although this piece of code will not be compiled at current stage, but
there seems a plan to re-open the 'no-rsa' option in the future so this
should be fixed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4161)

7 years agoClear error stack on successful OSSL_STORE_open()
Richard Levitte [Sat, 5 Aug 2017 12:56:13 +0000 (14:56 +0200)]
Clear error stack on successful OSSL_STORE_open()

Since OSSL_STORE_open() tries with the 'file' scheme loader first, and
then on the loader implied by the URI if the former fails, the former
leaves an error on the error stack.  This is confusing, so let's clear
the error stack on success.  The implementation uses ERR_set_mark,
ERR_pop_to_mark and ERR_clear_last_mark to make sure caller errors are
preserved as much as possible.

Fixes #4089

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4094)

7 years agoAdd ERR_clear_last_mark()
Richard Levitte [Sat, 5 Aug 2017 19:47:00 +0000 (21:47 +0200)]
Add ERR_clear_last_mark()

This allows callers to set a mark, and then clear it without removing
the errors.  Useful in case an error is encountered that should be
returned up the call stack.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4094)

7 years agoRename crypto/evp/scrypt.c to crypto/evp/pbe_scrypt.c
Richard Levitte [Tue, 15 Aug 2017 10:32:55 +0000 (12:32 +0200)]
Rename crypto/evp/scrypt.c to crypto/evp/pbe_scrypt.c

There already is a scrypt.c in crypto/kdf/, both becoming script.o or
script.obj.  With some linkers, the same object files name more than
once means one of them is dropped, either when building shared
libraries or when building executables from static libraries.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4164)

7 years agoFile::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper
Richard Levitte [Tue, 1 Aug 2017 20:43:56 +0000 (22:43 +0200)]
File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)

7 years agoConsolidate the locations where we have our internal perl modules
Richard Levitte [Tue, 1 Aug 2017 20:10:39 +0000 (22:10 +0200)]
Consolidate the locations where we have our internal perl modules

Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)

7 years agoAdd some casts for %j
Rich Salz [Mon, 14 Aug 2017 23:59:54 +0000 (19:59 -0400)]
Add some casts for %j

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4160)

7 years agoDoc fixes
Rich Salz [Mon, 14 Aug 2017 13:32:07 +0000 (09:32 -0400)]
Doc fixes

Write missing prime.pod and srp.pod
Implement -c in find-doc-nits (for command options)
Other fixes to some manpages
Use B<-I<digest|cipher>> notation
Split up multiple flags into a single entry in the synopsis.
Add -1 and missing-help to list command.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4144)

7 years agoInstantiate when RAND_status() checks
Rich Salz [Sat, 12 Aug 2017 22:19:50 +0000 (18:19 -0400)]
Instantiate when RAND_status() checks

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4150)

7 years agoFix some typo and comments
FdaSilvaYY [Sat, 12 Aug 2017 18:02:24 +0000 (20:02 +0200)]
Fix some typo and comments
[skip ci]

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4149)

7 years agosha/asm/keccak1600-avx512.pl: fix buglet in SHA3_squeeze tail.
Andy Polyakov [Thu, 10 Aug 2017 20:53:55 +0000 (22:53 +0200)]
sha/asm/keccak1600-avx512.pl: fix buglet in SHA3_squeeze tail.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoWire SHAKE to EVP.
Andy Polyakov [Thu, 10 Aug 2017 20:47:32 +0000 (22:47 +0200)]
Wire SHAKE to EVP.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4137)

7 years agoAdd EVP_DigestFinalXOF, interface to extendable-output functions, XOFs.
Andy Polyakov [Thu, 10 Aug 2017 20:39:40 +0000 (22:39 +0200)]
Add EVP_DigestFinalXOF, interface to extendable-output functions, XOFs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4137)

7 years agoClarify CLI OCSP documentation
Johannes Bauer [Fri, 11 Aug 2017 23:00:21 +0000 (19:00 -0400)]
Clarify CLI OCSP documentation

This fixes issue #3043, which ultimately was reported because
documentation was not clear on the meaning of the "-ignore_err" option.
Update both command line documentation and add this option to manpage.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4143)

7 years agoFix some Typos and indents
FdaSilvaYY [Fri, 11 Aug 2017 14:15:22 +0000 (10:15 -0400)]
Fix some Typos and indents

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4108)

7 years agoMove FuzzerSetRand to separate file.
Rich Salz [Fri, 11 Aug 2017 12:22:22 +0000 (08:22 -0400)]
Move FuzzerSetRand to separate file.

Use an inline rand.inc; this fixes Google's OSS-Fuzz builds.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4141)

7 years ago[extended tests] Add steps to update an external test suite
Jon Spillett [Fri, 11 Aug 2017 00:48:40 +0000 (10:48 +1000)]
[extended tests] Add steps to update an external test suite

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4139)

7 years agoUpdate pyca-cryptography to latest commit
Jon Spillett [Thu, 10 Aug 2017 06:52:04 +0000 (16:52 +1000)]
Update pyca-cryptography to latest commit

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4139)

7 years agono-ec2m fixes
Dr. Stephen Henson [Thu, 10 Aug 2017 15:36:37 +0000 (16:36 +0100)]
no-ec2m fixes

Fix warning and don't use binary field certificate for ECDH CMS
key only test.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4134)

7 years agoAdd alternative CMS P-256 cert
Dr. Stephen Henson [Thu, 10 Aug 2017 15:45:31 +0000 (16:45 +0100)]
Add alternative CMS P-256 cert

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4134)

7 years agoFix no-ec
Dr. Stephen Henson [Thu, 10 Aug 2017 15:45:18 +0000 (16:45 +0100)]
Fix no-ec

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4134)

7 years agoFix minor type warnings and risk of memory leak in testutil/driver.c
David von Oheimb [Thu, 10 Aug 2017 07:07:37 +0000 (09:07 +0200)]
Fix minor type warnings and risk of memory leak in testutil/driver.c

Discussion is in https://github.com/openssl/openssl/issues/4127

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4131)

7 years agoDon't modify resumed session objects
Benjamin Kaduk [Wed, 9 Aug 2017 13:14:24 +0000 (08:14 -0500)]
Don't modify resumed session objects

If s->hit is set, s->session corresponds to a session created on
a previous connection, and is a data structure that is potentially
shared across other SSL objects.  As such, there are thread-safety
issues with modifying the structure without taking its lock (and
of course all corresponding read accesses would also need to take
the lock as well), which have been observed to cause double-frees.

Regardless of thread-safety, the resumed session object is intended
to reflect parameters of the connection that created the session,
and modifying it to reflect the parameters from the current connection
is confusing.  So, modifications to the session object during
ClientHello processing should only be performed on new connections,
i.e., those where s->hit is not set.

The code mostly got this right, providing such checks when processing
SNI and EC point formats, but the supported groups (formerly
supported curves) extension was missing it, which is fixed by this commit.

However, TLS 1.3 makes the suppported_groups extension mandatory
(when using (EC)DHE, which is the normal case), checking for the group
list in the key_share extension processing.  But, TLS 1.3 only [0] supports
session tickets for session resumption, so the session object in question
is the output of d2i_SSL_SESSION(), and will not be shared across SSL
objects.  Thus, it is safe to modify s->session for TLS 1.3 connections.

[0] A psk_find_session callback can also be used, but the restriction that
each callback execution must produce a distinct SSL_SESSION structure
can be documented when the psk_find_session callback documentation is
completed.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4123)

7 years agoAdd missing documentation of the default format for commands.
Tomas Mraz [Wed, 9 Aug 2017 13:20:43 +0000 (15:20 +0200)]
Add missing documentation of the default format for commands.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4122)

7 years agoFix memory leak in session cache test
Benjamin Kaduk [Wed, 9 Aug 2017 17:19:06 +0000 (12:19 -0500)]
Fix memory leak in session cache test

When we are using the internal cache we have to make a copy of the
session before removing it from the parent context's cache, since
we want our copy to still be resumable.  However, SSL_CTX_remove_session()
just detaches the session from the SSL_CTX; it does not free the session.
So, we must call SSL_SESSION_free() ourselves before overwriting the
variable that we dup'd from.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4126)

7 years agoAdd -d flag to list -u details (now normally off)
Rich Salz [Wed, 9 Aug 2017 16:25:35 +0000 (12:25 -0400)]
Add -d flag to list -u details (now normally off)

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4125)

7 years agoAdd missing HTML tag in www_body in s_server.c
Xiaoyin Liu [Sat, 5 Aug 2017 06:31:04 +0000 (02:31 -0400)]
Add missing HTML tag in www_body in s_server.c

In the generated HTML document, the `<pre>` tag is not closed. This patch also has a trivial code-style improvement, unrelated to the bug fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4088)

7 years agoFix trivial nits in documentaion
Paul Yang [Tue, 8 Aug 2017 17:15:28 +0000 (01:15 +0800)]
Fix trivial nits in documentaion

Code Health (Tuesday?): Parameters' names are not correct.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4117)

7 years agoAdd XXX_security_bits documentation
Paul Yang [Wed, 9 Aug 2017 15:25:19 +0000 (11:25 -0400)]
Add XXX_security_bits documentation

This is a 'code health' commit to respond to this round of code health
Tuesday...

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4099)

7 years agoTest server side session caching
Matt Caswell [Wed, 2 Aug 2017 11:19:15 +0000 (12:19 +0100)]
Test server side session caching

In particular this covers the scenario mentioned in #4014

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4072)

7 years agoAdd an SSL_SESSION_dup() function
Matt Caswell [Wed, 2 Aug 2017 12:32:56 +0000 (13:32 +0100)]
Add an SSL_SESSION_dup() function

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4072)

7 years agoFix building without scrypt
Johannes Bauer [Tue, 8 Aug 2017 16:51:41 +0000 (18:51 +0200)]
Fix building without scrypt

Building without the scrypt KDF is now possible, the OPENSSL_NO_SCRYPT
define is honored in code. Previous this lead to undefined references.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4116)

7 years agoAdd test for ECDH CMS key only
Dr. Stephen Henson [Tue, 8 Aug 2017 14:25:14 +0000 (15:25 +0100)]
Add test for ECDH CMS key only

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4115)

7 years agoSupport CMS decrypt without a certificate for all key types
Dr. Stephen Henson [Tue, 8 Aug 2017 14:20:07 +0000 (15:20 +0100)]
Support CMS decrypt without a certificate for all key types

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4115)

7 years agoAdd documentation for the scrypt PKEY_METHOD
Johannes Bauer [Mon, 7 Aug 2017 22:21:30 +0000 (00:21 +0200)]
Add documentation for the scrypt PKEY_METHOD

Added manpage for the new scrypt EVP_PKEY_METHOD KDF interface.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4026)

7 years agoAdd PKEY_METHOD macro tests
Johannes Bauer [Thu, 3 Aug 2017 19:44:18 +0000 (21:44 +0200)]
Add PKEY_METHOD macro tests

Added the pkey_meth_kdf_test tests which test the PKEY_METHOD macros (at
the moment, of HKDF and scrypt).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4026)

7 years agoAdd interface to the scrypt KDF by means of PKEY_METHOD
Johannes Bauer [Sat, 22 Jul 2017 18:04:55 +0000 (20:04 +0200)]
Add interface to the scrypt KDF by means of PKEY_METHOD

Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD.
This fixes #4021 (at least for the scrypt portion of the issue).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4026)

7 years agoVarious RAND improvements
Rich Salz [Mon, 7 Aug 2017 23:21:36 +0000 (19:21 -0400)]
Various RAND improvements

Try to put DRBG and rand_bytes buffers in secure heap
Read the TSC fewer times (but it's still not enabled).
Short-circuit return in win RAND_poll_ex; other minor tweaks and
format-fixes.
Use the _bytes version of rdrand/rdseed
Fix ia32cap checks.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4100)

7 years agoAvoid surpising password dialog in X509 file lookup.
Bernd Edlinger [Mon, 7 Aug 2017 16:02:53 +0000 (18:02 +0200)]
Avoid surpising password dialog in X509 file lookup.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4111)

7 years agoMake RAND_DRBG fork-safe
Rich Salz [Sun, 6 Aug 2017 22:12:28 +0000 (18:12 -0400)]
Make RAND_DRBG fork-safe

Use atfork to count child forks, and reseed DRBG when the counts don't
match.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4101)

7 years agoChange SETUP_TEST_FIXTURE so that the fixture structure is passed by
Pauli [Fri, 4 Aug 2017 00:49:38 +0000 (10:49 +1000)]
Change SETUP_TEST_FIXTURE so that the fixture structure is passed by
reference not by value.  This allows an error return from the setup function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4083)

7 years agoAdd missing include of cryptlib.h
Rich Salz [Thu, 3 Aug 2017 20:21:01 +0000 (16:21 -0400)]
Add missing include of cryptlib.h

Also use "" not <> for all include cryptlib

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4082)

7 years agoAdd predicatable RAND_METHOD to test ENGINE
Dr. Stephen Henson [Sun, 6 Aug 2017 17:59:55 +0000 (18:59 +0100)]
Add predicatable RAND_METHOD to test ENGINE

The test ENGINE effectively used a predictable PRNG because it supplied
a bogus implementation of SHA256 which the old version of OpenSSL's PRNG
used. The new DRBG does not use SHA256 so it is no longer predictable
if the SHA256 implementation is replaced. Use an explicit predictable
PRNG instead.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4098)

7 years agoUse passed drbg, not global one
Dr. Stephen Henson [Sun, 6 Aug 2017 13:05:21 +0000 (14:05 +0100)]
Use passed drbg, not global one

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4097)

7 years agoSmall typo in manpage of x509(1)
Johannes Bauer [Sat, 5 Aug 2017 08:53:42 +0000 (10:53 +0200)]
Small typo in manpage of x509(1)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #4090

7 years agoFix typo in files in crypto folder
Xiaoyin Liu [Fri, 4 Aug 2017 05:10:41 +0000 (01:10 -0400)]
Fix typo in files in crypto folder

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #4093

7 years agoFix typo in HKDF example documentation
Johannes Bauer [Thu, 3 Aug 2017 19:07:21 +0000 (21:07 +0200)]
Fix typo in HKDF example documentation

Out-of-bounds array access in the example documentation of
EVP_PKEY_CTX_set_hkdf_md fixed.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4081)

7 years agoAdd entropy sanity check
Dr. Stephen Henson [Sat, 5 Aug 2017 11:04:10 +0000 (12:04 +0100)]
Add entropy sanity check

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4092)

7 years agoSet randomness buffer pointer in get_entropy calls.
Dr. Stephen Henson [Sat, 5 Aug 2017 10:19:27 +0000 (11:19 +0100)]
Set randomness buffer pointer in get_entropy calls.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4092)

7 years agoConsolidate to a single asn1_time_from_tm() function
Todd Short [Fri, 4 Aug 2017 01:24:03 +0000 (11:24 +1000)]
Consolidate to a single asn1_time_from_tm() function

Add missing ASN1_TIME functions

Do some cleanup of the ASN1_TIME code.
Add ASN1_TIME_normalize() to normalize ASN1_TIME structures.
Add ASN1_TIME_compare() to compare two ASN1_TIME structures.
Add ASN1_TIME_cmp_time_t() to compare an ASN1_TIME to time_t
(generic version of ASN1_UTCTIME_cmp_time_t()).

Replace '0' .. '9' compares with isdigit()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2753)

7 years agoTest fixtures changed to pointers.
Pauli [Wed, 2 Aug 2017 03:48:29 +0000 (13:48 +1000)]
Test fixtures changed to pointers.

Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE.  This will permit error returns from the setup function and allow for future running tests in parallel.

Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4071)

7 years agorecipes/80-test_ca.t: make it work with spaces in pathnames.
Andy Polyakov [Wed, 2 Aug 2017 21:28:34 +0000 (23:28 +0200)]
recipes/80-test_ca.t: make it work with spaces in pathnames.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd RAND_priv_bytes() for private keys
Rich Salz [Wed, 2 Aug 2017 18:00:52 +0000 (14:00 -0400)]
Add RAND_priv_bytes() for private keys

Add a new global DRBG for private keys used by RAND_priv_bytes.

Add BN_priv_rand() and BN_priv_rand_range() which use RAND_priv_bytes().
Change callers to use the appropriate BN_priv... function.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4076)

7 years agoAdd a DRBG to each SSL object
Rich Salz [Thu, 3 Aug 2017 14:24:03 +0000 (10:24 -0400)]
Add a DRBG to each SSL object

Give each SSL object it's own DRBG, chained to the parent global
DRBG which is used only as a source of randomness into the per-SSL
DRBG.  This is used for all session, ticket, and pre-master secret keys.
It is NOT used for ECDH key generation which use only the global
DRBG. (Doing that without changing the API is tricky, if not impossible.)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4050)

7 years agoSwitch from ossl_rand to DRBG rand
Rich Salz [Thu, 3 Aug 2017 13:23:28 +0000 (09:23 -0400)]
Switch from ossl_rand to DRBG rand

If RAND_add wraps around, XOR with existing. Add test to drbgtest that
does the wrap-around.

Re-order seeding and stop after first success.

Add RAND_poll_ex()

Use the DF and therefore lower RANDOMNESS_NEEDED.  Also, for child DRBG's,
mix in the address as the personalization bits.

Centralize the entropy callbacks, from drbg_lib to rand_lib.
(Conceptually, entropy is part of the enclosing application.)
Thanks to Dr. Matthias St Pierre for the suggestion.

Various code cleanups:
    -Make state an enum; inline RANDerr calls.
    -Add RAND_POLL_RETRIES (thanks Pauli for the idea)
    -Remove most RAND_seed calls from rest of library
    -Rename DRBG_CTX to RAND_DRBG, etc.
    -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the
     implementation of NIST DRBG.
    -Remove blocklength

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4019)

7 years agoMove ossl_assert
Matt Caswell [Wed, 2 Aug 2017 13:46:31 +0000 (14:46 +0100)]
Move ossl_assert

Move the definition of ossl_assert() out of e_os.h which is intended for OS
specific things. Instead it is moved into internal/cryptlib.h.

This also changes the definition to remove the (int) cast.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4073)

7 years agoremove horrible pragma macro and remove __owur from SSL_CTX_add_session() declaration
Lingmo Zhu [Wed, 2 Aug 2017 12:55:40 +0000 (20:55 +0800)]
remove horrible pragma macro and remove __owur from SSL_CTX_add_session() declaration

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4014)