oweals/openssl.git
6 years agoAdd an anti-replay mechanism
Matt Caswell [Fri, 16 Mar 2018 09:25:34 +0000 (09:25 +0000)]
Add an anti-replay mechanism

If the server is configured to allow early data then we check if the PSK
session presented by the client is available in the cache or not. If it
isn't then this may be a replay and we disallow it. If it is then we allow
it and remove the session from the cache. Note: the anti-replay protection
is not used for externally established PSKs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

6 years agoDon't update the session cache when processing a client certificate in TLSv1.3
Matt Caswell [Thu, 15 Mar 2018 21:02:15 +0000 (21:02 +0000)]
Don't update the session cache when processing a client certificate in TLSv1.3

We should only update the session cache when we issue a NewSessionTicket.
These are issued automatically after processing a client certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

6 years agoAlways call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
Matt Caswell [Thu, 15 Mar 2018 17:47:29 +0000 (17:47 +0000)]
Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3

Conceptually in TLSv1.3 there can be multiple sessions associated with a
single connection. Each NewSessionTicket issued can be considered a
separate session. We can end up issuing multiple NewSessionTickets on a
single connection at the moment (e.g. in a post-handshake auth scenario).
Each of those issued tickets should have the new_session_cb called, it
should go into the session cache separately and it should have a unique
id associated with it (so that they can be found individually in the
cache).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

6 years agoengines/asm/e_padlock*: add support for Zhaoxin's x86 platform
JeffZhao [Fri, 16 Mar 2018 06:15:16 +0000 (14:15 +0800)]
engines/asm/e_padlock*: add support for Zhaoxin's x86 platform

VIA and Shanghai United Investment Co.,Ltd. found Shanghai ZhaoXin,
which is a fabless x86 CPU IC design company. ZhaoXin has issued
ZX-C, ZX-D x86 processors, which have 'Shanghai' CPU vendor id.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5640)

6 years agoClarify a couple of details around "make variables"
Richard Levitte [Mon, 19 Mar 2018 06:18:56 +0000 (07:18 +0100)]
Clarify a couple of details around "make variables"

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5660)

6 years agoStop test/shlibloadtest.c from failing in a regression test
Richard Levitte [Wed, 14 Mar 2018 16:31:20 +0000 (17:31 +0100)]
Stop test/shlibloadtest.c from failing in a regression test

When doing a regression test, it's obvious that the version
test/shlibloadtest is built for will not be the same as the library
version.  So we change the test to check for assumed compatibility.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5619)

6 years agoAdd a simple method to run regression tests
Richard Levitte [Wed, 14 Mar 2018 16:25:37 +0000 (17:25 +0100)]
Add a simple method to run regression tests

This is only useful when building shared libraries.  This allows us to
run our tests against newer libraries when the time comes.  Simply do
this:

    OPENSSL_REGRESSION=/other/OpenSSL/build/tree make test

($OPENSSL_REGRESSION *must* be an absolute path)

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5619)

6 years agoNOTES.WIN: classify targets to "native" and "hosted" and restructure.
Andy Polyakov [Fri, 16 Mar 2018 14:39:51 +0000 (15:39 +0100)]
NOTES.WIN: classify targets to "native" and "hosted" and restructure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5647)

6 years agoFix miscellaneous typos in docs and source
Dr. Matthias St. Pierre [Fri, 16 Feb 2018 14:45:32 +0000 (15:45 +0100)]
Fix miscellaneous typos in docs and source

- d2i_PKC8PrivateKey -> d2i_PKCS8PrivateKey
- bechmark -> benchmark
- ciperhsuite -> ciphersuite
- EncyptedPreMasterSecret -> EncryptedPreMasterSecret

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5570)

6 years agots_RESP_sign: Don't try to use v2 signing when ESS digest isn't set
Richard Levitte [Sat, 17 Mar 2018 11:30:47 +0000 (12:30 +0100)]
ts_RESP_sign: Don't try to use v2 signing when ESS digest isn't set

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5653)

6 years agoReturn error when trying to use prediction resistance
Kurt Roeckx [Sun, 18 Feb 2018 19:55:28 +0000 (20:55 +0100)]
Return error when trying to use prediction resistance

There is a requirements of having access to a live entropy source
which we can't do with the default callbacks. If you need prediction
resistance you need to set up your own callbacks that follow the
requirements of NIST SP 800-90C.

Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402

6 years agoPropagate the request for prediction resistance to the get entropy call
Kurt Roeckx [Sun, 18 Feb 2018 18:26:55 +0000 (19:26 +0100)]
Propagate the request for prediction resistance to the get entropy call

Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402

6 years agoFix a memory leak in tls1_mac
Bernd Edlinger [Fri, 16 Mar 2018 20:12:22 +0000 (21:12 +0100)]
Fix a memory leak in tls1_mac

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5650)

6 years agoFix a memory leak in n_ssl3_mac
Bernd Edlinger [Fri, 16 Mar 2018 15:45:55 +0000 (16:45 +0100)]
Fix a memory leak in n_ssl3_mac

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5648)

6 years agoFixed a crash in error handing of rand_drbg_new
Bernd Edlinger [Fri, 16 Mar 2018 14:32:25 +0000 (15:32 +0100)]
Fixed a crash in error handing of rand_drbg_new

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5646)

6 years agoFix error handling in b2i_dss and b2i_rsa
Bernd Edlinger [Thu, 15 Mar 2018 11:34:12 +0000 (12:34 +0100)]
Fix error handling in b2i_dss and b2i_rsa

Fixes: #5567

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5624)

6 years agoRAND_DRBG: add a function for setting the default DRBG type and flags
Dr. Matthias St. Pierre [Thu, 15 Mar 2018 18:48:43 +0000 (19:48 +0100)]
RAND_DRBG: add a function for setting the default DRBG type and flags

This commit adds a new api RAND_DRBG_set_defaults() which sets the
default type and flags for new DRBG instances. See also #5576.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5632)

6 years agoINSTALL: Add a note about backward compatibility and "make variables"
Richard Levitte [Fri, 16 Mar 2018 09:47:36 +0000 (10:47 +0100)]
INSTALL: Add a note about backward compatibility and "make variables"

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)

6 years agoConfigure: maintain compability with pre-"make variables" Configure
Richard Levitte [Fri, 16 Mar 2018 07:59:03 +0000 (08:59 +0100)]
Configure: maintain compability with pre-"make variables" Configure

There were a few environment variables that we supported in earlier
Configure versions which got transfered to the %user table.  This
change makes sure that we still support them, by simply pre-populating
the corresponding %user entries with those environment values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)

6 years agoConfigure: Don't fail if there were "make variables" set in env
Richard Levitte [Fri, 16 Mar 2018 07:24:50 +0000 (08:24 +0100)]
Configure: Don't fail if there were "make variables" set in env

The original intent was that if someone had a "make variable" set in
any kind of way, be it as an environment variable or as an argument to
Configure, we wouldn't allow compiler or linker flags as arguments as
well.  That made both of these configurations equivalently impossible:

    ./Configure target CFLAGS=-foo -lextra

     CFLAGS=-foo ./Configure target -lextra

While this makes things look nice and consistent, real world use makes
this hard, as many projects where OpenSSL is a component also set
these variables for other components that use GNU autotools.

Therefore, we need to adapt our Configure accordingly.  By
consequence, the two Configure lines above will not be equivalent any
more:

    ./Configure target CFLAGS=-foo -lextra

This command line will still fail, because the "make variable" was
given as a command line argument.  This cannot be a mistake and is
therefore not allowed.

     CFLAGS=-foo ./Configure target -lextra

This command line will work, but because there is a linker flag as
a command line argument, the environment (i.e. CFLAGS) is ignored.
That isn't quite consistent with the previous command, but is the old
Configure behavior, before the support for "make variables" was added,
and is therefore the backward compatible behavior.

Fixes google/oss-fuzz#1244

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)

6 years agoVMS C: reduce the dependency paths to be relative
Richard Levitte [Thu, 15 Mar 2018 21:05:00 +0000 (22:05 +0100)]
VMS C: reduce the dependency paths to be relative

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)

6 years agoVisual C: reduce the dependency paths to be relative
Richard Levitte [Thu, 15 Mar 2018 19:38:23 +0000 (20:38 +0100)]
Visual C: reduce the dependency paths to be relative

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)

6 years agoutil/add-depends.pl: add the possibility for debug printouts
Richard Levitte [Thu, 15 Mar 2018 19:37:39 +0000 (20:37 +0100)]
util/add-depends.pl: add the possibility for debug printouts

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)

6 years agoMove all dependency post-processing to util/add-depends.pl
Richard Levitte [Thu, 15 Mar 2018 17:06:18 +0000 (18:06 +0100)]
Move all dependency post-processing to util/add-depends.pl

In the end, it's more efficient to only have one perl instance (that
loads configdata.pm) dealing with dependency files than running one
(that still loads configdata.pm) for each such file.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)

6 years agoVMS: add alias macros to avoid 31 character symbol name limit warning
Richard Levitte [Thu, 15 Mar 2018 19:01:11 +0000 (20:01 +0100)]
VMS: add alias macros to avoid 31 character symbol name limit warning

Affected symbol names:

generate_stateless_cookie_callback
verify_stateless_cookie_callback

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5633)

6 years agoWindows makefile: don't use different looking variants of same cmd
Richard Levitte [Thu, 15 Mar 2018 20:37:32 +0000 (21:37 +0100)]
Windows makefile: don't use different looking variants of same cmd

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5635)

6 years agoPublish the RAND_DRBG API
Dr. Matthias St. Pierre [Mon, 5 Mar 2018 22:45:44 +0000 (23:45 +0100)]
Publish the RAND_DRBG API

Fixes #4403

This commit moves the internal header file "internal/rand.h" to
<openssl/rand_drbg.h>, making the RAND_DRBG API public.
The RAND_POOL API remains private, its function prototypes were
moved to "internal/rand_int.h" and converted to lowercase.

Documentation for the new API is work in progress on GitHub #5461.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5462)

6 years agoAdd code to run test, get malloc counts
Rich Salz [Thu, 15 Mar 2018 14:51:17 +0000 (10:51 -0400)]
Add code to run test, get malloc counts

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4528)

6 years agoutil/postprocess-makedepend.pl: make an effort to collect dependencies
Richard Levitte [Wed, 14 Mar 2018 12:24:12 +0000 (13:24 +0100)]
util/postprocess-makedepend.pl: make an effort to collect dependencies

Instead of just working line by line, we collect all dependencies for
every target and print everything out at the end, with each target
getting a potentially long list of dependencies.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)

6 years agoutil/postprocess-makedepend.pl: For VC, don't include system headers
Richard Levitte [Wed, 14 Mar 2018 09:37:26 +0000 (10:37 +0100)]
util/postprocess-makedepend.pl: For VC, don't include system headers

All dependencies that VC gives us are absolute paths, so we need to
check if some of them are within our source or build tree.  We do that
by comparing the start of each dependency with the absolute versions
of our source and build directories.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)

6 years agoStreamline dependency generation
Richard Levitte [Mon, 12 Mar 2018 08:18:44 +0000 (09:18 +0100)]
Streamline dependency generation

It seems that only gcc -MMD produces dependency files that are "sane"
for our needs.  For all other methods, some post processing is needed:

- 'makedepend' (Unix) insists that object files are located in the
  same spot as the source file.
- 'cl /Zs /showIncludes' (Visual C) has "Note: including file: " where
  we'd like to see the object.
- 'CC/DECC' (VMS) insists that the object file is located in the
  current directory, i.e. it strips away all directory information.

So far, we've managed this (except for the VMS case) with individual
uncommented perl command lines directly in the build file template.
We're now collecting these diverse hacks into one perl script that
takes an argument to tell what kind of input to expect and that
massages whatever it gets on STDIN and outputs the result on STDOUT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)

6 years agoFix no-chacha and no-poly1305
Matt Caswell [Thu, 15 Mar 2018 08:45:22 +0000 (08:45 +0000)]
Fix no-chacha and no-poly1305

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5623)

6 years agoFix a memory leak in the ca application
Matt Caswell [Wed, 14 Mar 2018 14:32:48 +0000 (14:32 +0000)]
Fix a memory leak in the ca application

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoAllow multiple entries without a Subject even if unique_subject == yes
Matt Caswell [Fri, 23 Feb 2018 19:48:11 +0000 (19:48 +0000)]
Allow multiple entries without a Subject even if unique_subject == yes

It is quite likely for there to be multiple certificates with empty
subjects, which are still distinct because of subjectAltName. Therefore
we allow multiple certificates with an empty Subject even if
unique_subject is set to yes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoReport a readable error on a duplicate cert in ca app
Matt Caswell [Fri, 23 Feb 2018 18:28:47 +0000 (18:28 +0000)]
Report a readable error on a duplicate cert in ca app

Commit 87e8feca (16 years ago!) introduced a bug where if we are
attempting to insert a cert with a duplicate subject name, and
duplicate subject names are not allowed (which is the default),
then we get an unhelpful error message back (error number 2). Prior
to that commit we got a helpful error message which displayed details
of the conflicting entry in the database.

That commit was itself attempting to fix a bug with the noemailDN option
where we were setting the subject field in the database too early
(before extensions had made any amendments to it).

This PR moves the check for a conflicting Subject name until after all
changes to the Subject have been made by extensions etc.

This also, co-incidentally fixes the ca crashing bug described in issue
5109.

Fixes #5109

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoRevert "Don't allow an empty Subject when creating a Certificate"
Matt Caswell [Fri, 23 Feb 2018 09:46:30 +0000 (09:46 +0000)]
Revert "Don't allow an empty Subject when creating a Certificate"

This reverts commit e505f1e86874acfd98826d64c53bf2ddfd9c1399.

Empty Subjects should be permissible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoRevert "Don't crash on a missing Subject in index.txt"
Matt Caswell [Fri, 23 Feb 2018 09:46:06 +0000 (09:46 +0000)]
Revert "Don't crash on a missing Subject in index.txt"

This reverts commit 1e05c6d07ff963107286d028f6778d2ccc863a9a.

Empty subjects should be permissible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoRename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Matt Caswell [Thu, 15 Mar 2018 12:19:16 +0000 (12:19 +0000)]
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()

Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd functions for setting the new EVP_PKEY_ASN1_METHOD functions
Matt Caswell [Fri, 9 Mar 2018 11:02:28 +0000 (11:02 +0000)]
Add functions for setting the new EVP_PKEY_ASN1_METHOD functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoMake sure all errors go on the stack in the EVP_PKEY_new*() functions
Matt Caswell [Mon, 5 Mar 2018 19:26:36 +0000 (19:26 +0000)]
Make sure all errors go on the stack in the EVP_PKEY_new*() functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoExpand the 25519/448 overview man pages
Matt Caswell [Mon, 5 Mar 2018 19:16:35 +0000 (19:16 +0000)]
Expand the 25519/448 overview man pages

Include more information about how to create keys for these algorithms.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd some test vectors for testing raw 448/25519 keys
Matt Caswell [Mon, 5 Mar 2018 18:39:44 +0000 (18:39 +0000)]
Add some test vectors for testing raw 448/25519 keys

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd PrivateKeyRaw and PublicKeyRaw support to evp_test
Matt Caswell [Fri, 1 Dec 2017 17:57:42 +0000 (17:57 +0000)]
Add PrivateKeyRaw and PublicKeyRaw support to evp_test

Previously private and public keys had to be pem encoded to be read by
evp_test. This enables us to embed the raw private/public key values
in the test file. The algorithm has to support EVP_PKEY_new_private_key()
and EVP_PKEY_new_public_key() for this to work.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd documentation for the newly added EVP_PKEY_new*() functions
Matt Caswell [Mon, 5 Mar 2018 17:41:49 +0000 (17:41 +0000)]
Add documentation for the newly added EVP_PKEY_new*() functions

Also adds some documentation for related existing functions/macros

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoUpdate the tests to use the new EVP_PKEY_new_private_key() function
Matt Caswell [Mon, 5 Mar 2018 16:22:41 +0000 (16:22 +0000)]
Update the tests to use the new EVP_PKEY_new_private_key() function

Also to use the new EVP_PKEY_new_CMAC_key()

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd the function EVP_PKEY_new_CMAC_key()
Matt Caswell [Mon, 5 Mar 2018 17:23:57 +0000 (17:23 +0000)]
Add the function EVP_PKEY_new_CMAC_key()

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd support for setting raw private Poly1305 keys
Matt Caswell [Mon, 5 Mar 2018 16:22:24 +0000 (16:22 +0000)]
Add support for setting raw private Poly1305 keys

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd support for setting raw private SIPHASH keys
Matt Caswell [Mon, 5 Mar 2018 16:17:24 +0000 (16:17 +0000)]
Add support for setting raw private SIPHASH keys

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd support for setting raw private HMAC keys
Matt Caswell [Mon, 5 Mar 2018 15:13:43 +0000 (15:13 +0000)]
Add support for setting raw private HMAC keys

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd support for setting raw private/public 25519/448 keys
Matt Caswell [Mon, 5 Mar 2018 13:58:46 +0000 (13:58 +0000)]
Add support for setting raw private/public 25519/448 keys

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd functions to create an EVP_PKEY from raw private/public key data
Matt Caswell [Mon, 5 Mar 2018 14:06:41 +0000 (14:06 +0000)]
Add functions to create an EVP_PKEY from raw private/public key data

Not all algorithms will support this, since their keys are not a simple
block of data. But many can.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoConfigure: allow to enable afalgeng if target does not start with Linux
Sebastian Andrzej Siewior [Thu, 25 Jan 2018 21:50:55 +0000 (22:50 +0100)]
Configure: allow to enable afalgeng if target does not start with Linux

The Debian build system uses a `debian' target which sets CFLAGS and
then we have for instance debian-amd64 which inherits from
linux-x86_64 and debian [0]. So far so good.

Unless there are different suggestions how to do this, I would keep it.
However since the target name does not start with `linux', the build
system does not enable the afalg engine. So in order to get enabled, I
added a
`enable           => [ "afalgeng" ],'
to the generic linux config which sets it explicit (as suggested by
Richard Levitte). Having this set, we can check for it instead matching
the target name.

[0] https://sources.debian.org/src/openssl/1.1.0g-2/Configurations/20-debian.conf/
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5169)

6 years agoOnly update the server session cache when the session is ready
Matt Caswell [Wed, 14 Mar 2018 17:51:18 +0000 (17:51 +0000)]
Only update the server session cache when the session is ready

In TLSv1.3 the session is not ready until after the end of the handshake
when we are constructing the NewSessionTicket.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5621)

6 years agoMissings OIDs for XTS added.
Pauli [Thu, 15 Mar 2018 01:01:48 +0000 (11:01 +1000)]
Missings OIDs for XTS added.

Added two missing OIDs for AES-{128,256}-XTS.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5622)

6 years agoFix no-ec
Matt Caswell [Wed, 14 Mar 2018 14:04:18 +0000 (14:04 +0000)]
Fix no-ec

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5618)

6 years agoFix test_out_option
Patrick Steuer [Mon, 12 Mar 2018 12:53:21 +0000 (12:53 +0000)]
Fix test_out_option

Random path generation code in test/recipes/15-test_out_option.t
does not work: The code sets rand_path to "/test.pem". I.e. the
test will fail as expected for unprivileged user but will pass
for root user.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5595)

6 years agoutil/add-depends.pl: sort the dependency files
Richard Levitte [Wed, 14 Mar 2018 11:39:45 +0000 (12:39 +0100)]
util/add-depends.pl: sort the dependency files

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5617)

6 years agoFix an error number clash
Matt Caswell [Wed, 14 Mar 2018 11:27:45 +0000 (11:27 +0000)]
Fix an error number clash

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5616)

6 years agoPut the default set of TLSv1.3 ciphersuites in a header file
Matt Caswell [Wed, 14 Mar 2018 10:43:53 +0000 (10:43 +0000)]
Put the default set of TLSv1.3 ciphersuites in a header file

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)

6 years agoFix clienthellotest for new TLSv1.3 ciphersuite configuration
Matt Caswell [Mon, 12 Mar 2018 10:48:32 +0000 (10:48 +0000)]
Fix clienthellotest for new TLSv1.3 ciphersuite configuration

A place in clienthellotest was missed in converting to the new mechanism
for configuration of TLSv1.3 ciphersuites.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)

6 years agoUpdate CHANGES with details of TLSv1.3 ciphersuite configuration
Matt Caswell [Wed, 21 Feb 2018 17:47:12 +0000 (17:47 +0000)]
Update CHANGES with details of TLSv1.3 ciphersuite configuration

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)

6 years agoAdd documentation for TLSv1.3 ciphersuite configuration
Matt Caswell [Wed, 21 Feb 2018 17:23:11 +0000 (17:23 +0000)]
Add documentation for TLSv1.3 ciphersuite configuration

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)

6 years agoUpdate s_time to be allow configuration of TLSv1.3 ciphersuites
Matt Caswell [Mon, 19 Feb 2018 12:07:18 +0000 (12:07 +0000)]
Update s_time to be allow configuration of TLSv1.3 ciphersuites

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)

6 years agoSplit configuration of TLSv1.3 ciphers from older ciphers
Matt Caswell [Fri, 16 Feb 2018 11:26:02 +0000 (11:26 +0000)]
Split configuration of TLSv1.3 ciphers from older ciphers

With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites causing connections to
fail. This is confusing for users.

In reality TLSv1.3 are quite different to older ciphers. They are much
simpler and there are only a small number of them so, arguably, they don't
need the same level of control that the older ciphers have.

This change splits the configuration of TLSv1.3 ciphers from older ones.
By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable
them through your existing config.

Fixes #5359

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)

6 years agoUpdate version numbers for TLSv1.3 draft-26
Matt Caswell [Tue, 13 Mar 2018 13:13:33 +0000 (13:13 +0000)]
Update version numbers for TLSv1.3 draft-26

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5604)

6 years agoOnly allow supported_versions in a TLSv1.3 ServerHello
Matt Caswell [Tue, 13 Mar 2018 10:36:03 +0000 (10:36 +0000)]
Only allow supported_versions in a TLSv1.3 ServerHello

As per the latest text in TLSv1.3 draft-26

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5604)

6 years agoUse the TLSv1.3 record header as AAD
Matt Caswell [Mon, 26 Feb 2018 12:26:14 +0000 (12:26 +0000)]
Use the TLSv1.3 record header as AAD

As of TLSv1.3 draft-25 the record header data must be used as AAD

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5604)

6 years agoRemove '-Wextra' as default user flags for the Linux clang targets
Richard Levitte [Wed, 14 Mar 2018 08:41:35 +0000 (09:41 +0100)]
Remove '-Wextra' as default user flags for the Linux clang targets

We have '--strict-warnings' for this kind of stuff...  also, user
flags are added last, so this overrides any warning supression
--strict-warnings may put in place (for good reasons).

Fixes #5609

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5612)

6 years agoWindows build file: make sure to quote
Richard Levitte [Tue, 13 Mar 2018 21:07:02 +0000 (22:07 +0100)]
Windows build file: make sure to quote

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5608)

6 years agoRemove the temporary file in case it wasn't renamed
Richard Levitte [Tue, 13 Mar 2018 20:55:52 +0000 (21:55 +0100)]
Remove the temporary file in case it wasn't renamed

...  also, name it with "-$$" added instead of ".$$"

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5608)

6 years agoRemove debugging prints from util/add-depends.pl
Richard Levitte [Tue, 13 Mar 2018 18:38:04 +0000 (19:38 +0100)]
Remove debugging prints from util/add-depends.pl

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5608)

6 years agoConfigurations/*.conf: overhaul Android targets.
Andy Polyakov [Sun, 11 Mar 2018 18:08:56 +0000 (19:08 +0100)]
Configurations/*.conf: overhaul Android targets.

Move Android targets to separate file, automate sysroot setup and
add support for NDK 16.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5589)

6 years agoec/curve25519.c: resolve regression with Android NDK's arm64 gcc.
Andy Polyakov [Mon, 12 Mar 2018 09:46:23 +0000 (10:46 +0100)]
ec/curve25519.c: resolve regression with Android NDK's arm64 gcc.

Unlike "upstream", Android NDK's arm64 gcc [but not clang] performs
64x64=128-bit multiplications with library calls, which appears to
have devastating impact on performance. [The condition is reduced to
__ANDROID__ [&& !__clang__], because x86_64 has corresponding
assembly module.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5589)

6 years agostore/loader_file.c: rename variables causing conflicts with Android NDK.
Andy Polyakov [Sun, 11 Mar 2018 17:47:44 +0000 (18:47 +0100)]
store/loader_file.c: rename variables causing conflicts with Android NDK.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5589)

6 years agoRefactor the 'depend' target
Richard Levitte [Tue, 13 Mar 2018 16:56:20 +0000 (17:56 +0100)]
Refactor the 'depend' target

With the help of the perl script util/add-depends.pl, which takes all
its information directly from configdata.pm, the dependency adding
procedure can be streamlined for all support platforms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5606)

6 years agoupdate SRP copyright notice
Tim Hudson [Tue, 13 Mar 2018 08:33:44 +0000 (18:33 +1000)]
update SRP copyright notice

As per discussion with Peter Sylvester

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5603)

6 years agoopenssl rehash: no more need to massage the files on VMS
Richard Levitte [Mon, 12 Mar 2018 22:02:18 +0000 (23:02 +0100)]
openssl rehash: no more need to massage the files on VMS

OPENSSL_DIR_read() now returns unique file names on VMS, no generation
number.  We therefore do not need to handle that case in apps/rehash.c
any more.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5602)

6 years agoAdjust LPdir_unix.c on VMS for OpenSSL expectations
Richard Levitte [Sun, 11 Mar 2018 22:48:04 +0000 (23:48 +0100)]
Adjust LPdir_unix.c on VMS for OpenSSL expectations

When OPENSSL_DIR_read implemented by LPdir_unix.c gets a Unixy path,
it will return file names like you'd expect them on Unix.

However, if given a path with VMS syntax, such as "[.foo]", it returns
file names with generation numbers, such as "bar.txt;1", which makes
sense for VMS expectations, but can be surprising for OpenSSL.

Our solution is to simply shave off the generation number if
OPENSSL_DIR_read() expects there should be one, and make sure not to
return the same file name twice.  Note that VMS filesystems are case
insensitive, so the check for duplicate file names are done without
regard to character case.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5587)

6 years agoCONF inclusion test: Add VMS specific tests
Richard Levitte [Sun, 11 Mar 2018 22:47:40 +0000 (23:47 +0100)]
CONF inclusion test: Add VMS specific tests

We want to see that VMS syntax paths are treated correctly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5587)

6 years agoCONF: On VMS, treat VMS syntax inclusion paths correctly
Richard Levitte [Sun, 11 Mar 2018 09:14:11 +0000 (10:14 +0100)]
CONF: On VMS, treat VMS syntax inclusion paths correctly

non-VMS syntax inclusion paths get the same treatment as on Unix.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5587)

6 years agoFree the correct type in OBJ_add_object()
Matt Caswell [Mon, 12 Mar 2018 15:24:29 +0000 (15:24 +0000)]
Free the correct type in OBJ_add_object()

We should be using ASN1_OBJECT_free() not OPENSSL_free().

Fixes #5568

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5597)

6 years agoFix enable-ssl-trace
Matt Caswell [Mon, 12 Mar 2018 16:08:31 +0000 (16:08 +0000)]
Fix enable-ssl-trace

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5600)

6 years agoIntroduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb
Benjamin Saunders [Mon, 26 Feb 2018 02:39:11 +0000 (18:39 -0800)]
Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb

These functions are similar to SSL_CTX_set_cookie_{generate,verify}_cb,
but used for the application-controlled portion of TLS1.3 stateless
handshake cookies rather than entire DTLSv1 cookies.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5463)

6 years agoImprove error handling in pk7_doit
Matt Caswell [Mon, 12 Mar 2018 13:56:34 +0000 (13:56 +0000)]
Improve error handling in pk7_doit

If a mem allocation failed we would ignore it. This commit fixes it to
always check.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5596)

6 years agoAdd OIDs for DSTU-4145
gmile [Mon, 12 Mar 2018 00:52:13 +0000 (20:52 -0400)]
Add OIDs for DSTU-4145

Original source:
https://github.com/dstucrypt/openssl-dstu/commit/2c5fc4c92b8244c5026f4f871eb9497f9c28d5af

Full list of OIDs is available on related enactment page
at http://zakon2.rada.gov.ua/laws/show/z0423-17

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5216)

6 years agoDon't negotiate TLSv1.3 with the ossl_shim
Matt Caswell [Mon, 12 Mar 2018 11:42:00 +0000 (11:42 +0000)]
Don't negotiate TLSv1.3 with the ossl_shim

The ossl_shim doesn't know about TLSv1.3 so we should disable that
protocol version for all tests for now.

This fixes the current Travis failures.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5593)

6 years agoSession Ticket app data
Todd Short [Wed, 15 Mar 2017 17:25:55 +0000 (13:25 -0400)]
Session Ticket app data

Adds application data into the encrypted session ticket

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3802)

6 years agomem_sec.c: portability fixup.
Andy Polyakov [Sat, 10 Mar 2018 18:38:28 +0000 (19:38 +0100)]
mem_sec.c: portability fixup.

Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years agoFix propotype to include the const qualifier
Kurt Roeckx [Sat, 10 Mar 2018 15:32:55 +0000 (16:32 +0100)]
Fix propotype to include the const qualifier

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #5582

6 years agoFixed a handful of typos
Alex Gaynor [Sat, 10 Mar 2018 18:13:23 +0000 (13:13 -0500)]
Fixed a handful of typos

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5583)

6 years agoConfigurations/10-main.conf: VC-<target> cleanups.
Andy Polyakov [Fri, 9 Mar 2018 16:28:06 +0000 (17:28 +0100)]
Configurations/10-main.conf: VC-<target> cleanups.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5574)

6 years agoConfigurations/unix-Makefile.tmpl: overhaul assembler make rules.
Andy Polyakov [Fri, 9 Mar 2018 12:57:38 +0000 (13:57 +0100)]
Configurations/unix-Makefile.tmpl: overhaul assembler make rules.

So far assembly modules were built as .pl->.S->.s followed by .s->.o.
This posed a problem in build_all_generated rule if it was executed
on another computer. So we change rule sequence to .pl->.S and then
.S->.s->.o.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5573)

6 years agoConfigurations/descrip.mms.tmpl: Fix small errors
Richard Levitte [Fri, 9 Mar 2018 21:58:32 +0000 (22:58 +0100)]
Configurations/descrip.mms.tmpl: Fix small errors

A missing parenthesis here, a missing comma there...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5579)

6 years agoConfigure: catch the build tree configdata.pm
Richard Levitte [Thu, 8 Mar 2018 11:01:28 +0000 (12:01 +0100)]
Configure: catch the build tree configdata.pm

There are things depending on configdata.pm.  However, it's perfectly
possible that there is one in the source directory from a previous
build, and that might disrupt an out of source build.  To avoid this
conflict, make sure never to use the source tree configdata.pm in that
case, i.e. make the hard assumption that it's a generated file in the
build tree, which it is.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5546)

6 years agoConfigure: don't mangle the directory again when checking DEPEND inclusion
Richard Levitte [Wed, 7 Mar 2018 14:58:04 +0000 (15:58 +0100)]
Configure: don't mangle the directory again when checking DEPEND inclusion

When generating the correct inclusion directory for DEPEND, we mangled
it to be relative to the build or the source directory.  However, the
value we handle already come with a correct directory, so we only need
to use it as is.

Fixes #5543

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5546)

6 years agoRAND_DRBG: add a function for setting the reseeding defaults
Dr. Matthias St. Pierre [Fri, 9 Mar 2018 17:24:23 +0000 (18:24 +0100)]
RAND_DRBG: add a function for setting the reseeding defaults

The introduction of thread local public and private DRBG instances (#5547)
makes it very cumbersome to change the reseeding (time) intervals for
those instances. This commit provides a function to set the default
values for all subsequently created DRBG instances.

 int RAND_DRBG_set_reseed_defaults(
                                   unsigned int master_reseed_interval,
                                   unsigned int slave_reseed_interval,
                                   time_t master_reseed_time_interval,
                                   time_t slave_reseed_time_interval
                                   );

The function is intended only to be used during application initialization,
before any threads are created and before any random bytes are generated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5576)

6 years agoAttempt to fix boringssl tests
Ben Kaduk [Fri, 9 Mar 2018 18:58:39 +0000 (12:58 -0600)]
Attempt to fix boringssl tests

Commit abe256e7951e6d57f8f6b4364ea696eb4ead3852 changed the config target
element from 'cxx' to 'CXX'; catch up accordingly.
Also use a space to offset the template boundary, per convention.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5577)

6 years agoDocument more X509_STORE functions
Benjamin Kaduk [Mon, 17 Jul 2017 17:44:03 +0000 (12:44 -0500)]
Document more X509_STORE functions

X509_STORE_set_verify_cb_func.pod has documentation for various callbacks
and function pointers that can be set and retrieved, but neither it nor
X509_STORE_new has much documentation for the actual purpose and usage
of X509_STORE objects.  Remedy this disparity with new documentation
for adding certificates and CRLs, expected usage, and for modifying
the default verifification behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3958)

6 years agoFix doc-nits
Ben Kaduk [Fri, 9 Mar 2018 16:33:19 +0000 (10:33 -0600)]
Fix doc-nits

Remove a space from a whitespace-only line.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5575)

6 years agoReuse extension_is_relevant() in should_add_extension()
Benjamin Kaduk [Tue, 14 Mar 2017 19:41:08 +0000 (14:41 -0500)]
Reuse extension_is_relevant() in should_add_extension()

At the core of things is the concept that each extension is only
defined in certain context(s) -- the ClientHello, EncryptedExtensions,
etc., and sometimes only for a specific protocol or protocol range;
we want to enforce that we only parse or generate extensions in the
context(s) for which they are defined.  There is some subtlety here,
in that the protocol version in use is not known when generating the
ClientHello (but it is known when the ClientHello extensions are
being parsed!), so the SSL_IS_TLS13() macro must be used with caution.
Nonetheless, by making assertions about whether we are acting in a
server role and whether the current context is (not) a ClientHello,
we can consolidate almost all of the logic for determining whether
an extension is permitted in a given protocol message, whether we
are generating or parsing that message.

The only logic that remains separate relates to generating the ClientHello,
as it depends on an external factor (the maximum permitted TLS version) that
is not defined in the parsing context.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2945)