oweals/openssl.git
6 years agoAdd build file support for generic symbol exports with DSOs
Richard Levitte [Thu, 4 Oct 2018 15:41:12 +0000 (17:41 +0200)]
Add build file support for generic symbol exports with DSOs

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)

6 years agoChange the build of engines to use ordinal files for symbol export
Richard Levitte [Thu, 4 Oct 2018 15:40:33 +0000 (17:40 +0200)]
Change the build of engines to use ordinal files for symbol export

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)

6 years agoutil/mkdef.pl: Produce version scripts from unversioned symbols
Richard Levitte [Thu, 4 Oct 2018 15:14:13 +0000 (17:14 +0200)]
util/mkdef.pl: Produce version scripts from unversioned symbols

This allows setting up export maps for DSOs as well in a uniform way.
This also means that util/mkdef.pl no longer picks up the target
version from configdata.pm, and it has to be given on the command line
instead.  This may be used to give modules separate versions as well,
if desirable.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)

6 years agoExtend the BIO callback tests to check the return value semantics
Matt Caswell [Wed, 3 Oct 2018 14:29:47 +0000 (15:29 +0100)]
Extend the BIO callback tests to check the return value semantics

Check that different return values passed to the BIO callback are
correctly handled.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7344)

6 years agoFix the BIO callback return code handling
Matt Caswell [Wed, 3 Oct 2018 14:27:31 +0000 (15:27 +0100)]
Fix the BIO callback return code handling

The BIO callback handling incorrectly wrote over the return code passed
to the callback, meaning that an incorrect result was (eventually) returned
to the caller.

Fixes #7343

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7344)

6 years agoRefactor util/mknum.pl for clearer separation of functionality
Richard Levitte [Fri, 14 Sep 2018 13:28:39 +0000 (15:28 +0200)]
Refactor util/mknum.pl for clearer separation of functionality

Rewrite util/mknum.pl to become cleaner, and to use the separate
generic C header parsing module, as well as the separate ordinals
manipulation module.
Adapt the build files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)

6 years agoAdd code to manipulate the items in OpenSSL::Ordinals
Richard Levitte [Wed, 3 Oct 2018 15:44:59 +0000 (17:44 +0200)]
Add code to manipulate the items in OpenSSL::Ordinals

This means adding the capability to add new items, to invalidate and
revalidate all the items, and to update the file it came from, as well
as the possibility to create new items from other data than a line
from said file.

While we're at it, we throw in a couple of useful filters.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)

6 years agoA perl module to parse through C headers
Richard Levitte [Wed, 3 Oct 2018 15:43:48 +0000 (17:43 +0200)]
A perl module to parse through C headers

OpenSSL::ParseC is a module that parses through a C header file and
returns a list with information on what it found.  Currently, the
information it returns covers function and variable declarations,
macro definitions, struct declarations/definitions and typedef
definitions.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)

6 years agoMove ZLIB from 'platforms' to 'features'
Richard Levitte [Fri, 14 Sep 2018 13:19:37 +0000 (15:19 +0200)]
Move ZLIB from 'platforms' to 'features'

Having it as a 'platform' was conceptually wrong from from the
beginning, and makes decoding more complicated than necessary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)

6 years agoRefactor util/mkdef.pl for clearer separation of functionality
Richard Levitte [Fri, 14 Sep 2018 12:59:40 +0000 (14:59 +0200)]
Refactor util/mkdef.pl for clearer separation of functionality

Move the .num updating functionality to util/mknum.pl.
Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively,
using the separate ordinals reading module.
Adapt the build files.
Adapt the symbol presence test.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)

6 years agoAdd a perl module that deals with ordinals files
Richard Levitte [Fri, 14 Sep 2018 12:58:11 +0000 (14:58 +0200)]
Add a perl module that deals with ordinals files

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)

6 years agoRemove SSL_version_str
Richard Levitte [Tue, 2 Oct 2018 16:57:39 +0000 (18:57 +0200)]
Remove SSL_version_str

I was never exported in our shared libraries and no one noticed, and
we don't seem to use it ourselves, so clean it away.

In all likelyhood, this is a remain from the 90's, when it was in
fashion to litter library modules with these kinds of strings.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7340)

6 years agoFix the drbgtest with randomized ordering
Matt Caswell [Tue, 2 Oct 2018 12:44:17 +0000 (13:44 +0100)]
Fix the drbgtest with randomized ordering

In drbgtest, test_set_defaults changes the default DRBGs. This works fine
when tests are run in the normal order. However if
OPENSSL_TEST_RAND_ORDER is defined then it may fail (dependent on the
ordering). This environment variable is defined for one of the Travis
tests, so this issue was causing intermittent travis test failures.

[extended tests]

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7338)

6 years agoIgnore libcrypto.ld and libssl.ld
Matt Caswell [Tue, 2 Oct 2018 13:05:14 +0000 (14:05 +0100)]
Ignore libcrypto.ld and libssl.ld

These are auto generated files that should not be checked into git

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7339)

6 years agoFix some Coverity warnings
Matt Caswell [Mon, 1 Oct 2018 12:16:55 +0000 (13:16 +0100)]
Fix some Coverity warnings

Check some return values on some functions.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7335)

6 years agoFix a mem leak in the ocsp app
Matt Caswell [Mon, 1 Oct 2018 11:06:06 +0000 (12:06 +0100)]
Fix a mem leak in the ocsp app

Free memory allocated in the parent process that is not needed in the
child. We also free it in the parent. Technically this isn't really
required since we end up calling exit() soon afterwards - but to
prevent false positives we free it anyway.

Fixes a Coverity issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7335)

6 years agoChange DRBG's to DRBGs
Shane Lontis [Mon, 1 Oct 2018 23:25:59 +0000 (09:25 +1000)]
Change DRBG's to DRBGs

Minor change to documentation of RAND_DRBG_set_defaults()

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7326)

6 years ago'openssl list': add option -objects to list built in objects
Richard Levitte [Thu, 12 Jul 2018 12:22:43 +0000 (14:22 +0200)]
'openssl list': add option -objects to list built in objects

Related to #6696

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6702)

6 years agoRefactor linker script generation
Richard Levitte [Sun, 30 Sep 2018 12:44:59 +0000 (14:44 +0200)]
Refactor linker script generation

The generation of linker scripts was badly balanced, as all sorts of
platform dependent stuff went into the top build.info, when that part
should really be made as simply and generic as possible.

Therefore, we move a lot of the "magic" to the build files templates,
since they are the place for platform dependent things.  What remains
is to parametrize just enough in the build.info file to generate the
linker scripts correctly for each associated library.

"linker script" is a term usually reserved for certain Unix linkers.
However, we only use them to say what symbols should be exported, so
we use the term loosely for all platforms.  The internal extension is
'.ld', and is changed by the build file templates as appropriate for
each target platform.

Note that this adds extra meaning to the value of the shared_target
attribute.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7333)

6 years agoClean out aliases in include/openssl/symhacks.h
Richard Levitte [Sun, 30 Sep 2018 00:18:47 +0000 (02:18 +0200)]
Clean out aliases in include/openssl/symhacks.h

Only a few clashing ones remain

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)

6 years agoSmall cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)
Richard Levitte [Sat, 29 Sep 2018 23:59:11 +0000 (01:59 +0200)]
Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)

BIO_s_log() is declared for everyone, so should return NULL when not
actually implemented.  Also, it had explicit platform limitations in
util/mkdef.pl that didn't correspond to what was actually in code.
While at it, a few other hard coded things that have lost their
relevance were removed.

include/openssl/ocsp.h had a few duplicate declarations.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)

6 years agoAdded DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/priva...
Shane Lontis [Tue, 24 Jul 2018 01:16:38 +0000 (11:16 +1000)]
Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6779)

6 years agoAdd missing cipher aliases to openssl(1)
Antoine Salon [Wed, 26 Sep 2018 08:56:05 +0000 (16:56 +0800)]
Add missing cipher aliases to openssl(1)

And references to other manpages are also added in openssl(1).

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7314)

6 years agodoc/man3/SSL_set_bio.pod: Fix wrong function name in return values section
James Callahan [Thu, 23 Aug 2018 02:12:05 +0000 (12:12 +1000)]
doc/man3/SSL_set_bio.pod: Fix wrong function name in return values section

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7035)

6 years agoUpdate enc(1) examples to more recent ciphers and key derivation algorithms
Antoine Salon [Mon, 17 Sep 2018 22:42:19 +0000 (15:42 -0700)]
Update enc(1) examples to more recent ciphers and key derivation algorithms

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7248)

6 years agoFix no-tls1_2
Matt Caswell [Mon, 24 Sep 2018 11:20:45 +0000 (12:20 +0100)]
Fix no-tls1_2

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7308)

6 years agoFix no-psk
Matt Caswell [Mon, 24 Sep 2018 11:00:10 +0000 (12:00 +0100)]
Fix no-psk

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7306)

6 years agoReduce stack usage in tls13_hkdf_expand
Bernd Edlinger [Sun, 23 Sep 2018 07:20:54 +0000 (09:20 +0200)]
Reduce stack usage in tls13_hkdf_expand

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7297)

6 years agoDocument OPENSSL_VERSION_TEXT macro
Daniel Bevenius [Mon, 24 Sep 2018 06:43:35 +0000 (08:43 +0200)]
Document OPENSSL_VERSION_TEXT macro

This commit documents the OPENSSL_VERSION_TEXT which is currently
missing in the man page.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7301)

6 years agoUse secure_getenv(3) when available.
Pauli [Mon, 24 Sep 2018 01:21:18 +0000 (11:21 +1000)]
Use secure_getenv(3) when available.

Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.

CPU processor override flags are unchanged.

Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7047)

6 years agoCreate the .rnd file it it does not exist
Bernd Edlinger [Thu, 13 Sep 2018 16:25:37 +0000 (18:25 +0200)]
Create the .rnd file it it does not exist

It's a bit annoying, since some commands try to read a .rnd file,
and print an error message if the file does not exist.

But previously a .rnd file was created on exit, and that does no longer
happen.

Fixed by continuing in app_RAND_load_conf regardless of the error in
RAND_load_file.

If the random number generator is still not initalized on exit, the
function RAND_write_file will fail and no .rnd file would be created.

Remove RANDFILE from openssl.cnf

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7217)

6 years agotypo-fixes: miscellaneous typo fixes
agnosticdev [Thu, 20 Sep 2018 10:23:27 +0000 (05:23 -0500)]
typo-fixes: miscellaneous typo fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7277)

6 years agoFix the max psk len for TLSv1.3
Matt Caswell [Wed, 19 Sep 2018 09:09:39 +0000 (10:09 +0100)]
Fix the max psk len for TLSv1.3

If using an old style TLSv1.2 PSK callback then the maximum possible PSK
len is PSK_MAX_PSK_LEN (256) - not 64.

Fixes #7261

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7267)

6 years agoAdd a test for the certificate callback
Matt Caswell [Wed, 19 Sep 2018 13:51:49 +0000 (14:51 +0100)]
Add a test for the certificate callback

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7257)

6 years agoDelay setting the sig algs until after the cert_cb has been called
Matt Caswell [Tue, 18 Sep 2018 16:45:39 +0000 (17:45 +0100)]
Delay setting the sig algs until after the cert_cb has been called

Otherwise the sig algs are reset if SSL_set_SSL_CTX() gets called.

Fixes #7244

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7257)

6 years agocrypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG
Richard Levitte [Fri, 21 Sep 2018 09:11:15 +0000 (11:11 +0200)]
crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG

This module includes bn.h via other headers, so it picks up the
definition from there and doesn't need to define them locally (any
more?).  Worst case scenario, the redefinition may be different and
cause all sorts of compile errors.

Fixes #7227

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7287)

6 years ago/dev/crypto engine: add missing RC4 parameter
Richard Levitte [Thu, 20 Sep 2018 13:33:21 +0000 (15:33 +0200)]
/dev/crypto engine: add missing RC4 parameter

Fixes #7280

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7281)

6 years agoAdd some missing ciphers in 'enc' document
Paul Yang [Thu, 20 Sep 2018 09:04:15 +0000 (17:04 +0800)]
Add some missing ciphers in 'enc' document

The original issue is #7273 and this commit fixes part of that issue.

[skip ci]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7275)

6 years agoutil/mkdef.pl, util/add-depends.pl: don't lowercase file names
Richard Levitte [Wed, 12 Sep 2018 00:38:22 +0000 (02:38 +0200)]
util/mkdef.pl, util/add-depends.pl: don't lowercase file names

It turns out to be detrimental on some file systems that may or may not
be case sensitive (such as NTFS, which has a case sensitive mode).

Fixes #7172

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7172)

6 years agocrypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too
Richard Levitte [Wed, 19 Sep 2018 19:33:45 +0000 (21:33 +0200)]
crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too

These both indicate that the file descriptor we're trying to use as a
terminal isn't, in fact, a terminal.

Fixes #7271

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7272)

6 years agoReset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()
Benjamin Kaduk [Wed, 19 Sep 2018 14:02:04 +0000 (09:02 -0500)]
Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()

Historically SSL_CTX_set_ssl_version() has reset the cipher list
to the default.  Splitting TLS 1.3 ciphers to be tracked separately
caused a behavior change, in that TLS 1.3 cipher configuration was
preserved across calls to SSL_CTX_set_ssl_version().  To restore commensurate
behavior with the historical behavior, set the ciphersuites to the default as
well as setting the cipher list to the default.

Closes: #7226

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7270)

6 years agoAdd a GMAC demonstration program.
Pauli [Tue, 18 Sep 2018 01:44:43 +0000 (11:44 +1000)]
Add a GMAC demonstration program.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7249)

6 years agossl/ssl_ciph.c: make set_ciphersuites static
Dr. Matthias St. Pierre [Tue, 18 Sep 2018 05:56:27 +0000 (07:56 +0200)]
ssl/ssl_ciph.c: make set_ciphersuites static

Fixes #7252

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7253)

6 years agoTrivial test improvements
Tobias Nießen [Fri, 14 Sep 2018 19:43:12 +0000 (21:43 +0200)]
Trivial test improvements

This commit reuses a variable instead of reevaluating the expression
and updates an outdated comment in the EVP test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7242)

6 years agoFixed typos in hkdf documentation.
David Makepeace [Mon, 17 Sep 2018 03:46:08 +0000 (13:46 +1000)]
Fixed typos in hkdf documentation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7236)

6 years agoAdd missing include file.
Pauli [Mon, 17 Sep 2018 00:40:32 +0000 (10:40 +1000)]
Add missing include file.
Specifically, include e_os.h to pick up alloca definition for WIN32.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7234)

6 years agoAdd a compile time test to verify that openssl/rsa.h and complex.h can
Pauli [Sun, 16 Sep 2018 22:09:25 +0000 (08:09 +1000)]
Add a compile time test to verify that openssl/rsa.h and complex.h can
coexist.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)

6 years agoUse 'i' as parameter name not 'I'.
Pauli [Sun, 16 Sep 2018 21:47:42 +0000 (07:47 +1000)]
Use 'i' as parameter name not 'I'.

The latter causes problems when complex.h is #included.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)

6 years agoUpdate RAND_DRBG.pod
Matt Eaton [Fri, 14 Sep 2018 02:11:14 +0000 (21:11 -0500)]
Update RAND_DRBG.pod

Fixed a minor typo while reading the documentation.
I agree that this contribution is trivial can be freely used.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7221)

6 years agoImprove SSL_shutdown() documentation
Kurt Roeckx [Tue, 11 Sep 2018 21:39:25 +0000 (23:39 +0200)]
Improve SSL_shutdown() documentation

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
GH: #7188

6 years agoVMS: only use the high precision on VMS v8.4 and up
Richard Levitte [Sat, 15 Sep 2018 12:59:06 +0000 (14:59 +0200)]
VMS: only use the high precision on VMS v8.4 and up

It simply isn't available on older versions.

Issue submitted by Mark Daniels

Fixes #7229

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7230)

(cherry picked from commit d6d6aa3521e207c2727bbd1e5c97772502d15739)

6 years agoVMS libtestutil: look for lower case "main"
Richard Levitte [Thu, 13 Sep 2018 15:08:04 +0000 (17:08 +0200)]
VMS libtestutil: look for lower case "main"

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7208)

6 years agoVMS: turn on name mangling for all our programs
Richard Levitte [Thu, 13 Sep 2018 15:02:53 +0000 (17:02 +0200)]
VMS: turn on name mangling for all our programs

With the change to have separate object files by intent, VMS name
mangling gets done differently.  While we previously had that for
libraries only, we must now turn that on generally for our programs,
because some of them depend in internal libraries where mangled names
are all that there is.

Dynamic modules are still built with non-mangled names, which is good
enough to show that it's possible to build with our public libraries
using our public headers.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7208)

6 years agoVMS build: fix a misspelled 'bin_cflags' and a wrongly coded 'NO_INST_'
Richard Levitte [Thu, 13 Sep 2018 15:02:28 +0000 (17:02 +0200)]
VMS build: fix a misspelled 'bin_cflags' and a wrongly coded 'NO_INST_'

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7208)

6 years agoMake some return checks consistent with others
Paul Yang [Thu, 13 Sep 2018 02:17:14 +0000 (11:17 +0900)]
Make some return checks consistent with others

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7209)

6 years agoDon't allow -early_data with other options where it doesn't work
Matt Caswell [Wed, 12 Sep 2018 16:11:10 +0000 (17:11 +0100)]
Don't allow -early_data with other options where it doesn't work

-early_data is not compatible with -www, -WWW, -HTTP or -rev.

Fixes #7200

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7206)

6 years agoAdd an explicit cast to time_t
Matt Caswell [Wed, 12 Sep 2018 15:49:19 +0000 (16:49 +0100)]
Add an explicit cast to time_t

Caused a compilation failure in some environments

Fixes #7204

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7205)

6 years agoUpdate the documentation on libobj2shlib / obj2shlib
Richard Levitte [Wed, 12 Sep 2018 11:32:14 +0000 (13:32 +0200)]
Update the documentation on libobj2shlib / obj2shlib

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7198)

6 years agoVMS: stop trying to build shared libraries from static ones
Richard Levitte [Wed, 12 Sep 2018 08:59:06 +0000 (10:59 +0200)]
VMS: stop trying to build shared libraries from static ones

The possibility to do this was killed when we started producing object
file names with encoded intention (and possibly different builds), and
leads to build errors.

With that, 'libobj2shlib' is renamed to 'obj2shlib' to reflect this
design change.  The old name is still used if the new one isn't
available, for the sake of backward compatibility.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7198)

6 years agoReplace the public RAND_DRBG_USED_FLAGS #define by an internal constant
Dr. Matthias St. Pierre [Tue, 11 Sep 2018 22:37:15 +0000 (00:37 +0200)]
Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant

The new DRBG API added the aforementioned #define. However, it is
used internally only and having it defined publicly does not serve
any purpose except causing potential version compatibility problems.

Fixes #7182

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7190)

6 years agoFix a possible recursion in SSLfatal handling
Bernd Edlinger [Tue, 11 Sep 2018 09:44:13 +0000 (11:44 +0200)]
Fix a possible recursion in SSLfatal handling

Fixes: #7161 (hopefully)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7175)

6 years agoUpdate README.md
Brian 'geeknik' Carpenter [Wed, 12 Sep 2018 06:24:00 +0000 (01:24 -0500)]
Update README.md

Fixes a minor typo that would cause the linker to complain about not finding -lFuzzer

CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7197)

6 years agominor fixes for Windows
Viktor Szakats [Tue, 11 Sep 2018 22:34:00 +0000 (22:34 +0000)]
minor fixes for Windows

- fix to use secure URL in generated Windows resources
- fix a potentially uninitialized variable
- fix an unused variable warning

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7189)

6 years agocrypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
Richard Levitte [Wed, 12 Sep 2018 00:06:26 +0000 (02:06 +0200)]
crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined

Fixes #7186

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7193)

6 years agoBuild files: Separate 'lib' intent from 'shlib' intent
Richard Levitte [Mon, 10 Sep 2018 00:28:39 +0000 (02:28 +0200)]
Build files: Separate 'lib' intent from 'shlib' intent

This is in preparation for having separate CFLAGS variables for static
and for shared library builds.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7159)

6 years agoConfigure: Name object files according to the product they are part of
Richard Levitte [Mon, 10 Sep 2018 00:21:40 +0000 (02:21 +0200)]
Configure: Name object files according to the product they are part of

This will allow to have different object files for different products,
even if they share the same source code, and possibly different builds
for those different object files.

For example, one can have something like this:

    SOURCES[libfoo]=cookie.c
    INCLUDES[libfoo]=include/foo
    SOURCES[libbar]=cookie.c
    INCLUDES[libbar]=include/bar

This would mean that the object files and libraries would be build
somewhat like this:

    $(CC) -Iinclude/foo -o libfoo-lib-cookie.o cookie.c
    $(AR) $(ARFLAGS) libfoo.a libfoo-lib-cookie.o
    $(CC) -Iinclude/bar -o libbar-lib-cookie.o cookie.c
    $(AR) $(ARFLAGS) libbar.a libbar-lib-cookie.o

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7159)

6 years agoConfigure: DON'T trickle down includes from products to sources
Richard Levitte [Mon, 10 Sep 2018 00:18:22 +0000 (02:18 +0200)]
Configure: DON'T trickle down includes from products to sources

Instead, use the include settings from the products later in the process,
making it possible to have different includes for two different libraries
that share the same source code.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7159)

6 years agoLimit the number of AES-GCM keys allowed in TLS. A new error is raised if this
Pauli [Tue, 11 Sep 2018 23:25:20 +0000 (09:25 +1000)]
Limit the number of AES-GCM keys allowed in TLS.  A new error is raised if this
limit is ever reached.

This is a FIPS 140-2 requirement from IG A.5 "Key/IV Pair Uniqueness
Requirements from SP 800-38D".

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7129)

6 years agoSpeed for HMACs.
Pauli [Tue, 14 Aug 2018 04:04:47 +0000 (14:04 +1000)]
Speed for HMACs.

Add support for HMAC over any evp supported digest.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6945)

6 years agoAdd a note to CHANGES indicating that AES-XTS now enforces two different
Pauli [Tue, 11 Sep 2018 22:42:15 +0000 (08:42 +1000)]
Add a note to CHANGES indicating that AES-XTS now enforces two different
keys.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7120)

6 years agoFIPS 140-2 IG A.9 XTS key check.
Pauli [Wed, 5 Sep 2018 02:18:22 +0000 (12:18 +1000)]
FIPS 140-2 IG A.9 XTS key check.

Add a check that the two keys used for AES-XTS are different.

One test case uses the same key for both of the AES-XTS keys.  This causes
a failure under FIP 140-2 IG A.9.  Mark the test as returning a failure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7120)

6 years agoThe next version in master is at least 1.1.2, not 1.1.1x
Richard Levitte [Tue, 11 Sep 2018 14:23:22 +0000 (16:23 +0200)]
The next version in master is at least 1.1.2, not 1.1.1x

The OMC hasn't yet decided what the next release version will be, but
it's at least going to 1.1.2, so we set that value for the moment.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7180)

6 years agoPrepare for 1.1.1a-dev
Matt Caswell [Tue, 11 Sep 2018 12:49:46 +0000 (13:49 +0100)]
Prepare for 1.1.1a-dev

Reviewed-by: Richard Levitte <levitte@openssl.org>
6 years agoPrepare for 1.1.1 release OpenSSL_1_1_1
Matt Caswell [Tue, 11 Sep 2018 12:48:18 +0000 (13:48 +0100)]
Prepare for 1.1.1 release

Reviewed-by: Richard Levitte <levitte@openssl.org>
6 years agoUpdate copyright year
Matt Caswell [Tue, 11 Sep 2018 12:22:14 +0000 (13:22 +0100)]
Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)

6 years agoCAPI engine: add support for RSA_NO_PADDING
Richard Levitte [Tue, 11 Sep 2018 09:00:30 +0000 (11:00 +0200)]
CAPI engine: add support for RSA_NO_PADDING

Since the SSL code started using RSA_NO_PADDING, the CAPI engine became
unusable.  This change fixes that.

Fixes #7131

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7174)

6 years agoCheck the return value from ASN1_INTEGER_set
Matt Caswell [Mon, 10 Sep 2018 15:23:14 +0000 (16:23 +0100)]
Check the return value from ASN1_INTEGER_set

Found by Coverity

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7169)

6 years agoValidate the SM2 digest len before use
Matt Caswell [Mon, 10 Sep 2018 15:53:17 +0000 (16:53 +0100)]
Validate the SM2 digest len before use

Fixes a Coverity complaint.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7170)

6 years agoDon't cast an int * to a size_t *
Matt Caswell [Mon, 10 Sep 2018 15:03:14 +0000 (16:03 +0100)]
Don't cast an int * to a size_t *

If sizeof(int) != sizeof(size_t) this may not work correctly.

Fixes a Coverity issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7168)

6 years agoMore updates to CHANGES and NEWS for the 1.1.1 release
Matt Caswell [Mon, 10 Sep 2018 13:44:04 +0000 (14:44 +0100)]
More updates to CHANGES and NEWS for the 1.1.1 release

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7167)

6 years agoUpdates NEWS for the 1.1.1 release
Matt Caswell [Mon, 10 Sep 2018 10:51:30 +0000 (11:51 +0100)]
Updates NEWS for the 1.1.1 release

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7164)

6 years agoUpdate the pyca-cryptography submodule
Matt Caswell [Mon, 10 Sep 2018 10:33:40 +0000 (11:33 +0100)]
Update the pyca-cryptography submodule

Hopefully this will resolve spurious travis failures.

[extended tests]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7163)

6 years agoAdd a sentence in CHANGES to note SM2 support
Paul Yang [Mon, 10 Sep 2018 05:42:00 +0000 (13:42 +0800)]
Add a sentence in CHANGES to note SM2 support

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7160)

6 years agotest/evp_extra_test.c: fix null pointer dereference
Dr. Matthias St. Pierre [Sun, 9 Sep 2018 22:20:12 +0000 (00:20 +0200)]
test/evp_extra_test.c: fix null pointer dereference

It's actually not a real issue but caused by the absence of the default case
which does not occur in reality but which makes coverity see a code path where
pkey remains unassigned.

Reported by Coverity Scan (CID 1423323)
[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7158)

6 years agocrypto/rsa/rsa_pss.c: silence coverity warning
Dr. Matthias St. Pierre [Sun, 9 Sep 2018 14:33:12 +0000 (16:33 +0200)]
crypto/rsa/rsa_pss.c: silence coverity warning

Reported by Coverity Scan (CID 1439138)
[extended tests]

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7156)

6 years agotest/dhtest.c: fix resource leak
Dr. Matthias St. Pierre [Sun, 9 Sep 2018 14:19:19 +0000 (16:19 +0200)]
test/dhtest.c: fix resource leak

Reported by Coverity Scan (CID 1439136)
[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7155)

6 years agoASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes
Richard Levitte [Thu, 6 Sep 2018 20:09:11 +0000 (22:09 +0200)]
ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes

The deprecated ASN.1 type LONG / ZLONG (incorrectly) produced zero
length INTEGER encoding for zeroes.  For the sake of backward
compatibility, we allow those to be read without fault when using the
replacement types INT32 / UINT32 / INT64 / UINT64.

Fixes #7134

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7144)

6 years agoTESTS: add test of decoding of invalid zero length ASN.1 INTEGER zero
Richard Levitte [Sat, 8 Sep 2018 08:09:32 +0000 (10:09 +0200)]
TESTS: add test of decoding of invalid zero length ASN.1 INTEGER zero

Confirms #7134

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7153)

6 years agoSipHash: add separate setter for the hash size
Richard Levitte [Thu, 6 Sep 2018 20:52:38 +0000 (22:52 +0200)]
SipHash: add separate setter for the hash size

This was originally part of SipHash_Init.  However, there are cases
where there isn't any key material to initialize from when setting the
hash size, and we do allow doing so with a EVP_PKEY control.  The
solution is to provide a separate hash_size setter and to use it in
the corresponding EVP_PKEY_METHOD.

Fixes #7143

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7145)

6 years agoTESTS: add SipHash tests with digestsize controls
Richard Levitte [Sat, 8 Sep 2018 21:19:39 +0000 (23:19 +0200)]
TESTS: add SipHash tests with digestsize controls

Confirms #7143

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)

6 years agoSipHash: make it possible to control the hash size through string controls
Richard Levitte [Sat, 8 Sep 2018 21:19:06 +0000 (23:19 +0200)]
SipHash: make it possible to control the hash size through string controls

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)

6 years agotest/evp_test.c: make it possible to use controls with MAC tests
Richard Levitte [Sat, 8 Sep 2018 21:16:55 +0000 (23:16 +0200)]
test/evp_test.c: make it possible to use controls with MAC tests

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)

6 years agoDo not reset SNI data in SSL_do_handshake()
Matt Caswell [Fri, 7 Sep 2018 14:17:34 +0000 (15:17 +0100)]
Do not reset SNI data in SSL_do_handshake()

PR #3783 introduce coded to reset the server side SNI state in
SSL_do_handshake() to ensure any erroneous config time SNI changes are
cleared. Unfortunately SSL_do_handshake() can be called mid-handshake
multiple times so this is the wrong place to do this and can mean that
any SNI data is cleared later on in the handshake too.

Therefore move the code to a more appropriate place.

Fixes #7014

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7149)

6 years agoSimplify SSL_get_servername() to avoid session references
Ben Kaduk [Tue, 4 Sep 2018 17:30:00 +0000 (12:30 -0500)]
Simplify SSL_get_servername() to avoid session references

Ideally, SSL_get_servername() would do exactly as it is documented
and return exactly what the client sent (i.e., what we currently
are stashing in the SSL's ext.hostname), without needing to refer
to an SSL_SESSION object.  For historical reasons, including the
parsed SNI value from the ClientHello originally being stored in the
SSL_SESSION's ext.hostname field, we have had references to the
SSL_SESSION in this function.  We cannot fully excise them due to
the interaction between user-supplied callbacks and TLS 1.2 resumption
flows, where we call all callbacks but the client did not supply an
SNI value.  Existing callbacks expect to receive a valid SNI value
in this case, so we must fake one up from the resumed session in
order to avoid breakage.

Otherwise, greatly simplify the implementation and just return the
value in the SSL, as sent by the client.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7115)

6 years agoRestore historical SSL_get_servername() behavior
Ben Kaduk [Tue, 4 Sep 2018 16:44:07 +0000 (11:44 -0500)]
Restore historical SSL_get_servername() behavior

Commit 1c4aa31d79821dee9be98e915159d52cc30d8403 modified the state machine
to clean up stale ext.hostname values from SSL objects in the case when
SNI was not negotiated for the current handshake.  This is natural from
the TLS perspective, since this information is an extension that the client
offered but we ignored, and since we ignored it we do not need to keep it
around for anything else.

However, as documented in https://github.com/openssl/openssl/issues/7014 ,
there appear to be some deployed code that relies on retrieving such an
ignored SNI value from the client, after the handshake has completed.
Because the 1.1.1 release is on a stable branch and should preserve the
published ABI, restore the historical behavior by retaining the ext.hostname
value sent by the client, in the SSL structure, for subsequent retrieval.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7115)

6 years agoEnsure certificate callbacks work correctly in TLSv1.3
Matt Caswell [Thu, 6 Sep 2018 14:53:25 +0000 (15:53 +0100)]
Ensure certificate callbacks work correctly in TLSv1.3

The is_tls13_capable() function should not return 0 if no certificates
are configured directly because a certificate callback is present.

Fixes #7140

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7141)

6 years agoRemove a reference to SSL_force_post_handshake_auth()
Matt Caswell [Thu, 6 Sep 2018 14:21:42 +0000 (15:21 +0100)]
Remove a reference to SSL_force_post_handshake_auth()

That function was removed in favour of SSL_set_post_handshake_auth().
Update the docs accordingly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7139)

6 years agoTest that we can handle a PHA CertificateRequest after we sent close_notify
Matt Caswell [Thu, 6 Sep 2018 11:06:24 +0000 (12:06 +0100)]
Test that we can handle a PHA CertificateRequest after we sent close_notify

Even though we already sent close_notify the server may not have recieved
it yet and could issue a CertificateRequest to us. Since we've already
sent close_notify we can't send any reasonable response so we just ignore
it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7114)

6 years agoTest that we can process a KeyUpdate received after we sent close_notify
Kurt Roeckx [Tue, 4 Sep 2018 12:39:41 +0000 (13:39 +0100)]
Test that we can process a KeyUpdate received after we sent close_notify

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7114)

6 years agoProcess KeyUpdate and NewSessionTicket messages after a close_notify
Matt Caswell [Tue, 4 Sep 2018 12:36:55 +0000 (13:36 +0100)]
Process KeyUpdate and NewSessionTicket messages after a close_notify

If we've sent a close_notify then we are restricted about what we can do
in response to handshake messages that we receive. However we can sensibly
process NewSessionTicket messages. We can also process a KeyUpdate message
as long as we also ignore any request for us to update our sending keys.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7114)