Miroslav Suk [Thu, 22 Mar 2018 08:20:43 +0000 (09:20 +0100)]
o_time.c: use gmtime_s with MSVC
ts/ts_rsp_sign.c: change to OPENSSL_gmtime.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5720)
Konstantin Shemyak [Thu, 22 Mar 2018 17:53:59 +0000 (19:53 +0200)]
doc/man1/x509.pod: corrected "S/MIME signing" requirements
When the "certificate purpose" is checked and KeyUsage extension is present,
either 'digitalSignature' or 'nonRepudiation' is accepted.
Manual page corrected to reflect the above.
Signed-off-by: Konstantin Shemyak <konstantin@shemyak.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5727)
Philippe Antoine [Mon, 26 Mar 2018 08:29:56 +0000 (10:29 +0200)]
statem/statem_clnt.c: omit redundant check in tls_construct_client_hello.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5729)
Andy Polyakov [Fri, 23 Mar 2018 14:12:20 +0000 (15:12 +0100)]
rand/randfile.c: permit non-regular files in RAND_load_file.
Apparently applications rely on RAND_load_file's ability to work with
non-regular files, customarily with /dev/urandom, so that the ban was
not exactly appropriate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5737)
Andy Polyakov [Mon, 26 Mar 2018 10:35:57 +0000 (12:35 +0200)]
Configure: make LIST command work with dynamic 15-android.conf.
This is quick-n-dirty ad-hoc solution, the problem asks for more
elegant one...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5755)
Matt Caswell [Mon, 26 Mar 2018 22:36:37 +0000 (23:36 +0100)]
Temporarily disable some tests that hang
The previous commit causes some tests to hang so we temporarily disable them.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5757)
Matt Caswell [Mon, 26 Mar 2018 18:12:25 +0000 (19:12 +0100)]
Remove some code for a contributor that we cannot find
This removes some code because we cannot trace the original contributor
to get their agreement for the licence change (original commit
e03ddfae).
After this change there will be numerous failures in the test cases until
someone rewrites the missing code.
All *_free functions should accept a NULL parameter. After this change
the following *_free functions will fail if a NULL parameter is passed:
BIO_ACCEPT_free()
BIO_CONNECT_free()
BN_BLINDING_free()
BN_CTX_free()
BN_MONT_CTX_free()
BN_RECP_CTX_free()
BUF_MEM_free()
COMP_CTX_free()
ERR_STATE_free()
TXT_DB_free()
X509_STORE_free()
ssl3_free()
ssl_cert_free()
SSL_SESSION_free()
SSL_free()
[skip ci]
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5757)
Matt Caswell [Wed, 21 Mar 2018 20:19:37 +0000 (20:19 +0000)]
Assert that alpn_selected is NULL before we assign it
The alpn_selected value in the session should be NULL before we first
populate it if this is a new session. We assert to make sure it is.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5715)
Matt Caswell [Thu, 22 Mar 2018 14:33:05 +0000 (14:33 +0000)]
Don't write out a bad OID
If we don't have OID data for an object then we should fail if we
are asked to encode the ASN.1 for that OID.
Fixes #5723
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5725)
Matt Caswell [Tue, 27 Mar 2018 09:58:34 +0000 (10:58 +0100)]
Update CHANGES and NEWS for the new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Mon, 26 Mar 2018 08:55:35 +0000 (10:55 +0200)]
test/test_test.c: add CRYPTO_memcmp regression test.
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Wed, 21 Mar 2018 22:48:10 +0000 (23:48 +0100)]
pariscid.pl: fix nasty typo in CRYPTO_memcmp.
Comparison was effectively reduced to least significant bits.
CVE-2018-0733
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Fri, 26 Jan 2018 16:23:03 +0000 (16:23 +0000)]
Add fuzz corpora file that found the ASN.1 stack depth issue
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 22 Mar 2018 09:39:53 +0000 (09:39 +0000)]
Limit ASN.1 constructed types recursive definition depth
Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.
CVE-2018-0739
Credit to OSSFuzz for finding this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Mon, 26 Mar 2018 18:10:57 +0000 (14:10 -0400)]
Remove QNX support
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5756)
Andy Polyakov [Sun, 25 Mar 2018 14:51:55 +0000 (16:51 +0200)]
Configurations/README: mention Libs.private in ex_libs description.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Bernd Edlinger [Sun, 25 Mar 2018 12:00:33 +0000 (14:00 +0200)]
Previously this x509 command line was working, restore that
openssl x509 -in server.pem -signkey privkey.pem -out server.pem
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5746)
Bernd Edlinger [Sun, 25 Mar 2018 10:50:17 +0000 (12:50 +0200)]
Fix dsaparam -genkey with DER outform
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5744)
Bernd Edlinger [Sat, 24 Mar 2018 14:17:11 +0000 (15:17 +0100)]
Fix ecparam -genkey with point compression or DER outform
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5741)
Philippe Antoine [Fri, 23 Mar 2018 19:51:38 +0000 (20:51 +0100)]
Adds multiple checks to avoid buffer over reads
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5675)
Andy Polyakov [Thu, 22 Mar 2018 21:55:35 +0000 (22:55 +0100)]
Configurations/windows-makefile.tmpl: refine clean targets.
'nmake clean' was leaving some artefacts behind.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Fri, 23 Mar 2018 13:18:16 +0000 (14:18 +0100)]
test/shlibloadtest.c: make some variables block local
myDSO_dsobyaddr and myDSO_free are only used in a narrow block of
code, and can therefore be made local to that block. Otherwise, some
compilers may warn that they are unused.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5733)
Richard Levitte [Fri, 23 Mar 2018 00:05:41 +0000 (01:05 +0100)]
test/shlibloadtest.c: fix various errors
These errors were hidden because compiling this file didn't get the
macros derived from the dso_scheme attribute, and therefore, some code
never got compiled.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5733)
Richard Levitte [Fri, 23 Mar 2018 00:05:23 +0000 (01:05 +0100)]
Include "internal/dso_conf.h" where needed and appropriate
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5733)
Richard Levitte [Fri, 23 Mar 2018 00:02:08 +0000 (01:02 +0100)]
Move the handling of dso_scheme to dso_conf.h
The macros resulting from the dso_scheme attribute were defined for
libraries only, but there's a test program that uses the macros as
well. The easier way is to move the handling of this macro to
crypto/include/internal/dso_conf.h and having the modules that need it
include it.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5733)
Richard Levitte [Thu, 22 Mar 2018 21:15:04 +0000 (22:15 +0100)]
Configurations/unix-Makefile.tmpl: fix inconsistencies with resource files
.res files weren't treated consistently. They weren't included at all
in the build of a shared library, and were named inconsistently; .res
sometimes, and .res.o otherwise. Now we standardise it to .res.o,
which is the recommended way with GNU tools.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5730)
Andy Polyakov [Wed, 21 Mar 2018 19:04:49 +0000 (20:04 +0100)]
Configurations/10-main.conf: correct AIX targets.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5713)
Bernd Edlinger [Thu, 22 Mar 2018 16:28:39 +0000 (17:28 +0100)]
Handle partial messages in TLSProxy
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5412)
Rich Salz [Thu, 22 Mar 2018 14:21:33 +0000 (10:21 -0400)]
Fix resource files
Add it to apps as well as libraries.
Fix the copyright year generation.
Thanks to user RTT for pointing this out.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5704)
Andy Polyakov [Wed, 21 Mar 2018 12:12:15 +0000 (13:12 +0100)]
include/openssl/rand.h: omit intermediate typedef.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4159)
Andy Polyakov [Mon, 14 Aug 2017 19:38:23 +0000 (21:38 +0200)]
openssl/rand.h: fix formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4159)
Andy Polyakov [Wed, 21 Mar 2018 15:34:11 +0000 (16:34 +0100)]
Remove presumably temporary left-over file.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Wed, 21 Mar 2018 15:20:59 +0000 (16:20 +0100)]
man3/OPENSSL_ia32cap.pod: update assembler version requirements.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Wed, 21 Mar 2018 10:19:58 +0000 (11:19 +0100)]
curve448/field.h: relax alignment, as it doesn't work universally.
Some platforms, cough-DJGPP, fail to compile claiming that requested
alignment is greater than maximum possible. Supposedly original
alignment was result of an attempt to utilize AVX2...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5708)
Andy Polyakov [Wed, 21 Mar 2018 10:19:49 +0000 (11:19 +0100)]
bio/bss_log.c: on DJGPP syslog facility is part of sockets library.
In other words no-sock DJGPP build should suppress syslogging.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5708)
Andy Polyakov [Wed, 21 Mar 2018 10:16:50 +0000 (11:16 +0100)]
o_fopen.c: compensate for e_os.h omission.
At earlier point e_os.h was omitted from a number of headers (in order
to emphasize OS neutrality), but this affected o_fopen.c, which is not
OS-neutral, and contains some DJGPP-specific code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5708)
Pauli [Mon, 19 Mar 2018 21:17:32 +0000 (07:17 +1000)]
Don't call strsignal, just print the signal number.
The strsignal call is not supported by some machines, so avoid its use.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5658)
Patrick Steuer [Sat, 10 Mar 2018 18:06:43 +0000 (19:06 +0100)]
aes ctr_drbg: add cavs tests
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #5580
Kurt Roeckx [Sat, 10 Mar 2018 11:23:21 +0000 (12:23 +0100)]
DRBG: Use the EVP layer to do AES encryption
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #5580
FdaSilvaYY [Wed, 21 Mar 2018 20:01:24 +0000 (16:01 -0400)]
Unify s_client/s_server srtp profiles option handling
Add missing guards around STRP-related fields
Remove two unneeded global variables: my 2'cents to #4679
Merge definition and instantiation of srpsrvparm global.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4908)
Matt Caswell [Wed, 21 Mar 2018 16:27:55 +0000 (16:27 +0000)]
The default conv_form is uncompressed
Fixes #5711
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5712)
Philippe Antoine [Wed, 21 Mar 2018 07:27:34 +0000 (08:27 +0100)]
Fixes integer underflow with SSL_trace support
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5706)
David Benjamin [Tue, 6 Mar 2018 19:00:24 +0000 (14:00 -0500)]
Document EC_POINT_get_affine_coordinates_*.
In particular, x and y may be NULL, as used in ecdsa_ossl.c. Make use of
this in ecdh_ossl.c as well, to save an otherwise unnecessary temporary.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5532)
Bernd Edlinger [Wed, 21 Mar 2018 15:23:57 +0000 (16:23 +0100)]
Cleanup the s_time command.
Various code-cleanups.
Use SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) insead of handling
SSL_ERROR_WANT_READ everywhere.
Turn off the linger option on connected sockets to avoid failure.
Add BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) to improve thruput.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3952)
Jack Bates [Thu, 5 Jan 2017 16:58:18 +0000 (09:58 -0700)]
Convert _meth_get_ functions to const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2181)
Matt Caswell [Tue, 16 Jan 2018 11:26:50 +0000 (11:26 +0000)]
Don't wait for dry at the end of a handshake
For DTLS/SCTP we were waiting for a dry event during the call to
tls_finish_handshake(). This function just tidies up various internal
things, and after it completes the handshake is over. I can find no good
reason for waiting for a dry event here, and nothing in RFC6083 suggests
to me that we should need to. More importantly though it seems to be
wrong. It is perfectly possible for a peer to send app data/alerts/new
handshake while we are still cleaning up our handshake. If this happens
then we will never get the dry event and so we cannot continue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)
Matt Caswell [Tue, 16 Jan 2018 10:48:01 +0000 (10:48 +0000)]
Check for alerts while waiting for a dry event
At a couple of points in a DTLS/SCTP handshake we need to wait for a dry
event before continuing. However if an alert has been sent by the peer
then we will never receive that dry event and an infinite loop results.
This commit changes things so that we attempt to read a message if we
are waiting for a dry event but haven't got one yet. This should never
succeed, but any alerts will be processed.
Fixes #4763
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)
Peter Wu [Tue, 20 Mar 2018 22:47:06 +0000 (23:47 +0100)]
Fix stack-use-after-scope
Fixes regression from #5667.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5701)
Andy Polyakov [Mon, 19 Mar 2018 17:12:31 +0000 (18:12 +0100)]
o_fopen.c,rand/randfile.c: compensate for e_os.h omission.
At earlier point e_os.h was omitted from a number of headers (in order
to emphasize OS neutrality), but this affected o_fopen.c and randfile.c
which are not OS-neutral, and contain some Win32-specific code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5676)
Matthias Kraft [Mon, 19 Mar 2018 17:37:46 +0000 (13:37 -0400)]
Add dladdr() for AIX
Although it deviates from the actual prototype of DSO_dsobyaddr(), this
is now ISO C compliant and gcc -Wpedantic accepts the code.
Added DATA segment checking to catch ptrgl virtual addresses. Avoid
memleaks with every AIX/dladdr() call. Removed debug-fprintf()s.
Added test case for DSO_dsobyaddr(), which will eventually call dladdr().
Removed unecessary AIX ifdefs again.
The implementation can only lookup function symbols, no data symbols.
Added PIC-flag to aix*-cc build targets.
As AIX is missing a dladdr() implementation it is currently uncertain our
exit()-handlers can still be called when the application exits. After
dlclose() the whole library might have been unloaded already.
Signed-off-by: Matthias Kraft <makr@gmx.eu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5668)
Benjamin Kaduk [Fri, 26 Jan 2018 17:16:21 +0000 (11:16 -0600)]
Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER
The sid_ctx is something of a "certificate request context" or a
"session ID context" -- something from the application that gives
extra indication of what sort of thing this session is/was for/from.
Without a sid_ctx, we only know that there is a session that we
issued, but it could have come from a number of things, especially
with an external (shared) session cache. Accordingly, when resuming,
we will hard-error the handshake when presented with a session with
zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no
information about the peer to verify, so the verification must fail.
In order to prevent these future handshake failures, proactively
decline to add the problematic sessions to the session cache.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5175)
Pauli [Tue, 20 Mar 2018 00:03:10 +0000 (10:03 +1000)]
Remove mention of link between message digests and public key algorithms.
The comment in EVP_DigestInit.pod is:
> Returns the NID of the public key signing algorithm associated with this
digest. For example EVP_sha1() is associated with RSA so this will return
B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms are no
longer linked this function is only retained for compatibility reasons.
I.e. there is no link anymore.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5682)
Eric Covener [Sat, 17 Mar 2018 18:00:15 +0000 (14:00 -0400)]
aix compat fixes for ocsp.c
WCOREDUMP and vsyslog are not portable
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5657)
Johannes Bauer [Fri, 21 Jul 2017 20:19:35 +0000 (22:19 +0200)]
Make pkeyutl a bit more user-friendly
Give meaningful error messages when the user incorrectly uses pkeyutl.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3987)
Matt Caswell [Tue, 20 Mar 2018 15:48:33 +0000 (15:48 +0000)]
Reduce the verbosity of test_store
The travis logs are going above 4Mb causing the builds to fail. One
test creates excessive output. This change reduces that output by approx
180k.
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5694)
Matt Caswell [Tue, 20 Mar 2018 11:16:39 +0000 (11:16 +0000)]
Fix the OCSP responder mode
Broken by commit
3e3c7c36.
Fixes #5681
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5688)
Matt Caswell [Tue, 20 Mar 2018 13:15:39 +0000 (13:15 +0000)]
Prepare for 1.1.1-pre4-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 20 Mar 2018 13:13:56 +0000 (13:13 +0000)]
Prepare for 1.1.1-pre3 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 20 Mar 2018 13:00:17 +0000 (13:00 +0000)]
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5689)
Richard Levitte [Tue, 20 Mar 2018 07:31:10 +0000 (08:31 +0100)]
crypto/rand/rand_vms.c: include "internal/rand_int.h"
Without it, the RAND_POOL typedef is missing
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5685)
Dr. Matthias St. Pierre [Mon, 19 Mar 2018 20:11:50 +0000 (21:11 +0100)]
Fix: drbgtest fails when tests are executed in random order
[extended tests]
The test_rand_reseed assumed that the global DRBGs were not used
previously. This assumption is false when the tests are executed
in random order (OPENSSL_TEST_RAND_ORDER). So we uninstantiate
them first and add a test for the first instantiation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5680)
Richard Levitte [Mon, 19 Mar 2018 19:33:50 +0000 (20:33 +0100)]
s_client, s_server: do generic SSL configuration first, specialization after
We did the SSL_CONF_cmd() pass last of all things that could affect
the SSL ctx. However, the results of this, for example:
-max_protocol TLSv1.3 -tls1_2
... would mean that the protocol min got set to TLSv1.2 and the
protocol max to TLSv1.3, when they should clearly both be TLSv1.2.
However, if we see the SSL_CONF_cmd() switches as generic and those
internal to s_client and s_server as specialisations, we get something
that makes a little more sense.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5679)
Todd Short [Mon, 19 Mar 2018 18:22:56 +0000 (14:22 -0400)]
Fix no-sm3/no-sm2 (with strict-warnings)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5677)
Todd Short [Mon, 19 Mar 2018 17:21:13 +0000 (13:21 -0400)]
Fix no-sm3 (and no-sm2)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5677)
Richard Levitte [Mon, 19 Mar 2018 17:54:27 +0000 (18:54 +0100)]
Don't generate buildtest_*err.c
The error string header files aren't supposed to be included directly,
so there's no point testing that they can.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5678)
Richard Levitte [Mon, 19 Mar 2018 08:08:06 +0000 (09:08 +0100)]
Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version
Have all test programs using that function specify those versions.
Additionally, have the remaining test programs that use SSL_CTX_new
directly specify at least the maximum protocol version.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
Richard Levitte [Mon, 19 Mar 2018 07:44:04 +0000 (08:44 +0100)]
In TLSProxy::Proxy, specify TLSv1.3 as maximum allowable protocol
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
Richard Levitte [Mon, 19 Mar 2018 06:46:10 +0000 (07:46 +0100)]
Support "-min_protocol" and "-max_protocol" in s_server and s_client
If for nothing else, they are needed when doing a regression test
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
Matt Caswell [Mon, 19 Mar 2018 16:24:49 +0000 (16:24 +0000)]
Fix no-ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)
Matt Caswell [Mon, 19 Mar 2018 16:17:58 +0000 (16:17 +0000)]
Fix no-sm2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)
Matt Caswell [Mon, 19 Mar 2018 11:29:06 +0000 (11:29 +0000)]
Fix no-posix-io compile failure
The fix in conf_include_test.c seems to be required because some
compilers give an error if you give an empty string for the second
argument to strpbrk(). It doesn't really make sense to send an empty
string for this argument anyway, so make sure it has at least one character
in it.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5666)
Todd Short [Mon, 19 Mar 2018 14:50:51 +0000 (10:50 -0400)]
Place ticket keys into secure memory
Place the session ticket AES and HMAC keys into secure memory.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2351)
Matt Caswell [Mon, 19 Mar 2018 12:58:05 +0000 (12:58 +0000)]
Fix no-psk
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5667)
Rich Salz [Mon, 19 Mar 2018 14:23:28 +0000 (10:23 -0400)]
Revise and cleanup; use strict,warnings
Use shorter names for some defines, so also had to change the .c file
that used them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5669)
Tomas Mraz [Mon, 19 Mar 2018 14:01:39 +0000 (10:01 -0400)]
Apply system_default configuration on SSL_CTX_new().
When SSL_CTX is created preinitialize it with system default
configuration from system_default section.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4848)
Kurt Roeckx [Sun, 11 Mar 2018 14:19:13 +0000 (15:19 +0100)]
Add a multithread rand test
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
Kurt Roeckx [Thu, 8 Mar 2018 21:30:28 +0000 (22:30 +0100)]
Don't use a ssl specific DRBG anymore
Since the public and private DRBG are per thread we don't need one
per ssl object anymore. It could also try to get entropy from a DRBG
that's really from an other thread because the SSL object moved to an
other thread.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
Kurt Roeckx [Wed, 7 Mar 2018 18:25:55 +0000 (19:25 +0100)]
Make the public and private DRBG thread local
This avoids lock contention.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
Jack Lloyd [Fri, 9 Feb 2018 17:21:56 +0000 (12:21 -0500)]
Handle evp_tests assumption of EVP_PKEY_FLAG_AUTOARGLEN
Without actually using EVP_PKEY_FLAG_AUTOARGLEN
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
Jack Lloyd [Wed, 24 Jan 2018 21:45:48 +0000 (16:45 -0500)]
Support SM2 ECIES scheme via EVP
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
Jack Lloyd [Wed, 24 Jan 2018 16:56:02 +0000 (11:56 -0500)]
Add SM2 signature and ECIES schemes
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
Andy Polyakov [Sat, 17 Mar 2018 09:59:57 +0000 (10:59 +0100)]
Configurations/15-android.conf: detect clang by PATH, not by CC.
Since they intend to omit gcc, it's more appropriate to simply detect
if there is NDK's clang on PATH, as opposite to requiring to specify it
with CC=clang (and looking for it on PATH).
Also detect NDK version and default to armv7-a for NDK>16.
Address failure to recognize -D__ADNDROID_API__=N in CPPFLAGS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
Andy Polyakov [Fri, 16 Mar 2018 11:14:28 +0000 (12:14 +0100)]
Add NOTES.ANDROID.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
Andy Polyakov [Wed, 14 Mar 2018 16:30:22 +0000 (17:30 +0100)]
Configurations/15-android.conf: default to RC4_CHAR whenever possible.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
Andy Polyakov [Wed, 14 Mar 2018 16:23:16 +0000 (17:23 +0100)]
MIPS assembly pack: default heuristic detection to little-endian.
Current endianness detection is somewhat opportunistic and can fail
in cross-compile scenario. Since we are more likely to cross-compile
for little-endian now, adjust the default accordingly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
Andy Polyakov [Wed, 14 Mar 2018 08:45:31 +0000 (09:45 +0100)]
Configurations/15-android.conf: refine clang support.
Adjusting ARM default broke clang support, and x86[_64] needed
path adjustment.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
Andy Polyakov [Wed, 14 Mar 2018 08:42:42 +0000 (09:42 +0100)]
Configure: pass -no-integrated-as.
Occasionally you have to pass -no-integrated-as to clang, but we
consider any -no-option as no-option. Don't touch -no-integrated-as.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
Bernd Edlinger [Mon, 19 Mar 2018 13:20:53 +0000 (14:20 +0100)]
Fix bio callback backward compatibility
Don't pass a pointer to uninitialized processed value
for BIO_CB_READ and BIO_CB_WRITE
Check the correct cmd code in BIO_callback_ctrl
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5516)
Bernd Edlinger [Fri, 16 Mar 2018 12:29:51 +0000 (13:29 +0100)]
Fix a crash in SSLfatal due to invalid enc_write_ctx
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5645)
Matt Caswell [Mon, 19 Mar 2018 10:35:16 +0000 (10:35 +0000)]
Fix no-cmac
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5665)
Matt Caswell [Mon, 19 Mar 2018 10:22:46 +0000 (10:22 +0000)]
Fix no-ec
Raw private/public key loading may fail for X25519/X448 if ec has been
disabled.
Also fixed a missing blank line in evppkey.txt resulting in a warning in
the test output.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5664)
Matt Caswell [Fri, 16 Mar 2018 11:09:39 +0000 (11:09 +0000)]
Add a CHANGES entry to mention the replay protection capabilities
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
Matt Caswell [Fri, 16 Mar 2018 11:07:58 +0000 (11:07 +0000)]
Document the replay protection capabilities
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
Matt Caswell [Fri, 16 Mar 2018 09:53:38 +0000 (09:53 +0000)]
Add a test for 0RTT replay protection
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
Matt Caswell [Fri, 16 Mar 2018 09:25:34 +0000 (09:25 +0000)]
Add an anti-replay mechanism
If the server is configured to allow early data then we check if the PSK
session presented by the client is available in the cache or not. If it
isn't then this may be a replay and we disallow it. If it is then we allow
it and remove the session from the cache. Note: the anti-replay protection
is not used for externally established PSKs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
Matt Caswell [Thu, 15 Mar 2018 21:02:15 +0000 (21:02 +0000)]
Don't update the session cache when processing a client certificate in TLSv1.3
We should only update the session cache when we issue a NewSessionTicket.
These are issued automatically after processing a client certificate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
Matt Caswell [Thu, 15 Mar 2018 17:47:29 +0000 (17:47 +0000)]
Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
Conceptually in TLSv1.3 there can be multiple sessions associated with a
single connection. Each NewSessionTicket issued can be considered a
separate session. We can end up issuing multiple NewSessionTickets on a
single connection at the moment (e.g. in a post-handshake auth scenario).
Each of those issued tickets should have the new_session_cb called, it
should go into the session cache separately and it should have a unique
id associated with it (so that they can be found individually in the
cache).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
JeffZhao [Fri, 16 Mar 2018 06:15:16 +0000 (14:15 +0800)]
engines/asm/e_padlock*: add support for Zhaoxin's x86 platform
VIA and Shanghai United Investment Co.,Ltd. found Shanghai ZhaoXin,
which is a fabless x86 CPU IC design company. ZhaoXin has issued
ZX-C, ZX-D x86 processors, which have 'Shanghai' CPU vendor id.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5640)
Richard Levitte [Mon, 19 Mar 2018 06:18:56 +0000 (07:18 +0100)]
Clarify a couple of details around "make variables"
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5660)
Richard Levitte [Wed, 14 Mar 2018 16:31:20 +0000 (17:31 +0100)]
Stop test/shlibloadtest.c from failing in a regression test
When doing a regression test, it's obvious that the version
test/shlibloadtest is built for will not be the same as the library
version. So we change the test to check for assumed compatibility.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5619)