oweals/openssl.git
5 years agoHandle CTRL-C as non-redoable abort signal
Bernd Edlinger [Mon, 17 Jun 2019 14:57:25 +0000 (16:57 +0200)]
Handle CTRL-C as non-redoable abort signal

This is a bit annoying, if for instance "openssl genrsa -aes128"
tries to read a 4+ character size password, but CTRL-C does no longer
work after a RETURN key, since the flag UI_FLAG_REDOABLE is set by
UI_set_result_ex, together with the error "You must type in 4 to 1023 characters".
Thus remove the REDOABLE flag to allow CTRL-C to work.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9170)

(cherry picked from commit f8922b5107d098c78f846c8c999f96111345de8d)

5 years agoAdd SSL_shutdown to SSL_get_error's documentation
Miquel Ruiz [Mon, 22 Oct 2018 21:34:57 +0000 (22:34 +0100)]
Add SSL_shutdown to SSL_get_error's documentation

SSL_shutdown can fail if called during initialization, and in such case, it'll
add an error to the error queue. This adds SSL_shutdown to the list of functions
that should preceed the call to SSL_get_error.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/7465)

(cherry picked from commit df9fd168ceb1f187365d24fef829d6d48b1077a9)

5 years agoFix UEFI build on FreeBSD by not including system headers
Rebecca Cran [Wed, 12 Jun 2019 20:03:36 +0000 (14:03 -0600)]
Fix UEFI build on FreeBSD by not including system headers

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9149)

5 years agoFix and document BIO_FLAGS_NONCLEAR_RST behavior on memory BIO
Tomas Mraz [Tue, 18 Jun 2019 14:41:48 +0000 (16:41 +0200)]
Fix and document BIO_FLAGS_NONCLEAR_RST behavior on memory BIO

The BIO_FLAGS_NONCLEAR_RST flag behavior was not properly documented
and it also caused the length to be incorrectly set after the reset
operation.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9179)

(cherry picked from commit 8b7b32921e63c492fa7233d81b11ee4d7ba266de)

5 years agoARIA documentation titled itself AES
Pauli [Wed, 19 Jun 2019 00:20:49 +0000 (10:20 +1000)]
ARIA documentation titled itself AES

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9188)

(cherry picked from commit b720949ec09f4dfbff1becc75ca808997e5b51bd)

5 years agoFollowing the previous 2 commits also move ecpointformats out of session
Matt Caswell [Tue, 18 Jun 2019 10:45:26 +0000 (11:45 +0100)]
Following the previous 2 commits also move ecpointformats out of session

The previous 2 commits moved supported groups and ciphers out of the
session object to avoid race conditions. We now also move ecpointformats
for consistency. There does not seem to be a race condition with access
to this data since it is only ever set in a non-resumption handshake.
However, there is no reason for it to be in the session.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9176)

5 years agoFix a race condition in ciphers handling
Matt Caswell [Fri, 14 Jun 2019 13:06:55 +0000 (14:06 +0100)]
Fix a race condition in ciphers handling

Similarly to the previous commit we were storing the peer offered list
of ciphers in the session. In practice there is no need for this
information to be avilable from one resumption to the next since this
list is specific to a particular handshake. Since the session object is
supposed to be immutable we should not be updating it once we have decided
to resume. The solution is to remove the session list out of the session
object.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9176)

5 years agoFix a race condition in supported groups handling
Matt Caswell [Fri, 14 Jun 2019 11:46:13 +0000 (12:46 +0100)]
Fix a race condition in supported groups handling

In TLSv1.3 the supported groups can be negotiated each time a handshake
occurs, regardless of whether we are resuming or not. We should not store
the supported groups information in the session because session objects
can be shared between multiple threads and we can end up with race
conditions. For most users this won't be seen because, by default, we
use stateless tickets in TLSv1.3 which don't get shared. However if you
use SSL_OP_NO_TICKET (to get stateful tickets in TLSv1.3) then this can
happen.

The answer is to move the supported the supported group information into
the SSL object instead.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9176)

5 years agoFix error handling at openssl_strerror_r
Bernd Edlinger [Fri, 14 Jun 2019 12:48:37 +0000 (14:48 +0200)]
Fix error handling at openssl_strerror_r

When bufsize == 0, openssl_strerror_r should return 0 (if _GNU_SOURCE is defined),
to be consistent with non-_GNU_SOURCE variants, which exhibit the same behavior.
Fix a few cases, where the return value of openssl_strerror_r was ignored.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9163)

(cherry picked from commit e7a4682d0b347f0dfba629f4601a28801e54ad67)

5 years agoSwap #if blocks in uid.c so target platform gets checked before host
Rebecca Cran [Thu, 13 Jun 2019 22:09:47 +0000 (16:09 -0600)]
Swap #if blocks in uid.c so target platform gets checked before host

This avoids the case where a UEFI build on FreeBSD tries to call the system
issetugid function instead of returning 0 as it should do.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9158)

5 years agoAdd documentation for X509_cmp and related APIs
Paul Yang [Thu, 6 Jun 2019 03:42:02 +0000 (11:42 +0800)]
Add documentation for X509_cmp and related APIs

Fixes: #9088

Functions documented in this commit: X509_cmp, X509_NAME_cmp,
X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp,
X509_CRL_cmp, X509_CRL_match

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9091)

(cherry picked from commit 4bfe304ea85ed4b2b00dd0857ccf9bdeba4ce7b5)

5 years agoUpdate the d2i docs to reflect reality
Matt Caswell [Wed, 12 Jun 2019 11:12:07 +0000 (12:12 +0100)]
Update the d2i docs to reflect reality

The d2i docs state that if an error occurs then |*a| is not freed. This
is not correct. On error it is freed and set to NULL. We update the docs
to say this, and also discuss the fact that this behaviour was inconsistent
prior to OpenSSL 1.1.0.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9146)

(cherry picked from commit b1d14c412a0ff06d191ef5640bd90bbcd590035c)

5 years agoFix typo mistake on calls to SSL_ctrl in ssl.h
raja-ashok [Tue, 11 Jun 2019 14:59:08 +0000 (20:29 +0530)]
Fix typo mistake on calls to SSL_ctrl in ssl.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9140)

(cherry picked from commit c162c126be342b8cd97996346598ecf7db56130f)

5 years agoRemove redundant include
Acheev Bhagat [Wed, 12 Jun 2019 00:28:04 +0000 (20:28 -0400)]
Remove redundant include

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9137)

(cherry picked from commit f35819d1b7e195af9a41d991db00655f6f2c0af3)

5 years agoMove a fall through comment
Matt Caswell [Tue, 11 Jun 2019 12:27:45 +0000 (13:27 +0100)]
Move a fall through comment

When compiling with --strict-warnings using gcc 7.4.0 the compiler
complains that a case falls through, even though there is an explicit
comment stating this. Moving the comment outside of the conditional
compilation section resolves this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9131)

(cherry picked from commit a2e520447e17a58b52cdf41ab1218b020f44e4a6)

5 years agoFix a URL to the NMBRTHRY list archive
Bernd Edlinger [Mon, 10 Jun 2019 08:24:35 +0000 (10:24 +0200)]
Fix a URL to the NMBRTHRY list archive

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9123)

(cherry picked from commit e98e586b31386af2b2212729da85561a207e7af3)

5 years agoFix doc to remove const arg in GEN_SESSION_CB
Shigeki Ohtsu [Fri, 7 Jun 2019 02:49:48 +0000 (11:49 +0900)]
Fix doc to remove const arg in GEN_SESSION_CB

ae3947de095 changed the callback arg not to have a const parameter.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9104)

(cherry picked from commit 7588660a534a9f154e1e25aa763964d507af8aab)

5 years agoapps/ca.c: only output DER with SPKAC input and when -out is chosen
Richard Levitte [Thu, 28 Feb 2019 10:30:19 +0000 (11:30 +0100)]
apps/ca.c: only output DER with SPKAC input and when -out is chosen

So say the docs

Fixes #8055

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8368)

(cherry picked from commit 69f6b3ceaba493e70e1296880ea6c93e40714f0f)

5 years agoBIO_lookup_ex: Retry with AI_ADDRCONFIG cleared if getaddrinfo fails
Tomas Mraz [Fri, 7 Jun 2019 09:34:42 +0000 (11:34 +0200)]
BIO_lookup_ex: Retry with AI_ADDRCONFIG cleared if getaddrinfo fails

The lookup for ::1 with getaddrinfo() might return error even if
the ::1 would work if AI_ADDRCONFIG flag is used.

Fixes: #9053

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9108)

(cherry picked from commit 3f91ede9aea70774d9b5d509bc76d484ebaff6aa)

5 years agoAdd CHANGES entries for the DEVRANDOM_WAIT feature and its removal
Dr. Matthias St. Pierre [Sun, 9 Jun 2019 00:13:48 +0000 (02:13 +0200)]
Add CHANGES entries for the DEVRANDOM_WAIT feature and its removal

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9118)

5 years agoRevert the DEVRANDOM_WAIT feature
Dr. Matthias St. Pierre [Wed, 5 Jun 2019 09:09:46 +0000 (11:09 +0200)]
Revert the DEVRANDOM_WAIT feature

The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b87f037
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.

It turned out that this change had negative side effects on
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.

Fixes #9078

This partially reverts commit 38023b87f037.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit a08714e18131b1998faa0113e5bd4024044654ac)

(Merged from https://github.com/openssl/openssl/pull/9118)

5 years agoReplace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print
Acheev Bhagat [Fri, 7 Jun 2019 00:05:49 +0000 (20:05 -0400)]
Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9101)

(cherry picked from commit bab6046146c4fc8f088c1aaca11598ede7609c04)

5 years agoFixed typo in code comment.
David Makepeace [Fri, 7 Jun 2019 00:45:51 +0000 (10:45 +1000)]
Fixed typo in code comment.
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9102)

(cherry picked from commit 87762939b508c7968d3c54d44c1319416c27603e)

5 years agoFix typo in macro argument of SSL_set1_client_sigalgs_list()
Dr. Matthias St. Pierre [Thu, 6 Jun 2019 11:28:29 +0000 (13:28 +0200)]
Fix typo in macro argument of SSL_set1_client_sigalgs_list()

Fixes #9092

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9093)

(cherry picked from commit e6071f29c24cd22ac7857bf88917598265cc90a9)

5 years agoDocument deprecation of version-specific SSL/TLS methods
Dr. Matthias St. Pierre [Fri, 24 May 2019 12:04:26 +0000 (14:04 +0200)]
Document deprecation of version-specific SSL/TLS methods

In commit 2b8fa1d56cd3 the version-specific SSL/TLS methods were
deprecated. This patch improves the documentation of that change
by stating the deprecation more prominently in the manual page
and explaining the reason for the deprecation.

Fixes #8989

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9001)

(cherry picked from commit f308fa2573b0320236cd2c2d73db37c49e3eb779)

5 years agobuild_SYS_str_reasons: Fix a crash caused by overlong locales
Vitezslav Cizek [Tue, 4 Jun 2019 11:24:59 +0000 (13:24 +0200)]
build_SYS_str_reasons: Fix a crash caused by overlong locales

The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales.
The Russian locales consume 6856 bytes, Ukrainian even 7000.

build_SYS_str_reasons() contains an overflow check:

if (cnt > sizeof(strerror_pool))
    cnt = sizeof(strerror_pool);

But since commit 9f15e5b911ba6053e09578f190354568e01c07d7 it no longer
works as cnt is incremented once more after the condition.

cnt greater than sizeof(strerror_pool) results in an unbounded
OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash.

When the first received error string was empty or contained only
spaces, cur would move in front of the start of the strerror_pool.

Also don't call openssl_strerror_r when the pool is full.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8966)

(cherry picked from commit fac9200a881a83bef038ebed628ebd409786a1a6)

5 years agoRemove last references to DEBUG_SAFESTACK
Dr. Matthias St. Pierre [Mon, 3 Jun 2019 14:03:42 +0000 (16:03 +0200)]
Remove last references to DEBUG_SAFESTACK

The DEBUG_SAFESTACK preprocessor define is obsolete since 2008
when the non-safestack code was removed by commit 985de8634000.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9070)

(cherry picked from commit d4f63f1c39c3908cd81fda07448144bafb9aba4a)

5 years agoWrite a test for receiving a KeyUpdate (update requested) while writing
Matt Caswell [Wed, 17 Apr 2019 09:30:53 +0000 (10:30 +0100)]
Write a test for receiving a KeyUpdate (update requested) while writing

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8773)

(cherry picked from commit a77b4dba237d001073d2d1c5d55c674a196c949f)

5 years agoDefer sending a KeyUpdate until after pending writes are complete
Matt Caswell [Wed, 17 Apr 2019 10:09:05 +0000 (11:09 +0100)]
Defer sending a KeyUpdate until after pending writes are complete

If we receive a KeyUpdate message (update requested) from the peer while
we are in the middle of a write, we should defer sending the responding
KeyUpdate message until after the current write is complete. We do this
by waiting to send the KeyUpdate until the next time we write and there is
no pending write data.

This does imply a subtle change in behaviour. Firstly the responding
KeyUpdate message won't be sent straight away as it is now. Secondly if
the peer sends multiple KeyUpdates without us doing any writing then we
will only send one response, as opposed to previously where we sent a
response for each KeyUpdate received.

Fixes #8677

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8773)

(cherry picked from commit feb9e31c40c49de6384dd0413685e9b5a15adc99)

5 years agoAdd the content type attribute to additional CMS signerinfo.
Shane Lontis [Mon, 3 Jun 2019 05:19:48 +0000 (15:19 +1000)]
Add the content type attribute to additional CMS signerinfo.

Fixes #8923

Found using the openssl cms -resign option.
This uses an alternate path to do the signing which was not adding the required signed attribute
content type. The content type attribute should always exist since it is required is there are
any signed attributes.
As the signing time attribute is always added in code, the content type attribute is also required.
The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes
e.g. The message digest attribute is a signed attribute that must exist if any signed attributes
exist, it cannot be an unsigned attribute and there must only be one instance containing a single
value.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8944)

(cherry picked from commit 19e512a8244a6f527d0194339a8f9fc45468537a)

5 years agoFix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.
David Benjamin [Thu, 30 May 2019 21:01:10 +0000 (17:01 -0400)]
Fix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9050)

(cherry picked from commit 8be6a4ed02297f380bbea269f2e1c08a592444bc)

5 years agoFix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux
Retropotenza [Fri, 31 May 2019 10:43:24 +0000 (12:43 +0200)]
Fix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux

CLA: trivial

Fixes #8911

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8866)

(cherry picked from commit fdbb3a865575136f3b432690357423c2512831fa)

5 years agoUpdate X509_STORE_new.pod
Sambit Kumar Dash [Thu, 2 May 2019 18:23:04 +0000 (23:53 +0530)]
Update X509_STORE_new.pod

Minor typo.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8866)

(cherry picked from commit 3527cfcf283d2ee2e14e85f8e432eb1bcc687dbe)

5 years agoUpdate EVP_VerifyInit.pod
Sambit Kumar Dash [Thu, 30 May 2019 21:23:02 +0000 (02:53 +0530)]
Update EVP_VerifyInit.pod

Method name correction.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9052)

(cherry picked from commit 3c9a8d4a5155e1b02fab63ea97b8131eadda8320)

5 years agoissue-8998: Ensure that the alert is generated and reaches the remote
agnosticdev [Wed, 29 May 2019 15:27:26 +0000 (10:27 -0500)]
issue-8998: Ensure that the alert is generated and reaches the remote

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9041)

(cherry picked from commit 03da376ff7504c63a1d00d57cf41bd7b7e93ff65)

5 years agoFix broken change from b3d113e.
Pauli [Thu, 28 Mar 2019 23:24:07 +0000 (09:24 +1000)]
Fix broken change from b3d113e.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8606)

(cherry picked from commit 711a161f03ef9ed7cd149a22bf1203700c103e96)

5 years agocrypto/conf: openssl_config_int() returns unitialized value
Dr. Matthias St. Pierre [Tue, 28 May 2019 12:29:59 +0000 (14:29 +0200)]
crypto/conf: openssl_config_int() returns unitialized value

openssl_config_int() returns the uninitialized variable `ret`
when compiled with OPENSSL_SYS_UEFI.

Fixes #9026

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9029)

(cherry picked from commit f4a96507fb880d5f5a707c138388cb8b5b1ba8c8)

5 years agoTypo BIO_SOCK_REUSADDR => BIO_SOCK_REUSEADDR
Iuri Rezende Souza [Tue, 28 May 2019 04:02:34 +0000 (00:02 -0400)]
Typo BIO_SOCK_REUSADDR => BIO_SOCK_REUSEADDR

CLA: trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9021)

(cherry picked from commit ea8d07b155d26abb52574a1c1366b662a27ffbed)

5 years agoConfigurations/unix-Makefile.tmpl: not -v for rm
Richard Levitte [Mon, 27 May 2019 12:20:20 +0000 (14:20 +0200)]
Configurations/unix-Makefile.tmpl: not -v for rm

Not all Unixen know the -v option

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9012)

(cherry picked from commit 3b8033f3f593ac06aaea5d050960366001ef99f0)

5 years agoConfigure: link AIX modules correctly
Richard Levitte [Mon, 27 May 2019 12:16:47 +0000 (14:16 +0200)]
Configure: link AIX modules correctly

Use -bnoentry, not -bexpall

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9012)

(cherry picked from commit f3d6a3644679d37e791408ff3750d0baa76d1206)

5 years agoThe SHA256 is not a mandatory digest for DSA.
Tomas Mraz [Mon, 27 May 2019 14:52:03 +0000 (16:52 +0200)]
The SHA256 is not a mandatory digest for DSA.

The #7408 implemented mandatory digest checking in TLS.
However this broke compatibility of DSS support with GnuTLS
which supports only SHA1 with DSS.

There is no reason why SHA256 would be a mandatory digest
for DSA as other digests in SHA family can be used as well.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9015)

(cherry picked from commit cd4c83b52423008391b50abcccf18a7d8fcce03b)

5 years agoPrepare for 1.1.1d-dev
Richard Levitte [Tue, 28 May 2019 13:12:39 +0000 (15:12 +0200)]
Prepare for 1.1.1d-dev

Reviewed-by: Matt Caswell <matt@openssl.org>
5 years agoPrepare for 1.1.1c release OpenSSL_1_1_1c
Richard Levitte [Tue, 28 May 2019 13:12:21 +0000 (15:12 +0200)]
Prepare for 1.1.1c release

Reviewed-by: Matt Caswell <matt@openssl.org>
5 years agoUpdate copyright year
Richard Levitte [Tue, 28 May 2019 12:49:38 +0000 (14:49 +0200)]
Update copyright year

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9034)

5 years agoAdd CHANGES and NEWS for 1.1.1c
Richard Levitte [Mon, 27 May 2019 19:32:41 +0000 (21:32 +0200)]
Add CHANGES and NEWS for 1.1.1c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9017)

5 years agoConfigure: make 'enable-buildtest-c++' work (not be a regexp)
Richard Levitte [Mon, 27 May 2019 17:16:14 +0000 (19:16 +0200)]
Configure: make 'enable-buildtest-c++' work (not be a regexp)

OpenSSL 1.1.1's Configure treats the strings in @disablables as regexps,
which means that the 'buildtest-c++' option needs a bit of escaping to
be interpreted as intended.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9016)

5 years agoAdd advice on setting CXX at the same time as CC
Richard Levitte [Fri, 1 Mar 2019 10:54:07 +0000 (11:54 +0100)]
Add advice on setting CXX at the same time as CC

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8370)

(cherry picked from commit 284d19c2ced0264bd46de61718aa4a60efa8d175)

5 years agoTravis: use enable-buildtest-c++
Richard Levitte [Thu, 28 Feb 2019 12:35:32 +0000 (13:35 +0100)]
Travis: use enable-buildtest-c++

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8370)

(cherry picked from commit 26a053d195d5cc8a5cd648da3f05d3ff0e47f776)

5 years agoConfigure: make C++ build tests optional and configurable
Richard Levitte [Thu, 28 Feb 2019 12:28:43 +0000 (13:28 +0100)]
Configure: make C++ build tests optional and configurable

Disabled by default

Fixes #8360

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8370)

(cherry picked from commit ac4033d658e4dc210ed4552b88069b57532ba3d7)

5 years agoConfigure: Remove extra warning and sanitizer options from CXXFLAGS
Richard Levitte [Mon, 27 May 2019 12:40:25 +0000 (14:40 +0200)]
Configure: Remove extra warning and sanitizer options from CXXFLAGS

We add the extra warning and sanitizer options to check our code,
which is entirely in C.  We support C++ compilers uniquely for the
sake of certain external test suites, and those projects can probably
sanitize their own code themselves.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9013)

(cherry picked from commit 3b437400d90fb89ce5e0d74fd79bda9028f185fb)

5 years agodoc/man3/X509_LOOKUP_meth_new.pod: clarify the requirements
Richard Levitte [Mon, 15 Apr 2019 15:30:11 +0000 (17:30 +0200)]
doc/man3/X509_LOOKUP_meth_new.pod: clarify the requirements

The documentation of what a X509_LOOKUP implementation must do was
unclear and confusing.  Most of all, clarification was needed that it
must store away the found objects in the X509_STORE.

Fixes #8707

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8755)

(cherry picked from commit 19f43f02aa5349034d0a7a60c3a750e046f994b5)

5 years agoOCSP: fix memory leak in OCSP_url_svcloc_new method.
FdaSilvaYY [Sun, 19 May 2019 22:33:58 +0000 (00:33 +0200)]
OCSP: fix memory leak in OCSP_url_svcloc_new method.
Add a few coverage test case.

Fixes #8949

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8959)

(cherry picked from commit 5b3accde606ffe01466426bd59407ffca0690d23)

5 years agoFix GOST OID
voev [Wed, 22 May 2019 12:46:18 +0000 (15:46 +0300)]
Fix GOST OID

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8979)

5 years agoissue-8973: Added const to parameters for values that were not altered
agnosticdev [Fri, 24 May 2019 01:33:19 +0000 (20:33 -0500)]
issue-8973: Added const to parameters for values that were not altered

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8995)

(cherry picked from commit 5435a830765a63692b8e1e406142d1602133a5a0)

5 years agoDoc update: minor typo in CMS_verify.pod
Sambit Kumar Dash [Fri, 24 May 2019 02:26:22 +0000 (12:26 +1000)]
Doc update: minor typo in CMS_verify.pod
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8952)

(cherry picked from commit 55e09d17d4c84213d372651b0c91bdc9ef786728)

5 years agoFix a crash in the speed command with wrap ciphers
Bernd Edlinger [Sat, 13 Apr 2019 08:01:09 +0000 (10:01 +0200)]
Fix a crash in the speed command with wrap ciphers

e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)

(cherry picked from commit 5d238a1032fee0e4759c2ed7fbd09cb9d7125a72)

5 years agoAdd the NIST CAVS test vectors for CCM
Matt Caswell [Wed, 22 May 2019 18:36:25 +0000 (19:36 +0100)]
Add the NIST CAVS test vectors for CCM

This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and
coverts them for use within evp_test. This commit also adds a script to
convert the .rsp CAVS files into the evp_test format.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8981)

(cherry picked from commit ecb0f148a94c9b0076240ca1d7904ab50a7dc9a4)

5 years agoEVP_Digest*: enable SHA3 pre-hashing for DSA
Patrick Steuer [Tue, 21 May 2019 16:50:39 +0000 (18:50 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for DSA

Fixes #7323

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)

(cherry picked from commit 3f950d87650776d0e2874588081fecb7bdd4fbd0)

5 years agoEVP_Digest*: enable SHA3 pre-hashing for ECDSA
Patrick Steuer [Tue, 21 May 2019 15:43:54 +0000 (17:43 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for ECDSA

Fixes #8957

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)

(cherry picked from commit e8d0678da4942dd027981175b16b6b3162731205)

5 years agos390x assembly pack: allow specifying the tag after aad in aes-ccm
Patrick Steuer [Tue, 21 May 2019 17:10:28 +0000 (19:10 +0200)]
s390x assembly pack: allow specifying the tag after aad in aes-ccm

67c81ec311 forgot about s390x

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8971)

(cherry picked from commit 887e22dd8b6f054e39b2d20fc8870eaba7fc61a8)

5 years agoChange default RSA, DSA and DH size to 2048 bit
Kurt Roeckx [Sat, 13 Apr 2019 10:32:48 +0000 (12:32 +0200)]
Change default RSA, DSA and DH size to 2048 bit

Fixes: #8737

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8741
(cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e)

5 years agoRevert "EVP_*Update: ensure that input NULL with length 0 isn't passed"
Matt Caswell [Tue, 21 May 2019 08:31:32 +0000 (09:31 +0100)]
Revert "EVP_*Update: ensure that input NULL with length 0 isn't passed"

This reverts commit dcb982d792d6064ed3493e79749208d8c257ff04.

This change is causing extended tests to fail.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8964)

(cherry picked from commit 2c23689402f1894861519d0c1ad762a3e52f4677)

5 years agoChange SSL parameter SSL_session_reused const
Arne Schwabe [Fri, 17 May 2019 10:35:33 +0000 (12:35 +0200)]
Change SSL parameter SSL_session_reused const

This function only returns a status and does not modify the parameter.
Since similar function are already taking const parameters, also
change this function to have a const parameter.

Fixes #8934

CLA: trivial
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8945)

(cherry picked from commit c04b66b18d1a90f0c6326858e4b8367be5444582)

5 years agoFix typo in NOTES.PERL
Valentin Robert [Thu, 9 May 2019 19:12:31 +0000 (12:12 -0700)]
Fix typo in NOTES.PERL

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8905)

(cherry picked from commit 3e4e43e609d6e9c36e5e526246d31802102cad4a)

5 years agocrypto/ppccap.c: Fix which hwcap value used to check for HWCAP_ARCH_3_00
Rashmica Gupta [Tue, 7 May 2019 02:42:59 +0000 (12:42 +1000)]
crypto/ppccap.c: Fix which hwcap value used to check for HWCAP_ARCH_3_00

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8889)

(cherry picked from commit 99592c73e7167990082626a46ea9286c152f85fd)

5 years agoAllow specifying the tag after AAD in CCM mode
Tobias Nießen [Fri, 14 Sep 2018 19:49:34 +0000 (21:49 +0200)]
Allow specifying the tag after AAD in CCM mode

This change allows to pass the authentication tag after specifying
the AAD in CCM mode. This is already true for the other two supported
AEAD modes (GCM and OCB) and it seems appropriate to match the
behavior.

GCM and OCB also support to set the tag at any point before the call
to `EVP_*Final`, but this won't work for CCM due to a restriction
imposed by section 2.6 of RFC3610: The tag must be set before
actually decrypting data.

This commit also adds a test case for setting the tag after supplying
plaintext length and AAD.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7243)

(cherry picked from commit 67c81ec311d696464bdbf4c6d6f8a887a3ddf9f8)

5 years agoReject obviously invalid DSA parameters during signing
Matt Caswell [Fri, 3 May 2019 14:56:08 +0000 (15:56 +0100)]
Reject obviously invalid DSA parameters during signing

Fixes #8875

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8876)

(cherry picked from commit 9acbe07d2300d34a7ea846d9756f33b4595e32fb)

5 years agoman: fix a typo and a grammar nit in EVP_PKEY_meth_new(3)
Dr. Matthias St. Pierre [Tue, 7 May 2019 09:59:11 +0000 (11:59 +0200)]
man: fix a typo and a grammar nit in EVP_PKEY_meth_new(3)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8893)

(cherry picked from commit 260a16f33682a819414fcba6161708a5e6bdff50)

5 years agoopenssl cms: add error message if operation option is missing
Dr. Matthias St. Pierre [Thu, 2 May 2019 12:49:34 +0000 (14:49 +0200)]
openssl cms: add error message if operation option is missing

If the `openssl cms` command is called without specifying an
operation option, it replies with the following laconic error message:

    cms: Use -help for summary.

This commit adds a helpful error message:

    No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8861)

(cherry picked from commit 42151b8edb112d23d81f6e0d6606d98797771b4b)

5 years agoTest: use keywords instead of magic numbers for 'rsa_pss_saltlen'
Dr. Matthias St. Pierre [Thu, 2 May 2019 11:57:35 +0000 (13:57 +0200)]
Test: use keywords instead of magic numbers for 'rsa_pss_saltlen'

Since commit 137096a7ead it is possible to specify keywords instead
of negative magic numbers for the salt length. This commit replaces
the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes
by `rsa_pss_saltlen:max`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8860)

(cherry picked from commit 31fc48ddc30c627416edaa62ec1448e66ef92908)

5 years agoAllow setting RCFLAGS as Configure option or environment variable
Wojciech Kaluza [Sun, 21 Apr 2019 11:39:20 +0000 (12:39 +0100)]
Allow setting RCFLAGS as Configure option or environment variable

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)

(cherry picked from commit 0c4e984de28b1477e002766b2751576f5c6c47d6)

5 years agoAdd RCFLAGS variable in Windows build file, and use it
Wojciech Kaluza [Sun, 21 Apr 2019 11:14:34 +0000 (12:14 +0100)]
Add RCFLAGS variable in Windows build file, and use it

- Allow user-defined RCFLAGS
- Pass RCFLAGS to RC

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)

(cherry picked from commit a583172dac8bce37e268943e570968f193e8b64b)

5 years agoConfigure: process shared-info.pl later
Richard Levitte [Tue, 30 Apr 2019 08:33:55 +0000 (10:33 +0200)]
Configure: process shared-info.pl later

The reason is that the shared-info attributes may depend on %disabled,
so we need to process all enablings/disablings first.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8846)

(cherry picked from commit 8f0dd6d9eec0e52feb1b19725c7134684bff28bc)

5 years agoRevert "Statistically test BN_rand_range()."
Pauli [Thu, 25 Apr 2019 21:43:38 +0000 (07:43 +1000)]
Revert "Statistically test BN_rand_range()."
The testutil support for doubles isn't present in 1.1.1.

This reverts commit 4a71766793bbd54da8915619d497c1bfd8646256 from #8818.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8829)

5 years agoStatistically test BN_rand_range().
Pauli [Wed, 24 Apr 2019 01:24:11 +0000 (11:24 +1000)]
Statistically test BN_rand_range().

Add a Chi^2 goodness of fit test to empirically provide a degree of confidence
in the uniformity of the output of the random range generation function.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8818)

(cherry picked from commit bb5b3e6dd0575a4fa96f5085228b716062c00502)

5 years agoEnforce a strict output length check in CRYPTO_ccm128_tag
Guido Vranken [Mon, 22 Apr 2019 12:11:12 +0000 (14:11 +0200)]
Enforce a strict output length check in CRYPTO_ccm128_tag

Return error if the output tag buffer size doesn't match
the tag size exactly. This prevents the caller from
using that portion of the tag buffer that remains
uninitialized after an otherwise succesfull call to
CRYPTO_ccm128_tag.

Bug found by OSS-Fuzz.

Fix suggested by Kurt Roeckx.

Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8810)

(cherry picked from commit 514c9da48b860153079748b0d588cd42191f0b6a)

5 years agodoc: Get rid of unrelated reference to DSA_new()
Jakub Jelen [Thu, 18 Apr 2019 14:09:45 +0000 (16:09 +0200)]
doc: Get rid of unrelated reference to DSA_new()

CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8786)

(cherry picked from commit 87930507ff1c020d4ba1ca895ef3ef08e17253b3)

5 years agoConfigure: make disabling stuff easier and safer
Richard Levitte [Tue, 23 Apr 2019 07:41:19 +0000 (09:41 +0200)]
Configure: make disabling stuff easier and safer

Disabling one thing may mean having to disable other things as well.
We already have a process to auto-disable things through cascading,
but that was under-used.

Making the cascading mechanism available through a function to be
called to disable stuff makes it more automatic, and helps us when we
forget how different disabling options affect others.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)

(cherry picked from commit 71ef78d71f638c7de893c635ee9b0fd16247c762)

5 years agoConfigure: recognise -static even if given through variables
Richard Levitte [Tue, 23 Apr 2019 07:29:45 +0000 (09:29 +0200)]
Configure: recognise -static even if given through variables

Fixes #8787

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)

(cherry picked from commit 4650d10ff6ad1048785a009349c8b5d6e922fc7a)

5 years agoConfigure: merge all of %user and %useradd into %config earlier
Richard Levitte [Tue, 23 Apr 2019 07:24:38 +0000 (09:24 +0200)]
Configure: merge all of %user and %useradd into %config earlier

This came about with the realisation that upper case CFLAGS, LDFLAGS
and so on aren't treated much after that, and this makes figuring out
user added flags significantly easier, just look in %config.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)

(cherry picked from commit c1a09254e4c763b62811bc412afa1498699fce50)

5 years agoCheck if num is 0 before trying to malloc memory. Otherwise for client hellos without...
dyrock [Mon, 15 Apr 2019 16:01:58 +0000 (11:01 -0500)]
Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8756)

(cherry picked from commit 6fda11ae5a06e28fd9463e5afb60735d074904b3)

5 years agoAdd some more test vectors for ChaCha20
Matt Caswell [Thu, 18 Apr 2019 09:55:11 +0000 (10:55 +0100)]
Add some more test vectors for ChaCha20

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8780)

(cherry picked from commit a595b10d343845eca32cffb35f1d0a2f15ce40a9)

5 years agoClarify the documentation on the use of ChaCha20
Matt Caswell [Thu, 18 Apr 2019 09:54:58 +0000 (10:54 +0100)]
Clarify the documentation on the use of ChaCha20

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8780)

(cherry picked from commit 6f3aae256d62cfcc48c07cc0ead5080b070f371b)

5 years agoasn1parse: avoid double free
Richard Levitte [Mon, 15 Apr 2019 11:15:55 +0000 (13:15 +0200)]
asn1parse: avoid double free

|str| was used for multiple conflicting purposes.  When using
'-strictpem', it's used to uniquely hold a reference to the loaded
payload.  However, when using '-strparse', |str| was re-used to hold
the position from where to start parsing.

So when '-strparse' and '-strictpem' are were together, |str| ended up
pointing into data pointed at by |at|, and was yet being freed, with
the result that the payload it held a reference to became a memory
leak, and there was a double free conflict when both |str| and |at|
were being freed.

The situation is resolved by always having |buf| hold the pointer to
the file data, and always and only use |str| to hold the position to
start parsing from.  Now, we only need to free |buf| properly and not
|str|.

Fixes #8752

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8753)

(cherry picked from commit 4f29f3a29b8b416a501c7166dbbca5284b198f81)

5 years agoAdd test for the BIO_s_mem rdwr->rdonly->rdwr use-case
Tomas Mraz [Thu, 4 Apr 2019 07:49:36 +0000 (09:49 +0200)]
Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

(cherry picked from commit 06add280d90de9625e9c18985f376ef8d0419a46)

5 years agoAdd documentation for the BIO_s_mem pecularities
Tomas Mraz [Thu, 4 Apr 2019 07:48:47 +0000 (09:48 +0200)]
Add documentation for the BIO_s_mem pecularities

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

(cherry picked from commit 3d42833d389134b7b05b655c264e4dba5a2179e9)

5 years agoAdd testing of RDONLY memory BIOs
Tomas Mraz [Wed, 3 Apr 2019 17:07:00 +0000 (19:07 +0200)]
Add testing of RDONLY memory BIOs

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

(cherry picked from commit d34bce03acc53c583df954bbed65d4800751563a)

5 years agoAdd test for the BIO_get_mem_ptr() regression
Bernd Edlinger [Fri, 1 Mar 2019 00:55:38 +0000 (01:55 +0100)]
Add test for the BIO_get_mem_ptr() regression

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

(cherry picked from commit c9dc22bc3d7f2df670dff66f04935e540e1b931a)

5 years agoFix for BIO_get_mem_ptr and related regressions
Tomas Mraz [Wed, 3 Apr 2019 10:31:32 +0000 (12:31 +0200)]
Fix for BIO_get_mem_ptr and related regressions

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

(cherry picked from commit b238fb79709a180ba9b4d837101c9f75e2978dc0)

5 years agoFurther harmonisation of manual page HISTORY sections
Joshua Lock [Thu, 11 Apr 2019 14:38:56 +0000 (15:38 +0100)]
Further harmonisation of manual page HISTORY sections

A couple of minor tweaks to match the style introduced in #7854:
- BIO_connect: remove line break to make more grep friendly
- SSL_CTX_new: harmoise the format of the HISTORY section

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 938e82f622eb04ebbfe534c79d234d0f6a0df035)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)

5 years agoUpdate various man pages to place HISTORY section after SEE ALSO
Joshua Lock [Tue, 9 Apr 2019 14:13:55 +0000 (15:13 +0100)]
Update various man pages to place HISTORY section after SEE ALSO

SEE ALSO before HISTORY is the more common pattern in OpenSSL manual
pages and seems to be the prevalent order based on sampling my system
manual pages.

Fixes #8631

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b5c4bbbe54e112b976155004b3d702e47ce7d9d9)

 Conflicts:
doc/man3/RAND_DRBG_generate.pod
doc/man3/RAND_DRBG_reseed.pod

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)

5 years agoAdd a check for history section location to find-doc-nits
Joshua Lock [Tue, 9 Apr 2019 14:10:08 +0000 (15:10 +0100)]
Add a check for history section location to find-doc-nits

Check that the HISTORY section is located after the SEE ALSO section,
this is a much more frequent order in OpenSSL manual pages (and UNIX
manual pages in general).

Also check that SEE ALSO comes after EXAMPLES, so that the tool can
ensure the correct manual section sequence.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 573ac8f2228241771f727ecd8ff10f54073536d3)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)

5 years agoMake check_example_location() in find-doc-nits generic
Joshua Lock [Tue, 9 Apr 2019 13:53:58 +0000 (14:53 +0100)]
Make check_example_location() in find-doc-nits generic

Change to check_section_location(), a generic function to ensure that
section SECTION appears before section BEFORE in the man pages.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 95f92d57755a9bfc83135a585da69d497f7293d9)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)

5 years agoAdd section order check in util/find-doc-nits
Paul Yang [Tue, 26 Feb 2019 05:51:02 +0000 (13:51 +0800)]
Add section order check in util/find-doc-nits

This patch checks if the EXAMPLES section in a pod file is placed
before the RETURN VALUES section.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit cc838ee2d66f7295bf7a7e6695aab1080d6791e9)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8736)

5 years agoPlace return values after examples in doc
Paul Yang [Tue, 26 Feb 2019 05:11:10 +0000 (13:11 +0800)]
Place return values after examples in doc

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 4564e77ae9dd1866e8a033f03511b6a1792c024e)

 Conflicts:
doc/internal/man3/openssl_ctx_get_data.pod (non-existant)
doc/man3/OPENSSL_s390xcap.pod (non-existant)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8736)

5 years agoDon't use coordinate blinding when scalar is group order
Bernd Edlinger [Fri, 12 Apr 2019 12:28:00 +0000 (14:28 +0200)]
Don't use coordinate blinding when scalar is group order

This happens in ec_key_simple_check_key and EC_GROUP_check.
Since the the group order is not a secret scalar, it is
unnecessary to use coordinate blinding.

Fixes: #8731

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8734)

(cherry picked from commit 3051bf2afab7ac8b7b9c64e68755d1addd2fb8ff)

5 years agoFixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t
Shane Lontis [Mon, 8 Apr 2019 05:22:18 +0000 (15:22 +1000)]
Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8697)

(cherry picked from commit 3a86f1db282569c538273cc48462a3fa5fcffa39)

5 years agoAvoid creating invalid rsa pss params
Bernd Edlinger [Sun, 31 Mar 2019 11:56:23 +0000 (13:56 +0200)]
Avoid creating invalid rsa pss params

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8621)

(cherry picked from commit 491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03)

5 years agoFix typos
Jakub Wilk [Wed, 10 Apr 2019 10:00:20 +0000 (12:00 +0200)]
Fix typos

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8714)

(cherry picked from commit ee215c7eea91f193d4765127eb31332758753058)

5 years agoEVP_*Update: ensure that input NULL with length 0 isn't passed
Richard Levitte [Thu, 4 Apr 2019 23:22:14 +0000 (01:22 +0200)]
EVP_*Update: ensure that input NULL with length 0 isn't passed

Even with custome ciphers, the combination in == NULL && inl == 0
should not be passed down to the backend cipher function.  The reason
is that these are the values passed by EVP_*Final, and some of the
backend cipher functions do check for these to see if a "final" call
is made.

Fixes #8675

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8676)

(cherry picked from commit dcb982d792d6064ed3493e79749208d8c257ff04)