oweals/openssl.git
8 years agoRemove unused cert_verify_mac code
Dr. Stephen Henson [Wed, 25 Nov 2015 13:08:08 +0000 (13:08 +0000)]
Remove unused cert_verify_mac code

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoConfiguratons: add -DFILIO_H to harmonized Solaris targets.
Andy Polyakov [Mon, 23 Nov 2015 13:12:17 +0000 (14:12 +0100)]
Configuratons: add -DFILIO_H to harmonized Solaris targets.

Triggered by RT#4144.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoRemove useless locking code
Alessandro Ghedini [Wed, 28 Oct 2015 19:38:39 +0000 (20:38 +0100)]
Remove useless locking code

Follow-up to 070c233.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #454

8 years agoFix typo: _REENTERANT -> _REENTRANT
Finn Hakansson [Tue, 24 Nov 2015 20:55:50 +0000 (15:55 -0500)]
Fix typo: _REENTERANT -> _REENTRANT

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #484

8 years agomark openssl configuration as loaded at end of OPENSSL_config
Marcus Meissner [Wed, 4 Nov 2015 14:00:12 +0000 (15:00 +0100)]
mark openssl configuration as loaded at end of OPENSSL_config

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #466

8 years agoFix grammar errors
Quanah Gibson-Mount [Mon, 23 Nov 2015 03:35:15 +0000 (21:35 -0600)]
Fix grammar errors

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #481

8 years agossl3_free(): Return if it wasn't created
Pascal Cuoq [Sun, 22 Nov 2015 23:13:15 +0000 (00:13 +0100)]
ssl3_free(): Return if it wasn't created

If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can
get called with s->s3 still being NULL.

Patch also provided by Willy Tarreau <wtarreau@haproxy.com>

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
8 years agoAdd ctrl for SHA1 and SSLv3
Dr. Stephen Henson [Tue, 24 Nov 2015 14:20:58 +0000 (14:20 +0000)]
Add ctrl for SHA1 and SSLv3

Add SSLv3 ctrl to EVP_sha1() this is only needed if SSLv3 client
authentication is used with DSA/ECDSA.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agomake update
Dr. Stephen Henson [Tue, 24 Nov 2015 02:29:57 +0000 (02:29 +0000)]
make update

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoUse EVP_md5_sha1() to process client verify
Dr. Stephen Henson [Tue, 24 Nov 2015 00:47:11 +0000 (00:47 +0000)]
Use EVP_md5_sha1() to process client verify

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoUse EVP_md5_sha1() to generate client verify
Dr. Stephen Henson [Tue, 24 Nov 2015 00:08:35 +0000 (00:08 +0000)]
Use EVP_md5_sha1() to generate client verify

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoAdd EVP_MD_CTX_ctrl function.
Dr. Stephen Henson [Mon, 23 Nov 2015 16:07:46 +0000 (16:07 +0000)]
Add EVP_MD_CTX_ctrl function.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoAdd ssl3 ctrl to EVP_md5_sha1().
Dr. Stephen Henson [Mon, 23 Nov 2015 16:05:20 +0000 (16:05 +0000)]
Add ssl3 ctrl to EVP_md5_sha1().

Add a ctrl to EVP_md5_sha1() to handle the additional operations needed
to handle SSL v3 client authentication and finished message.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoRemove RSA exception when generating server key exchange.
Dr. Stephen Henson [Sat, 21 Nov 2015 04:03:48 +0000 (04:03 +0000)]
Remove RSA exception when generating server key exchange.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoRemove RSA exception when processing server key exchange.
Dr. Stephen Henson [Sat, 21 Nov 2015 03:56:52 +0000 (03:56 +0000)]
Remove RSA exception when processing server key exchange.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoUse MD5+SHA1 for default digest if appropriate.
Dr. Stephen Henson [Sat, 29 Aug 2015 21:11:05 +0000 (22:11 +0100)]
Use MD5+SHA1 for default digest if appropriate.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoAdd MD5+SHA1
Dr. Stephen Henson [Thu, 20 Nov 2014 13:28:48 +0000 (13:28 +0000)]
Add MD5+SHA1

Add digest combining MD5 and SHA1. This is used by RSA signatures for
TLS 1.1 and earlier.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoFix uninitialised p error.
Dr. Stephen Henson [Tue, 24 Nov 2015 16:37:52 +0000 (16:37 +0000)]
Fix uninitialised p error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoLimit depth of ASN1 parse printing.
Dr. Stephen Henson [Thu, 3 Sep 2015 13:27:19 +0000 (14:27 +0100)]
Limit depth of ASN1 parse printing.

Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoDrop the old perl start magic and replace it with a normal shebang
Richard Levitte [Tue, 24 Nov 2015 13:06:45 +0000 (14:06 +0100)]
Drop the old perl start magic and replace it with a normal shebang

perlrun(1) leads the way.

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoAdd perl modeline to Configure scripts
Jacob Bandes-Storch [Tue, 24 Nov 2015 05:44:58 +0000 (21:44 -0800)]
Add perl modeline to Configure scripts

Encourages GitHub to perform proper syntax highlighting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago"make update" after async merge.
Rich Salz [Mon, 23 Nov 2015 20:00:10 +0000 (15:00 -0500)]
"make update" after async merge.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
8 years agoFix a few missed "if (!ptr)" cleanups
Rich Salz [Mon, 23 Nov 2015 18:30:04 +0000 (13:30 -0500)]
Fix a few missed "if (!ptr)" cleanups

And a scalar !x --> x==0 test
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoPatch containing TLS implementation for GOST 2012
Dmitry Belyavsky [Tue, 17 Nov 2015 15:32:30 +0000 (15:32 +0000)]
Patch containing TLS implementation for GOST 2012

This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agox86_64 assembly pack: tune clang version detection.
Andy Polyakov [Sat, 21 Nov 2015 10:32:05 +0000 (11:32 +0100)]
x86_64 assembly pack: tune clang version detection.

RT#4142

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoMakefile.org: add LC_ALL=C to unify error [and other] messages.
Andy Polyakov [Sat, 21 Nov 2015 10:28:05 +0000 (11:28 +0100)]
Makefile.org: add LC_ALL=C to unify error [and other] messages.

RT#4138

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoe_os.h: __sun done right.
Andy Polyakov [Sun, 22 Nov 2015 12:39:35 +0000 (13:39 +0100)]
e_os.h: __sun done right.

RT #4144

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years agoFix a rebase error
Matt Caswell [Sun, 22 Nov 2015 00:01:55 +0000 (00:01 +0000)]
Fix a rebase error

During rebasing of the async changes some error codes ended up being
duplicated so that "make errors" fails. This removes the duplication.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
8 years agoAsync error handling and MacOS/X fixes
Viktor Dukhovni [Sun, 22 Nov 2015 01:14:43 +0000 (20:14 -0500)]
Async error handling and MacOS/X fixes

In the async code for MacOS/X define _XOPEN_SOURCE (if not already
defined) as early as possible.  We must do this before including
any header files, because on MacOS/X <stlib.h> includes <signal.h>
which includes <ucontext.h>.  If we delay defining _XOPEN_SOURCE
and include <ucontext.h> after various system headers are included,
we are very likely to end up with the wrong (truncated) definition
of ucontext_t.

Also, better error handling and some code cleanup in POSIX fibre
construction and destruction.  We make sure that async_fibre_makecontext()
always initializes the fibre to a state that can be freed.

For all implementations, check for error returns from
async_fibre_makecontext().

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoUse defined(__sun) instead of defined(sun)
Kurt Roeckx [Sun, 22 Nov 2015 09:31:35 +0000 (10:31 +0100)]
Use defined(__sun) instead of defined(sun)

Strict ISO confirming C compilers only define __sun

Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
RT #4144, MR #1353

8 years agoUpdate dasync to use size_t for the sha1 update
Kurt Roeckx [Sat, 21 Nov 2015 16:58:12 +0000 (17:58 +0100)]
Update dasync to use size_t for the sha1 update

Reviewed-by: Matt Caswell <matt@openssl.org>
MR #1350

8 years agoAdd initial AppVeyor configuration
Alessandro Ghedini [Wed, 28 Oct 2015 20:11:37 +0000 (21:11 +0100)]
Add initial AppVeyor configuration

Original patch by Frank Morgner.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #456

8 years agoTurn B<...()> into ...()
Rich Salz [Thu, 19 Nov 2015 20:49:30 +0000 (15:49 -0500)]
Turn B<...()> into ...()

For all functions, consistently use asdf() not B<asdf()>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoFix "primarility" typo
Michal Bozon [Thu, 29 Oct 2015 15:48:00 +0000 (16:48 +0100)]
Fix "primarility" typo

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #458

8 years agoMinor correction to comment.
Finn Hakansson [Thu, 12 Nov 2015 17:36:48 +0000 (12:36 -0500)]
Minor correction to comment.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
8 years agoFix STRICT_ALIGNMENT for whrlpool
Andy Polyakov [Wed, 28 Oct 2015 10:49:01 +0000 (11:49 +0100)]
Fix STRICT_ALIGNMENT for whrlpool

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoDeclare cleanse_ctr variable as extern
Alessandro Ghedini [Fri, 23 Oct 2015 14:17:33 +0000 (16:17 +0200)]
Declare cleanse_ctr variable as extern

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoAdd no-asm builds to Travis
Alessandro Ghedini [Thu, 22 Oct 2015 10:34:24 +0000 (12:34 +0200)]
Add no-asm builds to Travis

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix (minor) problems found by ubsan
Alessandro Ghedini [Sat, 17 Oct 2015 19:28:25 +0000 (21:28 +0200)]
Fix (minor) problems found by ubsan

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoAdd Travis builds with undefined behavior sanitizer
Alessandro Ghedini [Sat, 17 Oct 2015 19:00:55 +0000 (21:00 +0200)]
Add Travis builds with undefined behavior sanitizer

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoadd -pthread to debug-steve*
Dr. Stephen Henson [Sat, 21 Nov 2015 12:44:39 +0000 (12:44 +0000)]
add -pthread to debug-steve*

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoGood hygiene with size_t output argument.
Viktor Dukhovni [Sat, 21 Nov 2015 05:59:07 +0000 (00:59 -0500)]
Good hygiene with size_t output argument.

Though the callers check the function return value and ignore the
size_t output argument on failure, it is still often not ideal to
store (-1) in size_t on error.  That might signal an unduly large
buffer.  Instead set the size_t to 0, to indicate no space.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoImplement windows async thread local variable support
Matt Caswell [Thu, 19 Nov 2015 21:44:13 +0000 (21:44 +0000)]
Implement windows async thread local variable support

Implements Thread Local Storage in the windows async port. This also has
some knock on effects to the posix and null implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoConvert __thread to pthreads for Thread Local Storage
Matt Caswell [Fri, 13 Nov 2015 23:54:44 +0000 (23:54 +0000)]
Convert __thread to pthreads for Thread Local Storage

In theory the pthreads approach for Thread Local Storage should be more
portable.

This also changes some APIs in order to accommodate this change. In
particular ASYNC_init_pool is renamed ASYNC_init_thread and
ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init
and ASYNC_cleanup.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSimplify async pool handling
Matt Caswell [Fri, 13 Nov 2015 15:21:20 +0000 (15:21 +0000)]
Simplify async pool handling

A lot of the pool handling code was in the arch specific files, but was
actually boiler plate and the same across the implementations. This commit
moves as much code as possible out of the arch specific files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSwap to using proper windows pipes
Matt Caswell [Fri, 13 Nov 2015 11:22:21 +0000 (11:22 +0000)]
Swap to using proper windows pipes

We were using _pipe to create a pipe on windows. This uses the "int" type
for its file descriptor for compatibility. However most windows functions
expect to use a "HANDLE". Probably we could get away with just casting but
it seems more robust to use the proper type and main stream windows
functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix some style issues
Matt Caswell [Thu, 12 Nov 2015 11:50:38 +0000 (11:50 +0000)]
Fix some style issues

There were a number of places where the async code did not conform to the
OpenSSL coding style.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix async deadlock problem
Matt Caswell [Thu, 12 Nov 2015 10:52:30 +0000 (10:52 +0000)]
Fix async deadlock problem

The rand code can aquire locks and then attempt crypto operations. This
can end up in a deadlock if we are using an async engine, because control
returns back to the user code whilst still holding the lock. We need to
force synchronous operation for these sections of code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd ASYNC_block_pause and ASYNC_unblock_pause
Matt Caswell [Thu, 12 Nov 2015 10:42:08 +0000 (10:42 +0000)]
Add ASYNC_block_pause and ASYNC_unblock_pause

There are potential deadlock situations that can occur if code executing
within the context of a job aquires a lock, and then pauses the job. This
adds an ability to temporarily block pauses from occuring whilst performing
work and holding a lock.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRemove ASYNC NOEXIST functions from libeay.num
Matt Caswell [Thu, 15 Oct 2015 14:33:57 +0000 (15:33 +0100)]
Remove ASYNC NOEXIST functions from libeay.num

During development some functions got added and then later taken away.
Since these will never appear in a production version there is no reason
for them to appear in libeay.num flagged as "NOEXIST".

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFurther OS-X deprecated warnings tweak
Matt Caswell [Sun, 11 Oct 2015 15:59:08 +0000 (16:59 +0100)]
Further OS-X deprecated warnings tweak

Even with _XOPEN_SOURCE defined OS-X still displays warnings that
makecontext and friends are deprecated. This isn't a problem until you
try and build with --strict-warnings, and the build fails. This change
suppresses the warnings. We know they are deprecated but there is no
alternative!

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix bug in async_fibre_makecontext for POSIX
Matt Caswell [Sun, 11 Oct 2015 15:17:27 +0000 (16:17 +0100)]
Fix bug in async_fibre_makecontext for POSIX

async_fibre_makecontext was initialise the fibre first and then calling
getcontext(). It should be the other way around because the getcontext
call may overwrite some of the things we just initialised. This didn't
cause an issue on Linux and so the problem went unnoticed. On OS-X it
causes a crash.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRename start_async_job to ssl_start_async_job
Matt Caswell [Fri, 9 Oct 2015 15:47:43 +0000 (16:47 +0100)]
Rename start_async_job to ssl_start_async_job

Make it clear that this function is ssl specific.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRename some daysnc functions for consistency
Matt Caswell [Fri, 9 Oct 2015 15:45:25 +0000 (16:45 +0100)]
Rename some daysnc functions for consistency

For some reason the dasync sha1 functions did not start with the
dasync prefix like all of the other functions do. Changed for
consistency.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd clarification to docs on ASYNC_free_pool()
Matt Caswell [Fri, 9 Oct 2015 15:39:35 +0000 (16:39 +0100)]
Add clarification to docs on ASYNC_free_pool()

Clarify that you must only call this after all async jobs have
completed - otherwise you could get memory leaks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix compilation error on OS-X
Matt Caswell [Fri, 9 Oct 2015 15:32:07 +0000 (16:32 +0100)]
Fix compilation error on OS-X

OS-X complains if we don't have _XOPEN_SOURCE defined.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix clang errors
Matt Caswell [Fri, 9 Oct 2015 15:23:55 +0000 (16:23 +0100)]
Fix clang errors

Make clang build without errors in the async code

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSwap to using _longjmp/_setjmp instead of longjmp/setjmp
Matt Caswell [Fri, 9 Oct 2015 14:55:01 +0000 (15:55 +0100)]
Swap to using _longjmp/_setjmp instead of longjmp/setjmp

_longjmp/_setjmp do not manipulate the signal mask whilst
longjmp/setjmp may do. Online sources suggest this could result
in a significant speed up in the context switching.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix Linux crash
Matt Caswell [Fri, 9 Oct 2015 14:48:30 +0000 (15:48 +0100)]
Fix Linux crash

If config'd without -d (--debug), asynctest was crashing with:
*** longjmp causes uninitialized stack frame ***

This is because gcc will add certain checks for some functions
(including longjmp). The checks assume you can only longjmp down the
stack not up. However, if we are actually jumping to a different
fibre then it can appear as if we are going up the stack when we are
not really. This change disables the check.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoTweak async documentation based on feedback
Matt Caswell [Wed, 7 Oct 2015 09:00:22 +0000 (10:00 +0100)]
Tweak async documentation based on feedback

Add some clarifications to the async documentation. Also changed
ASYNC_pause_job() so that it returns success if you are not within the
context of a job. This is so that engines can be used either asynchronously
or synchronously and can treat an error from ASYNC_pause_job() as a real
error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoClean up libssl async calls
Matt Caswell [Tue, 6 Oct 2015 14:57:50 +0000 (15:57 +0100)]
Clean up libssl async calls

Tidy up the libssl async calls and make sure all IO functions are covered.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agomake update
Matt Caswell [Tue, 6 Oct 2015 13:51:19 +0000 (14:51 +0100)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd ASYNC error codes
Matt Caswell [Tue, 6 Oct 2015 13:47:00 +0000 (14:47 +0100)]
Add ASYNC error codes

Add ASYNCerr support to give some meaningful error message in the event of
a failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUpdate CHANGES
Matt Caswell [Tue, 6 Oct 2015 13:26:28 +0000 (14:26 +0100)]
Update CHANGES

Add a CHANGES entry for the new async code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd s_client support for waiting for async
Matt Caswell [Tue, 6 Oct 2015 13:04:11 +0000 (14:04 +0100)]
Add s_client support for waiting for async

s_server already had the ability to wait on an async file descriptor. This
adds it to s_client too.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix the error code for SSL_get_async_wait_fd()
Matt Caswell [Tue, 6 Oct 2015 12:49:16 +0000 (13:49 +0100)]
Fix the error code for SSL_get_async_wait_fd()

0 is a valid file descriptor so SSL_get_async_wait_fd should instead return
-1 on error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMore async documentation
Matt Caswell [Tue, 6 Oct 2015 12:48:43 +0000 (13:48 +0100)]
More async documentation

Document the libssl and command line application aspects of async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoNormalise ASYNC naming
Matt Caswell [Tue, 6 Oct 2015 10:25:16 +0000 (11:25 +0100)]
Normalise ASYNC naming

Tidied up the naming of functions and structures to be consistent

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix windows compilation warnings
Matt Caswell [Tue, 6 Oct 2015 09:52:04 +0000 (10:52 +0100)]
Fix windows compilation warnings

Fix some warnings in the async code when compiling on windows.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoOptimise ASYNC_CTX handling
Matt Caswell [Tue, 6 Oct 2015 09:25:21 +0000 (10:25 +0100)]
Optimise ASYNC_CTX handling

Don't recreate a new ASYNC_CTX every time we call ASYNC_start_job() - the
same one can be used for the life of the thread. Instead we only free it
up when we call ASYNC_free_pool().

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix ASYNC null implementation
Matt Caswell [Mon, 5 Oct 2015 21:58:01 +0000 (22:58 +0100)]
Fix ASYNC null implementation

The ASYNC null implementation has not kept pace with the rest of the async
development and so was failing to compile.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd ASYNC tests
Matt Caswell [Mon, 5 Oct 2015 18:41:58 +0000 (19:41 +0100)]
Add ASYNC tests

Add a suite of tests for the ASYNC_* functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRemove ASYNC_in_job()
Matt Caswell [Wed, 23 Sep 2015 22:12:36 +0000 (23:12 +0100)]
Remove ASYNC_in_job()

The ASYNC_in_job() function is redundant. The same effect can be achieved by
using ASYNC_get_current_job().

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoDocument async capabilities
Matt Caswell [Wed, 23 Sep 2015 12:51:58 +0000 (13:51 +0100)]
Document async capabilities

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agomake update
Matt Caswell [Thu, 17 Sep 2015 08:46:55 +0000 (09:46 +0100)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoImplement windows async pool and notify support
Matt Caswell [Wed, 16 Sep 2015 22:43:45 +0000 (23:43 +0100)]
Implement windows async pool and notify support

Port the async pool and notify code to windows.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix pools for s_client
Matt Caswell [Wed, 16 Sep 2015 22:09:15 +0000 (23:09 +0100)]
Fix pools for s_client

s_client was not freeing up the async pool if async mode was enabled.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix s_server bug
Matt Caswell [Wed, 16 Sep 2015 21:54:54 +0000 (22:54 +0100)]
Fix s_server bug

If an async event occurs during a renegotiation in SSL_read then s_server
was looping around, detecting we were in init and calling
init_ssl_connection instead of re-calling SSL_read.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoImplement local thread pools
Matt Caswell [Wed, 16 Sep 2015 16:01:58 +0000 (17:01 +0100)]
Implement local thread pools

Implement the ASYNC_JOB as a local thread pool. Remove the API support
for global pools.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoInitial Async notify code changes
Matt Caswell [Fri, 24 Jul 2015 07:15:31 +0000 (08:15 +0100)]
Initial Async notify code changes

Initial API implemented for notifying applications that an ASYNC_JOB
has completed. Currently only s_server is using this. The Dummy Async
engine "cheats" in that it notifies that it has completed *before* it
pauses the job. A normal async engine would not do that.

Only the posix version of this has been implemented so far, so it will
probably fail to compile on Windows at the moment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd ASYNC_JOB pools
Matt Caswell [Wed, 22 Jul 2015 16:50:51 +0000 (17:50 +0100)]
Add ASYNC_JOB pools

It is expensive to create the ASYNC_JOB objects due to the "makecontext"
call. This change adds support for pools of ASYNC_JOB objects so that we
don't have to create a new ASYNC_JOB every time we want to use one.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUse longjmp at setjmp where possible
Matt Caswell [Tue, 5 May 2015 14:08:39 +0000 (15:08 +0100)]
Use longjmp at setjmp where possible

Where we can we should use longjmp and setjmp in preference to swapcontext/
setcontext as they seem to be more performant.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix s_server -WWW with -async
Matt Caswell [Fri, 27 Mar 2015 15:20:24 +0000 (15:20 +0000)]
Fix s_server -WWW with -async

The s_server option -WWW was not async aware, and therefore was not
handling SSL_ERROR_WANT_ASYNC conditions. This commit fixes that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAsync clean ups
Matt Caswell [Thu, 26 Mar 2015 10:15:59 +0000 (10:15 +0000)]
Async clean ups

Removed the function ASYNC_job_is_waiting() as it was redundant. The only
time user code has a handle on a job is when one is waiting, so all they
need to do is check whether the job is NULL. Also did some cleanups to
make sure the job really is NULL after it has been freed!

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoIncrease stack size
Matt Caswell [Wed, 25 Mar 2015 16:08:44 +0000 (16:08 +0000)]
Increase stack size

Some assembler code puts a lot of stuff on the stack, so up the stack size.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd null async implementation
Matt Caswell [Tue, 17 Feb 2015 14:14:36 +0000 (14:14 +0000)]
Add null async implementation

Create a "null" async implementation for platforms that lack support. This
just does nothing when called and therefore performs synchronously.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAsync port to windows
Matt Caswell [Tue, 17 Feb 2015 13:30:22 +0000 (13:30 +0000)]
Async port to windows

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoVarious windows build fixes to prepare for windows port
Matt Caswell [Tue, 17 Feb 2015 13:29:01 +0000 (13:29 +0000)]
Various windows build fixes to prepare for windows port

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd s_server and s_client async support
Matt Caswell [Fri, 13 Feb 2015 23:33:12 +0000 (23:33 +0000)]
Add s_server and s_client async support

A new -async option is added which activates SSL_MODE_ASYNC. Also
SSL_WANT_ASYNC errors are handled appropriately.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake libssl async aware
Matt Caswell [Fri, 13 Feb 2015 23:28:49 +0000 (23:28 +0000)]
Make libssl async aware

The following entry points have been made async aware:
SSL_accept
SSL_read
SSL_write

Also added is a new mode - SSL_MODE_ASYNC. Calling the above functions with
the async mode enabled will initiate a new async job. If an async pause is
encountered whilst executing the job (such as for example if using SHA1/RSA
with the Dummy Async engine), then the above functions return with
SSL_WANT_ASYNC. Calling the functions again (with exactly the same args
as per non-blocking IO), will resume the job where it left off.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd the Dummy Async engine (dasync)
Matt Caswell [Fri, 13 Feb 2015 23:25:33 +0000 (23:25 +0000)]
Add the Dummy Async engine (dasync)

This engine is for developers of async aware applications. It simulates
asynchronous activity with external hardware. This initial version supports
SHA1 and RSA. Certain operations using those algorithms have async job
"pauses" in them - using the new libcrypto async capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd async sub-library to libcrypto
Matt Caswell [Wed, 16 Sep 2015 11:28:03 +0000 (12:28 +0100)]
Add async sub-library to libcrypto

Provides support for running asynchronous jobs. Currently this is completely
stand alone. Future commits will integrate this into libssl and s_server/
s_client. An asynchronous capable engine will be required to see any benefit
from this capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd pthread support
Matt Caswell [Thu, 19 Nov 2015 14:55:09 +0000 (14:55 +0000)]
Add pthread support

The forthcoming async code needs to use pthread thread local variables. This
updates the various Configurations to add the necessary flags. In many cases
this is an educated guess as I don't have access to most of these
environments! There is likely to be some tweaking needed.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoFix uninitialised variable
Matt Caswell [Fri, 20 Nov 2015 18:45:12 +0000 (18:45 +0000)]
Fix uninitialised variable

The al variable could be uninitialised in an error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoBN_sub: document that r might be the same as a or b
Kurt Roeckx [Mon, 19 Oct 2015 20:26:59 +0000 (22:26 +0200)]
BN_sub: document that r might be the same as a or b

Reviewed-by: Rich Salz <rsalz@akamai.com>
RT #4100, MR #1264

8 years agoBN_usub: Don't copy when r and a the same
Pascal Cuoq [Mon, 19 Oct 2015 20:24:23 +0000 (22:24 +0200)]
BN_usub: Don't copy when r and a the same

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
RT #4100, MR #1264

8 years agomake update
Dr. Stephen Henson [Fri, 20 Nov 2015 16:52:20 +0000 (16:52 +0000)]
make update

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoEnsure all EVP calls have their returns checked where appropriate
Matt Caswell [Fri, 6 Nov 2015 16:31:21 +0000 (16:31 +0000)]
Ensure all EVP calls have their returns checked where appropriate

There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the return value but don't.
This adds these checks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoUse better defaults for TSA.
Dr. Stephen Henson [Thu, 19 Nov 2015 15:50:15 +0000 (15:50 +0000)]
Use better defaults for TSA.

Use SHA256 for TSA and setted permitted digests to a sensible value.

Based on PR#4141

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoAdd support for signer_digest option in TS.
Dr. Stephen Henson [Fri, 11 Sep 2015 15:58:57 +0000 (16:58 +0100)]
Add support for signer_digest option in TS.

Based on PR#2145

Reviewed-by: Matt Caswell <matt@openssl.org>