oweals/openssl.git
5 years agoCorrectly initialise PACKET to zero in the tests to avoid possible problems
Pauli [Fri, 29 Mar 2019 08:42:37 +0000 (18:42 +1000)]
Correctly initialise PACKET to zero in the tests to avoid possible problems
with padding bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoPropery initialise struct sslapitest_log_counts to zero using memset.
Pauli [Fri, 29 Mar 2019 08:31:10 +0000 (18:31 +1000)]
Propery initialise struct sslapitest_log_counts to zero using memset.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoCorrectly zero the DISPLAY_COLUMNS structure.
Pauli [Fri, 29 Mar 2019 08:27:28 +0000 (18:27 +1000)]
Correctly zero the DISPLAY_COLUMNS structure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoMake the array zeroing explicit using memset.
Pauli [Fri, 29 Mar 2019 08:26:53 +0000 (18:26 +1000)]
Make the array zeroing explicit using memset.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoIt isn't necessary to initialise a struct stat before a stat(2) system call.
Pauli [Fri, 29 Mar 2019 08:19:19 +0000 (18:19 +1000)]
It isn't necessary to initialise a struct stat before a stat(2) system call.
The initialisation was also flawed, failing to account for padding and
alignment bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoEnsure that the struct msghdr is properly zeroed.
Pauli [Fri, 29 Mar 2019 08:17:38 +0000 (18:17 +1000)]
Ensure that the struct msghdr is properly zeroed.

This is probably harmless but best to properly initialise things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoopenssl dgst: show MD name at all times - CHANGES entry
Richard Levitte [Fri, 29 Mar 2019 10:26:55 +0000 (11:26 +0100)]
openssl dgst: show MD name at all times - CHANGES entry

Related to #8609

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8612)

5 years agoopenssl dgst: show MD name at all times
Richard Levitte [Fri, 29 Mar 2019 06:11:57 +0000 (07:11 +0100)]
openssl dgst: show MD name at all times

When 'openssl dgst' is called with a MD alias (such as sha256) and no
further arguments (i.e. input is taken from stdin), the MD name wasn't
shown.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8609)

5 years agoClear seed source structures.
Pauli [Fri, 29 Mar 2019 07:46:11 +0000 (17:46 +1000)]
Clear seed source structures.

If the structures have empty padding bytes, ensure they are zeroed.
These structures are added to seed pools as complete blocks including
any padding and alignment bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8610)

5 years agoFor the lack of GetModuleHandleEx(), we use DSO route for WinCE.
Soujyu Tanaka [Wed, 27 Mar 2019 08:30:47 +0000 (17:30 +0900)]
For the lack of GetModuleHandleEx(), we use DSO route for WinCE.
Revert win32_pathbyaddr() which is used in DSO_dsobyaddr().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)

5 years agoCircumvent a problem of lacking GetEnvironmentVariable() in WindowsCE.
Soujyu Tanaka [Wed, 27 Mar 2019 07:21:58 +0000 (16:21 +0900)]
Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)

5 years agoAvoid linking error for InitializeCriticalSectionAndSpinCount().
Soujyu Tanaka [Wed, 27 Mar 2019 07:15:31 +0000 (16:15 +0900)]
Avoid linking error for InitializeCriticalSectionAndSpinCount().
Replace it with InitializeCriticalSection()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)

5 years agoAvoid linking error on WCE700 for _InterlockedExchangeAdd().
Soujyu Tanaka [Wed, 27 Mar 2019 06:55:32 +0000 (15:55 +0900)]
Avoid linking error on WCE700 for _InterlockedExchangeAdd().
This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)

5 years agoAdd the FIPS related continuous random number generator (CRNG) testing.
Pauli [Fri, 29 Mar 2019 07:50:48 +0000 (17:50 +1000)]
Add the FIPS related continuous random number generator (CRNG) testing.
Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details.

The check is fairly simplistic, being for the entropy sources to not feed
the DRBG the same block of seed material twice in a row.  Only the first
DRBG in a chain is subject to this check, latter DRBGs are assumed to be
safely seeded via the earlier DRBGs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8599)

5 years agoConfigurations/00-base-templates.conf: engage {chacha|poly1305}-ia64.
Andy Polyakov [Sat, 16 Mar 2019 20:21:02 +0000 (21:21 +0100)]
Configurations/00-base-templates.conf: engage {chacha|poly1305}-ia64.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8540)

5 years agoIA64 assembly pack: add {chacha|poly1305}-ia64 modules.
Andy Polyakov [Sat, 16 Mar 2019 20:19:32 +0000 (21:19 +0100)]
IA64 assembly pack: add {chacha|poly1305}-ia64 modules.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8540)

5 years agoFixed unmatched BN_CTX_start/end if an invalid exponent is used.
Shane Lontis [Sun, 24 Mar 2019 23:52:28 +0000 (09:52 +1000)]
Fixed unmatched BN_CTX_start/end if an invalid exponent is used.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8569)

5 years agoFix broken change from b3d113e.
Pauli [Thu, 28 Mar 2019 23:24:07 +0000 (09:24 +1000)]
Fix broken change from b3d113e.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8606)

5 years agoconn_is_closed should return 1 if get_last_sys_error is WSAECONNRESET
Paul Monson [Tue, 26 Mar 2019 22:25:19 +0000 (15:25 -0700)]
conn_is_closed should return 1 if get_last_sys_error is WSAECONNRESET
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8590)

5 years agocoverity fixes for SSKDF + mac_app + kdf test cleanup
Shane Lontis [Sun, 24 Mar 2019 09:11:42 +0000 (19:11 +1000)]
coverity fixes for SSKDF + mac_app + kdf test cleanup

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8566)

5 years agoAdd some checks of OCSP functions
Dmitry Belyavskiy [Fri, 22 Feb 2019 13:58:55 +0000 (16:58 +0300)]
Add some checks of OCSP functions

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8308)

5 years agoMake OCSP_id_cmp and OCSP_id_issuer_cmp accept const params
Matt Caswell [Wed, 27 Mar 2019 11:16:44 +0000 (11:16 +0000)]
Make OCSP_id_cmp and OCSP_id_issuer_cmp accept const params

Fixes #8589

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8597)

5 years agoFix test builds.
Pauli [Thu, 28 Mar 2019 05:02:19 +0000 (15:02 +1000)]
Fix test builds.

/usr/include/bits/waitstatus.h includes endian.h under some libc's.
This clashes with the new test header file, so rename the latter.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8600)

5 years agoDetect endian without relying on defined symbols.
Pauli [Mon, 25 Mar 2019 01:52:58 +0000 (11:52 +1000)]
Detect endian without relying on defined symbols.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8572)

5 years agoIncrease rounds of Miller-Rabin testing DH_check
Jake Massimo [Wed, 27 Mar 2019 04:13:08 +0000 (04:13 +0000)]
Increase rounds of Miller-Rabin testing DH_check

DH_check is used to test the validity of Diffie-Hellman parameter sets (p, q, g). Among the tests performed are primality tests on p and q, for this BN_is_prime_ex is called with the rounds of Miller-Rabin set as default. This will therefore use the average case error estimates derived from the function BN_prime_checks_for_size based on the bit size of the number tested.

However, these bounds are only accurate on testing random input. Within this testing scenario, where we are checking the validity of a DH parameter set, we can not assert that these parameters are randomly generated. Thus we must treat them as if they are adversarial in nature and increase the rounds of Miller-Rabin performed.

Generally, each round of Miller-Rabin can declare a composite number prime with probability at most (1/4), thus 64 rounds is sufficient in thwarting known generation techniques (even in safe prime settings - see https://eprint.iacr.org/2019/032 for full analysis). The choice of 64 rounds is also consistent with SRP_NUMBER_ITERATIONS_FOR_PRIME 64 as used in srp_Verify_N_and_g in openssl/apps/s_client.c.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8593)

5 years agoDon't allow SHAKE128/SHAKE256 with HMAC
Matt Caswell [Tue, 26 Mar 2019 13:32:39 +0000 (13:32 +0000)]
Don't allow SHAKE128/SHAKE256 with HMAC

See discussion in github issue #8563

Fixes #8563

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)

5 years agoCorrectly check the return code of EVP_MAC_ctrl everwhere it is used
Matt Caswell [Tue, 26 Mar 2019 12:11:12 +0000 (12:11 +0000)]
Correctly check the return code of EVP_MAC_ctrl everwhere it is used

EVP_MAC_ctrl is documented to return 0 or -1 on failure. Numerous places
were not getting this check correct.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)

5 years agoFix a memory leak in ARIA GCM
Matt Caswell [Tue, 26 Mar 2019 14:42:14 +0000 (14:42 +0000)]
Fix a memory leak in ARIA GCM

Fixes #8567

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8586)

5 years agoTolerate 0 byte input length for Update functions
Matt Caswell [Tue, 26 Mar 2019 15:25:15 +0000 (15:25 +0000)]
Tolerate 0 byte input length for Update functions

We treat that as automatic success. Other EVP_*Update functions already do
this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is
a bit of an anomoly. That treats 0 byte input length as an error.

Fixes #8576

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8587)

5 years agoFix no-ec
Matt Caswell [Tue, 26 Mar 2019 16:07:02 +0000 (16:07 +0000)]
Fix no-ec

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8588)

5 years agoFix three identical grammatical errors
Dr. Matthias St. Pierre [Tue, 26 Mar 2019 23:55:55 +0000 (00:55 +0100)]
Fix three identical grammatical errors

Reported by Mak Kolybabi

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8591)

5 years agostyle nit fix
Shane Lontis [Tue, 26 Mar 2019 05:20:22 +0000 (15:20 +1000)]
style nit fix

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8580)

5 years agots(1): digest option is mandatory
Hubert Kario [Wed, 6 Mar 2019 15:51:49 +0000 (16:51 +0100)]
ts(1): digest option is mandatory

not specifying the digest both on command line and in the config file
will lead to response generation aborting with

140617514493760:error:2F098088:time stamp routines:ts_CONF_lookup_fail: \
    cannot find config variable:crypto/ts/ts_conf.c:106:tsr_test::signer_digest

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8421)

5 years agoreplaced snprintf with BIO version (for windows builds)
Shane Lontis [Mon, 25 Mar 2019 01:37:24 +0000 (11:37 +1000)]
replaced snprintf with BIO version (for windows builds)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8571)

5 years agoModify the RSA_private_decrypt functions to check the padding in
Bernd Edlinger [Wed, 20 Mar 2019 21:02:58 +0000 (22:02 +0100)]
Modify the RSA_private_decrypt functions to check the padding in
constant time with a memory access pattern that does not depend
on secret information.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8543)

5 years agoMake err_clear_constant_time really constant time
Bernd Edlinger [Wed, 20 Mar 2019 19:01:12 +0000 (20:01 +0100)]
Make err_clear_constant_time really constant time

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8542)

5 years agoCosmetic rand/drbg changes.
Pauli [Fri, 22 Mar 2019 00:49:57 +0000 (10:49 +1000)]
Cosmetic rand/drbg changes.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8554)

5 years agoDocument the functions EVP_MD_fetch() and EVP_MD_upref()
Matt Caswell [Mon, 18 Mar 2019 16:15:58 +0000 (16:15 +0000)]
Document the functions EVP_MD_fetch() and EVP_MD_upref()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)

5 years agoAdd a test for EVP_MD_fetch
Matt Caswell [Mon, 18 Mar 2019 14:36:41 +0000 (14:36 +0000)]
Add a test for EVP_MD_fetch

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)

5 years agoImplement SHA256 in the default provider
Matt Caswell [Wed, 13 Mar 2019 17:26:17 +0000 (17:26 +0000)]
Implement SHA256 in the default provider

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)

5 years agoMake EVP_Digest* functions provider aware
Matt Caswell [Wed, 13 Mar 2019 16:17:17 +0000 (16:17 +0000)]
Make EVP_Digest* functions provider aware

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)

5 years agoImplement EVP_MD_fetch()
Matt Caswell [Wed, 13 Mar 2019 14:49:40 +0000 (14:49 +0000)]
Implement EVP_MD_fetch()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)

5 years agoAdd a skeleton default provider
Matt Caswell [Wed, 13 Mar 2019 12:02:55 +0000 (12:02 +0000)]
Add a skeleton default provider

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)

5 years agofixed mismatching #ifdef cpp
Shane Lontis [Thu, 21 Mar 2019 00:22:07 +0000 (10:22 +1000)]
fixed mismatching #ifdef cpp

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8544)

5 years agoReorganized signature-scheme detection in 'apps/s_cb.c:security_callback_debug' callb...
Lorinczy Zsigmond [Fri, 8 Mar 2019 19:22:05 +0000 (20:22 +0100)]
Reorganized signature-scheme detection in 'apps/s_cb.c:security_callback_debug' callback-function.

So far, it only handled hash-and-algorithm pairs from TLS1.2,
now it also handles 'schemes' defined in TLS1.3 like 0x0807=ed25519 or
0x0809=rsa_pss_pss_sha256

Now it prints information in one of these formats:

... Algorithm scheme=ecdsa_secp256r1_sha256, security bits=128 ... TLS1.3
... Algorithm digest=SHA384, algorithm=DSA, security bits=192  ... TLS1.2
... Algorithm scheme=unknown(0x0e01), security bits=128        ... unhandled case

To implement this added three new lookup-tables: signature_tls13_scheme_list,
signature_tls12_alg_list, signature_tls12_hash_list.

Also minor changes in 'security_callback_debug', eg adding variable 'show_nm'
to indicate if we should show 'nm'.

Also coding-styles fixes from matcaswell

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8445)

5 years agoOPENSSL_config(): restore error agnosticism
Richard Levitte [Wed, 20 Mar 2019 09:18:13 +0000 (10:18 +0100)]
OPENSSL_config(): restore error agnosticism

Great effort has been made to make initialization more configurable.
However, the behavior of OPENSSL_config() was lost in the process,
having it suddenly generate errors it didn't previously, which is not
how it's documented to behave.

A simple setting of default flags fixes this problem.

Fixes #8528

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8533)

5 years agoUpdated doc for BN_clear, BN_CTX_end when param is NULL
Shane Lontis [Tue, 19 Mar 2019 22:13:55 +0000 (08:13 +1000)]
Updated doc for BN_clear, BN_CTX_end when param is NULL

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8532)

5 years agoreplace 'OpenSSL license' by 'Apache License 2.0'
David von Oheimb [Sun, 23 Dec 2018 08:58:36 +0000 (09:58 +0100)]
replace 'OpenSSL license' by 'Apache License 2.0'

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8527)

5 years agoremoved BN_clear NULL checks
Shane Lontis [Tue, 19 Mar 2019 00:22:03 +0000 (10:22 +1000)]
removed BN_clear NULL checks

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8507)

5 years agoReplumbing: Add a mechanism to pre-populate the provider store
Richard Levitte [Sun, 17 Mar 2019 17:06:59 +0000 (18:06 +0100)]
Replumbing: Add a mechanism to pre-populate the provider store

OpenSSL will come with a set of well known providers, some of which
need to be accessible from the start.  These are typically built in
providers, or providers that will work as fallbacks.

We do this when creating a new provider store, which means that this
will happen in every library context, regardless of if it's the global
default one, or an explicitely created one.

We keep the data about the known providers we want to make accessible
this way in crypto/provider_predefined.h, which may become generated.
For now, though, we make it simple and edited manually.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8480)

5 years agoReplumbing: add fallback provider capability
Richard Levitte [Thu, 14 Mar 2019 09:53:27 +0000 (10:53 +0100)]
Replumbing: add fallback provider capability

To ensure that old applications aren't left without any provider, and
at the same time not forcing any default provider on applications that
know how to deal with them, we device the concept of fallback
providers, which are automatically activated if no other provider is
already activated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8480)

5 years agoUpdate pkeyutl documentation about the digest option
Matt Caswell [Thu, 7 Mar 2019 14:02:56 +0000 (14:02 +0000)]
Update pkeyutl documentation about the digest option

DSA can accept other digests other than SHA1. EC ignores the digest option
altogether.

Fixes #8425

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8432)

5 years agoSingle step kdf implementation
Shane Lontis [Fri, 4 Jan 2019 08:41:21 +0000 (18:41 +1000)]
Single step kdf implementation

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8230)

5 years agoMove ASN1_BROKEN macros
Rich Salz [Thu, 21 Feb 2019 18:23:06 +0000 (13:23 -0500)]
Move ASN1_BROKEN macros

They're only used in one place, and only for a legacy datatype.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8302)

5 years agoEVP_PKEY_get0_engine documentation
Dmitry Belyavskiy [Mon, 25 Feb 2019 15:24:46 +0000 (18:24 +0300)]
EVP_PKEY_get0_engine documentation

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8329)

5 years agoProviding missing accessor to EVP_PKEY.engine
Dmitry Belyavskiy [Mon, 25 Feb 2019 15:02:33 +0000 (18:02 +0300)]
Providing missing accessor to EVP_PKEY.engine

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8329)

5 years agoapps/speed.c: properly address NO_EC2M on systems without SIGALRM
Vitezslav Cizek [Tue, 5 Mar 2019 21:52:33 +0000 (22:52 +0100)]
apps/speed.c: properly address NO_EC2M on systems without SIGALRM

The ecdh_c array is allocated of the same size as ecdh_choices,
whose size depends on whether the support for binary curves is enabled
or not.  (The same goes for ecdsa_c).
On systems without SIGALRM, ecdh_c is indexed by predefined constants
intended for representing the index of the ciphers in the ecdh_choices
array.
However, in case of NO_EC2M some of the #defined constants won't match
and would actually access the ecdh_c out-of-bounds.

Use enum instead of a macro to define the curve indexes so they're
within the bounds of the ecdh_c array.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8422)

5 years agoapps/speed.c: skip binary curves when compiling with OPENSSL_NO_EC2M
Vitezslav Cizek [Tue, 5 Mar 2019 16:14:33 +0000 (17:14 +0100)]
apps/speed.c: skip binary curves when compiling with OPENSSL_NO_EC2M

openssl speed doesn't take into account that the library could be
compiled without the support for the binary curves and happily uses
them, which results in EC_GROUP_new_by_curve_name() errors.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8422)

5 years agoAdd documentation for the -sigopt option.
Pauli [Tue, 19 Mar 2019 01:22:32 +0000 (11:22 +1000)]
Add documentation for the -sigopt option.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8520)

5 years ago Configure: untabify indentation
Dr. Matthias St. Pierre [Mon, 18 Mar 2019 10:43:59 +0000 (11:43 +0100)]
Configure: untabify indentation

    The indentation in the Configure file is currently very strange when
    viewed in an editor with a tab width of four spaces, because it has
    mixed tab-and-whitespace indentation, which was apparently done with
    a tab width of eight spaces.

    This commit converts all tabs to spaces using expand(1) with default
settings. To verify that there are only whitespace changes, use

       git show --ignore-space-change  <this commit>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8492)

5 years agoFix resource leak coverity 1443711.
Pauli [Sun, 17 Mar 2019 09:58:24 +0000 (19:58 +1000)]
Fix resource leak coverity 1443711.
Free the allocated pointer on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8503)

5 years agoFix compiling error for mips32r6 and mips64r6
Hua Zhang [Wed, 13 Mar 2019 06:28:44 +0000 (14:28 +0800)]
Fix compiling error for mips32r6 and mips64r6

There are some compiling errors for mips32r6 and mips64r6:

crypto/bn/bn-mips.S:56: Error: opcode not supported on this processor: mips2 (mips2) `mulu $1,$12,$7'
crypto/mips_arch.h: Assembler messages:
crypto/mips_arch.h:15: Error: junk at end of line, first unrecognized character is `&'

Signed-off-by: Hua Zhang <hua.zhang1974@hotmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8464)

5 years agoAdd missing '.text' in crypto/bn/asm/ppc.pl
Richard Levitte [Sat, 16 Mar 2019 09:15:19 +0000 (10:15 +0100)]
Add missing '.text' in crypto/bn/asm/ppc.pl

Fixes #8495

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8496)

5 years agoFix no-posix-io
Richard Levitte [Sat, 16 Mar 2019 11:07:35 +0000 (12:07 +0100)]
Fix no-posix-io

'openssl pkeyutl' uses stat() to determine the file size when signing using
Ed25519/Ed448, and this was guarded with OPENSSL_NO_POSIX_IO.

It is however arguable if stat() is a POSIX IO function, considering
that it doesn't use file descriptors, and even more so since we use
stat() elsewhere without that guard.

This will allow test/recipes/20-test_pkeyutl.t to be able to do its
work for Ed25519/Ed448 signature tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8498)

5 years agoAdded NULL check to BN_clear() & BN_CTX_end()
Shane Lontis [Mon, 18 Mar 2019 23:58:09 +0000 (09:58 +1000)]
Added NULL check to BN_clear() & BN_CTX_end()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8518)

5 years agoFix strict-warnings build on FreeBSD
Benjamin Kaduk [Thu, 14 Mar 2019 17:55:03 +0000 (12:55 -0500)]
Fix strict-warnings build on FreeBSD

The 'key' member of the (system-defined!) struct session op is of
type c_caddr_t, which can be (signed) char, so inter-casting with the
unsigned char* input to cipher_init() causes -Wpointer-sign errors, and we
can't change the signature of cipher_init() due to the function pointer
type required by EVP_CIPHER_meth_set_init().

As the least-bad option, introduce a void* cast to quell the following
warning:
engines/e_devcrypto.c:356:36: error: passing 'c_caddr_t' (aka 'const char *') to
      parameter of type 'const unsigned char *' converts between pointers to integer
      types with different sign [-Werror,-Wpointer-sign]
        return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
                                   ^~~~~~~~~~~~~~~~~~~~
engines/e_devcrypto.c:191:66: note: passing argument to parameter 'key' here
static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8509)

5 years agodoc/man3/OSSL_PARAM_TYPE.pod: modify Example 2 to allow unspecified params
Richard Levitte [Tue, 19 Mar 2019 05:52:15 +0000 (06:52 +0100)]
doc/man3/OSSL_PARAM_TYPE.pod: modify Example 2 to allow unspecified params

A parameter requestor is never obligated to ask for all available
parameters on an object.  Unfortunately, Example 2 showed a code
pattern that introduced such an obligation, and therefore needed a
small adjustment.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8523)

5 years agoAdd -new and -subj options to x509 app for direct cert generation
David von Oheimb [Mon, 18 Mar 2019 23:35:03 +0000 (09:35 +1000)]
Add -new and -subj options to x509 app for direct cert generation

Complete and improve error output of parse_name() in apps/apps.c

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8193)

5 years agoClear the point S before freeing in ec_scalar_mul_ladder
Bernd Edlinger [Sun, 17 Mar 2019 16:28:24 +0000 (17:28 +0100)]
Clear the point S before freeing in ec_scalar_mul_ladder

The secret point R can be recovered from S using the equation R = S - P.
The X and Z coordinates should be sufficient for that.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8504)

5 years agoClear the secret point in ecdh_simple_compute_key
Bernd Edlinger [Sun, 17 Mar 2019 08:48:15 +0000 (09:48 +0100)]
Clear the secret point in ecdh_simple_compute_key

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8501)

5 years agoadd 'Signature Value:' line and correct indentation when printing X.509 signature...
David von Oheimb [Fri, 11 May 2018 12:52:51 +0000 (14:52 +0200)]
add 'Signature Value:' line and correct indentation when printing X.509 signature value

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6226)

5 years agoupdate reference output of test_x509 in test/certs/cyrillic.*
David von Oheimb [Fri, 11 May 2018 10:01:49 +0000 (12:01 +0200)]
update reference output of test_x509 in test/certs/cyrillic.*

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6226)

5 years agoremove 'keyid:' when printing simple X509 authority keyID (without issuer and serial)
David von Oheimb [Mon, 29 Jan 2018 15:58:07 +0000 (16:58 +0100)]
remove 'keyid:' when printing simple X509 authority keyID (without issuer and serial)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6226)

5 years agoremove needless empty lines when printing certificates
David von Oheimb [Mon, 29 Jan 2018 15:54:40 +0000 (16:54 +0100)]
remove needless empty lines when printing certificates

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6226)

5 years agoAdd generic EVP method fetcher
Richard Levitte [Fri, 8 Feb 2019 16:01:56 +0000 (17:01 +0100)]
Add generic EVP method fetcher

This is an interface between Core dispatch table fetching and
EVP_{method}_fetch().  All that's needed from the diverse method
fetchers are the functions to create a method structure from a
dispatch table, a function that ups the method reference counter and a
function to free the method (in case of failure).

This routine is internal to the EVP API andis therefore only made
accessible within crypto/evp, by including evp_locl.h

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8341)

5 years agoReplumbing: better reference counter control in ossl_method_construct()
Richard Levitte [Thu, 14 Mar 2019 20:51:50 +0000 (21:51 +0100)]
Replumbing: better reference counter control in ossl_method_construct()

Fully assume that the method constructors use reference counting.
Otherwise, we may leak memory, or loose track and do a double free.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8341)

5 years agoReplumbing: pass callback data to the algo destructor too
Richard Levitte [Wed, 13 Mar 2019 10:12:00 +0000 (11:12 +0100)]
Replumbing: pass callback data to the algo destructor too

All relevant OSSL_METHOD_CONSTRUCT_METHOD callbacks got the callback
data passed to them, except 'destruct'.  There's no reason why it
shouldn't get that pointer passed, so we make a small adjustment.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8341)

5 years agoPPC assembly pack: fix copy-paste error in CTR mode
Daniel Axtens [Sun, 17 Mar 2019 23:22:44 +0000 (10:22 +1100)]
PPC assembly pack: fix copy-paste error in CTR mode

There are two copy-paste errors in handling CTR mode. When dealing
with a 2 or 3 block tail, the code branches to the CBC decryption exit
path, rather than to the CTR exit path.

This can lead to data corruption: in the Linux kernel we have a copy
of this file, and the bug leads to corruption of the IV, which leads
to data corruption when we call the encryption function again later to
encrypt subsequent blocks.

Originally reported to the Linux kernel by Ondrej Mosnáček <omosnacek@gmail.com>

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8510)

5 years agocoverity fixes for bntest.c
Shane Lontis [Mon, 18 Mar 2019 00:39:07 +0000 (10:39 +1000)]
coverity fixes for bntest.c

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8508)

5 years agoEVP_PBE_scrypt() handles salt=NULL as salt=""
Victor Stinner [Thu, 14 Mar 2019 14:23:04 +0000 (15:23 +0100)]
EVP_PBE_scrypt() handles salt=NULL as salt=""

Modify EVP_PBE_scrypt() to maintain OpenSSL 1.1.1 behavior: salt=NULL
is now handled as salt="" (and saltlen=0).

Commit 5a285addbf39f91d567f95f04b2b41764127950d changed the behavior
of EVP_PBE_scrypt(salt=NULL). Previously, salt=NULL was accepted, but
the function now fails with KDF_R_MISSING_SALT.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8483)

5 years agotest/params_api_test.c: fix size_t assumptions
Richard Levitte [Sat, 16 Mar 2019 09:43:48 +0000 (10:43 +0100)]
test/params_api_test.c: fix size_t assumptions

size_t isn't always as large as a int64_t, so the compiler complains
about possible data loss.  In this case, we are in control, so a
simple cast will do.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8497)

5 years agoUpdate to xenial
Bernd Edlinger [Tue, 5 Mar 2019 16:44:53 +0000 (17:44 +0100)]
Update to xenial

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8411)

5 years agoConfigurations/windows-makefile.tmpl: small fixes
Richard Levitte [Wed, 13 Mar 2019 12:24:17 +0000 (13:24 +0100)]
Configurations/windows-makefile.tmpl: small fixes

Fixes #8467 #8478

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8468)

5 years agoGuard some SM2 functions with OPENSSL_NO_SM2
Matt Caswell [Thu, 14 Mar 2019 11:14:38 +0000 (11:14 +0000)]
Guard some SM2 functions with OPENSSL_NO_SM2

Fixes the no-ec build

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8481)

5 years agotrace: update the documentation
Dr. Matthias St. Pierre [Tue, 12 Mar 2019 22:35:45 +0000 (23:35 +0100)]
trace: update the documentation

This commit adds some missing symbols and other minor enhancements.
In particular, it establishes the term 'channel' as a synonym for
a BIO object attached to a trace category, and introduces the
concept of a 'simple' channel versus a 'callback' channel.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8463)

5 years agotrace: ensure correct grouping
Dr. Matthias St. Pierre [Tue, 12 Mar 2019 23:14:55 +0000 (00:14 +0100)]
trace: ensure correct grouping

It is important that output to the trace channels occurs only inside
a trace group. This precondtion is satisfied whenever the standard
TRACE macros are used. It can be violated only by a bad programming
mistake, like copying the 'trc_out' pointer and using it outside
the trace group.

This commit enforces correct pairing of the OSSL_TRACE_CTRL_BEGIN and
OSSL_TRACE_CTRL_END callbacks, and checks that OSSL_TRACE_CTRL_WRITE
callbacks only occur within such groups.

While implementing it, it turned out that the group assertion failed

  apps/openssl.c:152: OpenSSL internal error: \
                      Assertion failed: trace_data->ingroup

because the set_trace_data() function invokes some callbacks which
generate trace output, but the correct channel type was set only
after the set_trace_data() call.

To fix the failed assertions, the correct channel type is now set
inside the set_trace_data() call, instead of doing it afterwards.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8463)

5 years agotrace: don't leak the line prefix
Dr. Matthias St. Pierre [Tue, 12 Mar 2019 22:04:14 +0000 (23:04 +0100)]
trace: don't leak the line prefix

The openssl app registers trace callbacks which automatically
set a line prefix in the OSSL_TRACE_CTRL_BEGIN callback.
This prefix needs to be cleared in the OSSL_TRACE_CTRL_END
callback, otherwise a memory leak is reported when openssl
is built with crypto-mdebug enabled.

This leak causes the tests to fail when tracing and memory
debugging are enabled.

The leak can be observed by any command that produces trace
output, e.g. by

  OPENSSL_TRACE=ANY util/shlib_wrap.sh  apps/openssl version
  ...
  [00:19:14]  4061 file=apps/bf_prefix.c, line=152, ...
  26 bytes leaked in 1 chunks

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8463)

5 years agotrace: rename the trace channel types
Dr. Matthias St. Pierre [Sun, 10 Mar 2019 10:07:27 +0000 (11:07 +0100)]
trace: rename the trace channel types

Since the term 'channel' is already used as synonym for a BIO object attached
to a trace category, having a 't_channel' channel type and a 't_callback' channel
type somehow overburdens this term. For that reason the type enum constants are
renamed to 'SIMPE_CHANNEL' and 'CALLBACK_CHANNEL'.
(The conversion to capital letters was done to comply to the coding style.)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8463)

5 years agotrace: remove some magic numbers
Dr. Matthias St. Pierre [Sun, 10 Mar 2019 00:35:16 +0000 (01:35 +0100)]
trace: remove some magic numbers

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8463)

5 years agoVMS: only use the high precision on VMS v8.4 and up
Dr. Matthias St. Pierre [Fri, 15 Mar 2019 00:48:51 +0000 (01:48 +0100)]
VMS: only use the high precision on VMS v8.4 and up

Fixes #8487
Amends #7230

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8488)

5 years agointernal/refcount.h: allow non-atomic build
Richard Levitte [Thu, 14 Mar 2019 08:59:00 +0000 (09:59 +0100)]
internal/refcount.h: allow non-atomic build

Configure with -DOPENSSL_DEV_NO_ATOMICS and you get refcount without
atomics.  This is intended for internal development only, to check the
refcounting is properly coded.  It should never become a configuration
option, hence the name of the macro.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8479)

5 years agocrypto/provider_core.c: correct definition and use of lock
Richard Levitte [Thu, 14 Mar 2019 06:59:28 +0000 (07:59 +0100)]
crypto/provider_core.c: correct definition and use of lock

Fixes #8476

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8477)

5 years agoEnable pkeyutl to use Ed448 and Ed25519
Matt Caswell [Thu, 7 Mar 2019 10:37:34 +0000 (10:37 +0000)]
Enable pkeyutl to use Ed448 and Ed25519

With the recent addition of the -rawin option it should be possible for
pkeyutl to sign and verify with Ed448 and Ed2559. The main remaining
stumbling block is that those algorirthms only support "oneshot" operation.
This commit enables pkeyutl to handle that.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8431)

5 years agoConfigure: disable new trace api by default
Dr. Matthias St. Pierre [Wed, 13 Mar 2019 22:16:29 +0000 (23:16 +0100)]
Configure: disable new trace api by default

Fixes #8472

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8474)

5 years agoDon't fail when tracing is disabled
Richard Levitte [Wed, 13 Mar 2019 23:39:28 +0000 (00:39 +0100)]
Don't fail when tracing is disabled

When tracing is disabled, don't generate errors, especially during
init.  Instead, just pretend the everything is fine.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8475)

5 years agoFix memory leak in ectest
Nicola Tuveri [Wed, 13 Mar 2019 09:38:40 +0000 (11:38 +0200)]
Fix memory leak in ectest

Fixes #8462

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8466)

5 years agotest/params_test.c: use TEST_double_eq to check doubles
Richard Levitte [Wed, 13 Mar 2019 13:06:03 +0000 (14:06 +0100)]
test/params_test.c: use TEST_double_eq to check doubles

TEST_ulong_eq was used previously because TEST_double_eq didn't exist
at the time.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8469)

5 years agotest/params_test.c: make more global variables static
Richard Levitte [Wed, 13 Mar 2019 13:01:27 +0000 (14:01 +0100)]
test/params_test.c: make more global variables static

Again, compilers that don't like them being undeclared...

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8469)

5 years agotest/params_test.c: make construct_api_params() static
Richard Levitte [Wed, 13 Mar 2019 12:56:46 +0000 (13:56 +0100)]
test/params_test.c: make construct_api_params() static

With enough warning flags, compilers complain when a non-static
function hasn't been properly declared...

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8469)

5 years agoprevent app_get_pass() from revealing cleartext password on syntax error
David von Oheimb [Thu, 1 Feb 2018 10:06:03 +0000 (11:06 +0100)]
prevent app_get_pass() from revealing cleartext password on syntax error

When the argument for '-pass' was badly formed, that argument got
displayed in full.  This turns out to not be such a good idea if the
user simply forgot to start the argument with 'pass:', or spellt the
prefix incorrectly.  We therefore change the display to say that a
colon is missing or only showing the incorrect prefix.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6218)