oweals/openssl.git
5 years agoFollowing the license change, modify the boilerplates in crypto/ec/
Richard Levitte [Thu, 6 Dec 2018 12:38:06 +0000 (13:38 +0100)]
Following the license change, modify the boilerplates in crypto/ec/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7791)

5 years agoFollowing the license change, modify the boilerplates in crypto/dso/
Richard Levitte [Thu, 6 Dec 2018 12:37:48 +0000 (13:37 +0100)]
Following the license change, modify the boilerplates in crypto/dso/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7790)

5 years agoFollowing the license change, modify the boilerplates in crypto/dsa/
Richard Levitte [Thu, 6 Dec 2018 12:36:26 +0000 (13:36 +0100)]
Following the license change, modify the boilerplates in crypto/dsa/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7789)

5 years agoFollowing the license change, modify the boilerplates in crypto/dh/
Richard Levitte [Thu, 6 Dec 2018 12:36:05 +0000 (13:36 +0100)]
Following the license change, modify the boilerplates in crypto/dh/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7788)

5 years agoFollowing the license change, modify the boilerplates in crypto/des/
Richard Levitte [Thu, 6 Dec 2018 12:35:45 +0000 (13:35 +0100)]
Following the license change, modify the boilerplates in crypto/des/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7787)

5 years agoFollowing the license change, modify the boilerplates in crypto/ct/
Richard Levitte [Thu, 6 Dec 2018 12:34:58 +0000 (13:34 +0100)]
Following the license change, modify the boilerplates in crypto/ct/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7786)

5 years agoFollowing the license change, modify the boilerplates in crypto/conf/
Richard Levitte [Thu, 6 Dec 2018 12:34:05 +0000 (13:34 +0100)]
Following the license change, modify the boilerplates in crypto/conf/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7785)

5 years agoFollowing the license change, modify the boilerplates in crypto/comp/
Richard Levitte [Thu, 6 Dec 2018 12:33:32 +0000 (13:33 +0100)]
Following the license change, modify the boilerplates in crypto/comp/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7784)

5 years agoFollowing the license change, modify the boilerplates in crypto/cms/
Richard Levitte [Thu, 6 Dec 2018 12:32:50 +0000 (13:32 +0100)]
Following the license change, modify the boilerplates in crypto/cms/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7783)

5 years agoFollowing the license change, modify the boilerplates in crypto/cmac/
Richard Levitte [Thu, 6 Dec 2018 12:32:17 +0000 (13:32 +0100)]
Following the license change, modify the boilerplates in crypto/cmac/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7782)

5 years agoFollowing the license change, modify the boilerplates in crypto/chacha/
Richard Levitte [Thu, 6 Dec 2018 12:31:54 +0000 (13:31 +0100)]
Following the license change, modify the boilerplates in crypto/chacha/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7781)

5 years agoFollowing the license change, modify the boilerplates in crypto/cast/
Richard Levitte [Thu, 6 Dec 2018 12:31:06 +0000 (13:31 +0100)]
Following the license change, modify the boilerplates in crypto/cast/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7780)

5 years agoFollowing the license change, modify the boilerplates in crypto/camellia/
Richard Levitte [Thu, 6 Dec 2018 12:29:51 +0000 (13:29 +0100)]
Following the license change, modify the boilerplates in crypto/camellia/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7779)

5 years agoFollowing the license change, modify the boilerplates in crypto/buffer/
Richard Levitte [Thu, 6 Dec 2018 12:23:18 +0000 (13:23 +0100)]
Following the license change, modify the boilerplates in crypto/buffer/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7778)

5 years agoFollowing the license change, modify the boilerplates in crypto/bn/
Richard Levitte [Thu, 6 Dec 2018 12:22:12 +0000 (13:22 +0100)]
Following the license change, modify the boilerplates in crypto/bn/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7777)

5 years agoFollowing the license change, modify the boilerplates in crypto/blake2/
Richard Levitte [Thu, 6 Dec 2018 12:21:01 +0000 (13:21 +0100)]
Following the license change, modify the boilerplates in crypto/blake2/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7776)

5 years agoFollowing the license change, modify the boilerplates in crypto/bio/
Richard Levitte [Thu, 6 Dec 2018 12:20:10 +0000 (13:20 +0100)]
Following the license change, modify the boilerplates in crypto/bio/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7775)

5 years agoFollowing the license change, modify the boilerplates in crypto/bf/
Richard Levitte [Thu, 6 Dec 2018 12:19:23 +0000 (13:19 +0100)]
Following the license change, modify the boilerplates in crypto/bf/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7774)

5 years agoFollowing the license change, modify the boilerplates in crypto/async/
Richard Levitte [Thu, 6 Dec 2018 12:18:31 +0000 (13:18 +0100)]
Following the license change, modify the boilerplates in crypto/async/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7773)

5 years agoFollowing the license change, modify the boilerplates in crypto/asn1/
Richard Levitte [Thu, 6 Dec 2018 12:17:34 +0000 (13:17 +0100)]
Following the license change, modify the boilerplates in crypto/asn1/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7772)

5 years agoFollowing the license change, modify the boilerplates in crypto/aes/
Richard Levitte [Thu, 6 Dec 2018 12:16:23 +0000 (13:16 +0100)]
Following the license change, modify the boilerplates in crypto/aes/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7771)

5 years agoFollowing the license change, modify the boilerplates in ms/
Richard Levitte [Thu, 6 Dec 2018 12:10:33 +0000 (13:10 +0100)]
Following the license change, modify the boilerplates in ms/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7769)

5 years agoFollowing the license change, modify the boilerplates in ssl/
Richard Levitte [Thu, 6 Dec 2018 12:08:51 +0000 (13:08 +0100)]
Following the license change, modify the boilerplates in ssl/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7768)

5 years agoFollowing the license change, modify the boilerplates in test/
Richard Levitte [Thu, 6 Dec 2018 12:05:25 +0000 (13:05 +0100)]
Following the license change, modify the boilerplates in test/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)

5 years agoFollowing the license change, modify the boilerplates in util/, tools/
Richard Levitte [Thu, 6 Dec 2018 12:03:50 +0000 (13:03 +0100)]
Following the license change, modify the boilerplates in util/, tools/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7766)

5 years agoFollowing the license change, modify the boilerplates in apps/
Richard Levitte [Thu, 6 Dec 2018 12:00:26 +0000 (13:00 +0100)]
Following the license change, modify the boilerplates in apps/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7765)

5 years agoChange license to the Apache License v2.0
Richard Levitte [Thu, 6 Dec 2018 11:52:18 +0000 (12:52 +0100)]
Change license to the Apache License v2.0

This applies to the 'master' git branch and OpenSSL version 3.0.0 and
up.  Pre-3.0.0 versions retain the previous license.

The boilerplate will change in increments after this change.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7764)

5 years agoLicense: change any non-boilerplate comment referring to "OpenSSL license"
Richard Levitte [Thu, 6 Dec 2018 11:50:26 +0000 (12:50 +0100)]
License: change any non-boilerplate comment referring to "OpenSSL license"

Make it just say "the License", which refers back to the standard
boilerplate.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7764)

5 years agoRefactor the computation of API version limits
Richard Levitte [Thu, 29 Nov 2018 23:05:03 +0000 (23:05 +0000)]
Refactor the computation of API version limits

Previously, the API version limit was indicated with a numeric version
number.  This was "natural" in the pre-3.0.0 because the version was
this simple number.

With 3.0.0, the version is divided into three separate numbers, and
it's only the major number that counts, but we still need to be able
to support pre-3.0.0 version limits.

Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0
style numeric version number or with a simple major number, i.e. can
be defined like this for any application:

    -D OPENSSL_API_COMPAT=0x10100000L
    -D OPENSSL_API_COMPAT=3

Since the pre-3.0.0 numerical version numbers are high, it's easy to
distinguish between a simple major number and a pre-3.0.0 numerical
version number and to thereby support both forms at the same time.

Internally, we define the following macros depending on the value of
OPENSSL_API_COMPAT:

    OPENSSL_API_0_9_8
    OPENSSL_API_1_0_0
    OPENSSL_API_1_1_0
    OPENSSL_API_3

They indicate that functions marked for deprecation in the
corresponding major release shall not be built if defined.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

5 years agoutil/find-doc-nits: allow #undef
Richard Levitte [Thu, 29 Nov 2018 11:03:03 +0000 (11:03 +0000)]
util/find-doc-nits: allow #undef

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

5 years agoinclude/openssl/opensslconf.h.in: allow future deprecation for v4.0
Richard Levitte [Thu, 27 Sep 2018 14:15:54 +0000 (16:15 +0200)]
include/openssl/opensslconf.h.in: allow future deprecation for v4.0

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

5 years agoConfigure: allow building without things deprecated up to and including v3.0
Richard Levitte [Thu, 27 Sep 2018 14:14:45 +0000 (16:14 +0200)]
Configure: allow building without things deprecated up to and including v3.0

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

5 years agoSwitch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
Richard Levitte [Thu, 27 Sep 2018 13:56:35 +0000 (15:56 +0200)]
Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev

We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.

The most central change is that we now express the version number with
three macros, one for each part of the version number:

    OPENSSL_VERSION_MAJOR
    OPENSSL_VERSION_MINOR
    OPENSSL_VERSION_PATCH

We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):

    OPENSSL_VERSION_PRE_RELEASE
    OPENSSL_VERSION_BUILD_METADATA

To get the library's idea of all those values, we introduce the
following functions:

    unsigned int OPENSSL_version_major(void);
    unsigned int OPENSSL_version_minor(void);
    unsigned int OPENSSL_version_patch(void);
    const char *OPENSSL_version_pre_release(void);
    const char *OPENSSL_version_build_metadata(void);

Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):

    OPENSSL_SHLIB_VERSION

We also provide a macro that contains the release date.  This is not
part of the version number, but is extra information that we want to
be able to display:

    OPENSSL_RELEASE_DATE

Finally, also provide the following convenience functions:

    const char *OPENSSL_version_text(void);
    const char *OPENSSL_version_text_full(void);

The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:

    OPENSSL_VERSION_NUMBER
    OPENSSL_VERSION_TEXT
    OPENSSL_VERSION
    OpenSSL_version_num()
    OpenSSL_version()

Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:

    OPENSSL_info()

For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

5 years agoSwitch future deprecation version from 1.2.0 to 3.0
Richard Levitte [Thu, 27 Sep 2018 13:40:03 +0000 (15:40 +0200)]
Switch future deprecation version from 1.2.0 to 3.0

This is in preparation for a switch to MAJOR.MINOR.PATCH versioning
and calling the next major version 3.0.0.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

5 years agoutil/mkdef.pl: prepare for DEPRECATEDIN_X
Richard Levitte [Thu, 27 Sep 2018 13:29:29 +0000 (15:29 +0200)]
util/mkdef.pl: prepare for DEPRECATEDIN_X

This is in preparation for new versioning scheme, where the
recommendation is to start deprecations at major version boundary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

5 years agoFix some SSL_export_keying_material() issues
Matt Caswell [Tue, 4 Dec 2018 08:37:04 +0000 (08:37 +0000)]
Fix some SSL_export_keying_material() issues

Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label length
in TLSv1.3.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)

5 years agoRevert "Reduce stack usage in tls13_hkdf_expand"
Matt Caswell [Mon, 3 Dec 2018 18:14:57 +0000 (18:14 +0000)]
Revert "Reduce stack usage in tls13_hkdf_expand"

This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.

SSL_export_keying_material() may use longer label lengths.

Fixes #7712

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)

5 years agobn/bn_{div|shift}.c: introduce fixed-top interfaces.
Andy Polyakov [Fri, 23 Nov 2018 16:23:31 +0000 (17:23 +0100)]
bn/bn_{div|shift}.c: introduce fixed-top interfaces.

Fixed-top interfaces tolerate zero-padded inputs and facilitate
constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend,
but not divisor. It's argued that divisor's length is public even
when value is secret.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

5 years agobn/bn_div.c: make conditional addition unconditional
Andy Polyakov [Wed, 7 Nov 2018 21:18:33 +0000 (22:18 +0100)]
bn/bn_div.c: make conditional addition unconditional

and add template for constant-time bn_div_3_words.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

5 years agoConfigure: recognize div3w modules and add -DBN_DIV3W.
Andy Polyakov [Mon, 12 Nov 2018 14:13:48 +0000 (15:13 +0100)]
Configure: recognize div3w modules and add -DBN_DIV3W.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

5 years agoConfigurations/10-main.conf: remove MIPS bn_div_3_words.
Andy Polyakov [Mon, 12 Nov 2018 14:03:39 +0000 (15:03 +0100)]
Configurations/10-main.conf: remove MIPS bn_div_3_words.

It's being replaced with constant-time alternative.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

5 years agoIgnore an auto-generated documentation file
Matt Caswell [Mon, 3 Dec 2018 14:37:07 +0000 (14:37 +0000)]
Ignore an auto-generated documentation file

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7746)

5 years agoAdd an Ed25519 signature maleability test
Matt Caswell [Fri, 23 Nov 2018 14:24:17 +0000 (14:24 +0000)]
Add an Ed25519 signature maleability test

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7697)

5 years agoDisallow Ed25519 signature maleability
Matt Caswell [Fri, 23 Nov 2018 13:50:43 +0000 (13:50 +0000)]
Disallow Ed25519 signature maleability

Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.1.7

Fixes #7693

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7697)

5 years agoDocs: better deprecation text
Richard Levitte [Mon, 3 Dec 2018 09:59:11 +0000 (10:59 +0100)]
Docs: better deprecation text

Expand the text on deprecation to be more descriptive and to refer
back to openssl_user_macros(7).

Incidently, this required a small change in util/find-doc-nits, to
have it skip over any line that isn't part of a block (i.e. that
hasn't been indented with at least one space.  That makes it skip over
deprecation text.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7745)

5 years agoDocs fixup: some man3 pages had unindented code in SYNOPSIS
Richard Levitte [Mon, 3 Dec 2018 09:57:01 +0000 (10:57 +0100)]
Docs fixup: some man3 pages had unindented code in SYNOPSIS

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7744)

5 years agoutil/process_docs.pl: handle multiple source directories for .pod files
Richard Levitte [Sun, 2 Dec 2018 19:39:46 +0000 (20:39 +0100)]
util/process_docs.pl: handle multiple source directories for .pod files

From now on, the default is to look in both the source directory and
the build directory.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)

5 years agoDoc: add doc/man7/openssl_user_macros.pod.in
Richard Levitte [Sun, 2 Dec 2018 19:37:30 +0000 (20:37 +0100)]
Doc: add doc/man7/openssl_user_macros.pod.in

This manual is a start to describe macros that users can use to affect
what symbols are exported by the public header files.

Because the macro OPENSSL_API_COMPAT has a default that's affected by
configuration choices, we must make it a generated manual.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)

5 years agoFix usage of deprecated SSL_set_tmp_ecdh()
Antoine Salon [Sat, 1 Dec 2018 00:50:29 +0000 (16:50 -0800)]
Fix usage of deprecated SSL_set_tmp_ecdh()

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7738)

5 years agorsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.
Andy Polyakov [Fri, 14 Sep 2018 15:24:13 +0000 (17:24 +0200)]
rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.

Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
if nul delimiter is preceded by 8 consecutive 0x03 bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
5 years agorsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.
Andy Polyakov [Thu, 6 Sep 2018 19:54:23 +0000 (21:54 +0200)]
rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.

And make RSAErr call unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
5 years agorsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.
Andy Polyakov [Sat, 1 Sep 2018 10:00:33 +0000 (12:00 +0200)]
rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.

And make RSAErr call unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
5 years agorsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.
Andy Polyakov [Fri, 14 Sep 2018 10:17:43 +0000 (12:17 +0200)]
rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
5 years agoerr/err.c: add err_clear_last_constant_time.
Andy Polyakov [Sat, 1 Sep 2018 10:19:30 +0000 (12:19 +0200)]
err/err.c: add err_clear_last_constant_time.

Expected usage pattern is to unconditionally set error and then
wipe it if there was no actual error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
6 years agoDon't test the collected system errors when configured to not have them
Richard Levitte [Tue, 27 Nov 2018 07:51:44 +0000 (07:51 +0000)]
Don't test the collected system errors when configured to not have them

Config options 'no-err' and 'no-autoerrinit'

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7711)

6 years agoFix access zero memory if SSL_DEBUG is enabled
Paul Yang [Mon, 26 Nov 2018 08:57:55 +0000 (16:57 +0800)]
Fix access zero memory if SSL_DEBUG is enabled

If compile OpenSSL with SSL_DEBUG macro, some test cases will cause the
process crashed in the debug code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7707)

6 years agoVMS build: don't forget the generation marker when removing files
Richard Levitte [Sat, 24 Nov 2018 23:56:54 +0000 (00:56 +0100)]
VMS build: don't forget the generation marker when removing files

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7703)

6 years agoVMS build: in descrip.mms.tmpl's src2obj, do .S -> .asm too
Richard Levitte [Sat, 24 Nov 2018 23:52:24 +0000 (00:52 +0100)]
VMS build: in descrip.mms.tmpl's src2obj, do .S -> .asm too

We only convert lowercase .s to .asm, that turned out not to be sufficient.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7703)

6 years agoClean up BN_consttime_swap.
Billy Brumley [Mon, 12 Nov 2018 13:47:54 +0000 (15:47 +0200)]
Clean up BN_consttime_swap.

Updated "condition" logic lifted from Theo Buehler's LibreSSL commit https://github.com/libressl-portable/openbsd/commit/517358603b4be76d48a50007a0d414c2072697dd

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7619)

6 years agoAvoid test_errstr in a cross compiled configuration
Richard Levitte [Fri, 23 Nov 2018 17:53:32 +0000 (18:53 +0100)]
Avoid test_errstr in a cross compiled configuration

There's too high a chance that the openssl app and perl get different
messages for some error numbers.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7699)

6 years agoHave util/mktar.sh display the absolute path to the tarball
Richard Levitte [Sat, 24 Nov 2018 16:51:24 +0000 (17:51 +0100)]
Have util/mktar.sh display the absolute path to the tarball

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

6 years agoMake sure to run util/mktar.sh from the source directory
Richard Levitte [Sat, 24 Nov 2018 10:27:50 +0000 (11:27 +0100)]
Make sure to run util/mktar.sh from the source directory

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

6 years agoDon't export the submodules 'boringssl', 'krb5' and 'pyca-cryptography'
Richard Levitte [Fri, 23 Nov 2018 23:59:33 +0000 (00:59 +0100)]
Don't export the submodules 'boringssl', 'krb5' and 'pyca-cryptography'

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

6 years agoDon't export util/mktar.sh
Richard Levitte [Fri, 23 Nov 2018 13:43:16 +0000 (14:43 +0100)]
Don't export util/mktar.sh

When creating a tarball, it's pointless to include scripts that assume
a git workspace.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

6 years agoDocument the removed 'dist' target
Richard Levitte [Fri, 23 Nov 2018 13:40:39 +0000 (14:40 +0100)]
Document the removed 'dist' target

Also adds missing copyright boilerplate to util/mktar.sh

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)

6 years agoVMS build: typo in build file template, generatesrc
Richard Levitte [Sat, 24 Nov 2018 16:39:56 +0000 (17:39 +0100)]
VMS build: typo in build file template, generatesrc

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7700)

6 years agoVMS config: Typo fix, as -> AS
Richard Levitte [Sat, 24 Nov 2018 10:37:10 +0000 (11:37 +0100)]
VMS config: Typo fix, as -> AS

This typo prevented ia64 assembler to be compiled on VMS

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7700)

6 years agoVMS: fix collected error strings
Richard Levitte [Sat, 24 Nov 2018 12:08:56 +0000 (13:08 +0100)]
VMS: fix collected error strings

It turns out that on VMS, strerror() returns messages with added
spaces at the end.

We wouldn't had noticed if it wasn't for perl trimming those spaces
off for its own sake and thereby having test/recipes/02-test_errstr.t
fail on VMS.

The safe fix is to do the same trimming ourselves.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7701)

6 years agoRemove all 'make dist' artifacts
Richard Levitte [Thu, 22 Nov 2018 20:29:02 +0000 (21:29 +0100)]
Remove all 'make dist' artifacts

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7692)

6 years agoChange tarball making procedure
Richard Levitte [Thu, 22 Nov 2018 20:17:47 +0000 (21:17 +0100)]
Change tarball making procedure

Since recently, OpenSSL tarballs are produced with 'make tar' rather
than 'make dist', as the latter has turned out to be more troublesome
than useful.

The next step to look at is why we would need to configure at all to
produce a Makefile just to produce a tarball.  After all, the tarball
should now only contain source files that are present even without
configuring.

Furthermore, the current method for producing tarballs is a bit
complex, and can be greatly simplified with the right tools.  Since we
have everything versioned with git, we might as well use the tool that
comes with it.

Added: util/mktar.sh, a simple script to produce OpenSSL tarballs.  It
takes the options --name to modify the prefix of the distribution, and
--tarfile tp modify the tarball file name specifically.

This also adds a few entries in .gitattributes to specify files that
should never end up in a distribution tarball.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7692)

6 years agoAdd an error message test recipes for system error messages
Richard Levitte [Thu, 22 Nov 2018 09:52:51 +0000 (10:52 +0100)]
Add an error message test recipes for system error messages

This ensures we collected them properly and and as completely as can
be tested safely.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7681)

6 years agoSmarter build of system error text database
Richard Levitte [Wed, 21 Nov 2018 17:25:53 +0000 (18:25 +0100)]
Smarter build of system error text database

We stored copies of the system error texts in a fixed line size array,
which is a huge waste.  Instead, use a static memory pool and pack all
the string in there.  The wasted space at the end, if any, gives us
some leeway for longer strings than we have measured so far.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7681)

6 years agoopenssl s_server: don't use sendto() with connected UDP socket
Matthew Hodgson [Wed, 21 Nov 2018 02:00:52 +0000 (02:00 +0000)]
openssl s_server: don't use sendto() with connected UDP socket

Fixes #7675

On macOS, if you call `connect()` on a UDP socket you cannot then
call `sendto()` with a destination, otherwise it fails with Err#56
('socket is already connected').

By calling `BIO_ctrl_set_connected()` on the wbio we can tell it
that the socket has been connected and make it call `send()` rather
than `sendto()`.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7676)

6 years agorsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.
Andy Polyakov [Wed, 7 Nov 2018 21:07:22 +0000 (22:07 +0100)]
rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.

Blinding is performed more efficiently and securely if MONT_CTX for public
modulus is available by the time blinding parameter are instantiated. So
make sure it's the case.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7586)

6 years agoTravis CI: Use flake8 to find Python syntax errors or undefined names
cclauss [Tue, 16 Oct 2018 05:18:00 +0000 (07:18 +0200)]
Travis CI: Use flake8 to find Python syntax errors or undefined names

CLA: trivial

In Travis CI, add a Python linting step that runs flake8 tests in Travis CI
to find syntax errors and undefined names. (http://flake8.pycqa.org)

__E901,E999,F821,F822,F823__ are the "_showstopper_" flake8 issues that can halt
the runtime with a SyntaxError, NameError, etc. Most other flake8 issues are
merely "style violations" -- useful for readability but they do not effect
runtime safety.

* F821: undefined name `name`
* F822: undefined name `name` in `__all__`
* F823: local variable name referenced before assignment
* E901: SyntaxError or IndentationError
* E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7410)

6 years agoUpdate copyright year
Matt Caswell [Tue, 20 Nov 2018 13:13:00 +0000 (13:13 +0000)]
Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7668)

6 years agoUpdate CHANGES and NEWS for new release
Matt Caswell [Tue, 20 Nov 2018 10:52:53 +0000 (10:52 +0000)]
Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7663)

6 years agoUnix build: for mingw and cygwin, create the right location for DLLs
Richard Levitte [Mon, 19 Nov 2018 09:21:49 +0000 (10:21 +0100)]
Unix build: for mingw and cygwin, create the right location for DLLs

Mingw and Cygwin builds install the DLLs in the application directory,
not the library directory, so ensure that one is created for them when
installing the DLLs.

Fixes #7653

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7654)

6 years agoAdd documentation for -pkeyopt_passin
Johannes Bauer [Tue, 20 Mar 2018 19:06:13 +0000 (20:06 +0100)]
Add documentation for -pkeyopt_passin

Add documentation to new parameter and two examples showcasing scrypt
KDF.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5697)

6 years agoAdd option to read pkeyopts interactively
Johannes Bauer [Tue, 1 Aug 2017 17:38:32 +0000 (19:38 +0200)]
Add option to read pkeyopts interactively

This patch adds the ability to interactively enter passphrases for
the pkeyutl application. For example, you could use

$ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5
  -pkeyopt_passin secret -pkeyopt_passin seed

To have the "secret" and "seed" values read interactively from keyboard
(with hidden input). Alternatively, the pass phrase argument syntax is
also supported, e.g.:

$ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5
  -pkeyopt_passin secret:stdin -pkeyopt_passin seed:env:SEEDVAR

To have "secret" read from stdin and "seed" from the environment
variable SEEDVAR.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5697)

6 years agosha/asm/sha512p8-ppc.pl: optimize epilogue.
Andy Polyakov [Thu, 15 Nov 2018 14:47:46 +0000 (15:47 +0100)]
sha/asm/sha512p8-ppc.pl: optimize epilogue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7643)

6 years agosha/asm/sha512p8-ppc.pl: fix typo in prologue.
Andy Polyakov [Thu, 15 Nov 2018 14:42:02 +0000 (15:42 +0100)]
sha/asm/sha512p8-ppc.pl: fix typo in prologue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7643)

6 years agoConfiguration: only include shared_sources in dirinfo in shared config
Richard Levitte [Thu, 15 Nov 2018 20:37:55 +0000 (21:37 +0100)]
Configuration: only include shared_sources in dirinfo in shared config

Without this precaution, we end up having directory targets depend on
shlib object files for which there are no rules.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7644)

6 years agotest/siphash_internal_test.c: ensure the SIPHASH structure is zeroed
Richard Levitte [Thu, 15 Nov 2018 12:45:31 +0000 (13:45 +0100)]
test/siphash_internal_test.c: ensure the SIPHASH structure is zeroed

Fixes #7641

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7642)

6 years agoAdd a missing SSLfatal call
Matt Caswell [Thu, 8 Nov 2018 14:03:17 +0000 (14:03 +0000)]
Add a missing SSLfatal call

A missing SSLfatal call can result in an assertion failed error if the
condition gets triggered.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7594)

6 years agoDeprecate SSL_set_tmp_ecdh
Antoine Salon [Tue, 6 Nov 2018 21:26:49 +0000 (13:26 -0800)]
Deprecate SSL_set_tmp_ecdh

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

6 years agoMaking SRP_user_pwd functions public
Antoine Salon [Thu, 1 Nov 2018 22:41:16 +0000 (15:41 -0700)]
Making SRP_user_pwd functions public

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

6 years agoAdded SRP_VBASE_add0_user()
Antoine Salon [Thu, 1 Nov 2018 18:56:55 +0000 (11:56 -0700)]
Added SRP_VBASE_add0_user()

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

6 years agoSRP module documentation
Antoine Salon [Thu, 25 Oct 2018 22:43:35 +0000 (15:43 -0700)]
SRP module documentation

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

6 years agoAdd SSL_CTX_set_tmp_ecdh.pod
Antoine Salon [Tue, 16 Oct 2018 23:40:01 +0000 (16:40 -0700)]
Add SSL_CTX_set_tmp_ecdh.pod

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

6 years agoSSL extra chain certificates doc
Antoine Salon [Tue, 16 Oct 2018 16:07:00 +0000 (09:07 -0700)]
SSL extra chain certificates doc

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

6 years agoFix no-ec and no-tls1_2
Matt Caswell [Mon, 12 Nov 2018 14:23:07 +0000 (14:23 +0000)]
Fix no-ec and no-tls1_2

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7620)

6 years agoFix typo in util/perl/OpenSSL/Test.pm
Richard Levitte [Tue, 13 Nov 2018 16:57:45 +0000 (17:57 +0100)]
Fix typo in util/perl/OpenSSL/Test.pm

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7633)

6 years agotest/recipes/90-test_shlibload.t needs $target{shared_extension}
Richard Levitte [Tue, 13 Nov 2018 17:28:41 +0000 (18:28 +0100)]
test/recipes/90-test_shlibload.t needs $target{shared_extension}

We therefore must add defaults.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)

6 years agoFix rpath-related Linux "test_shlibload" failure.
Richard Levitte [Mon, 12 Nov 2018 23:16:55 +0000 (00:16 +0100)]
Fix rpath-related Linux "test_shlibload" failure.

When libssl and libcrypto are compiled on Linux with "-rpath", but
not "--enable-new-dtags", the RPATH takes precedence over
LD_LIBRARY_PATH, and we end up running with the wrong libraries.
This is resolved by using full (or at least relative, rather than
just the filename to be found on LD_LIBRARY_PATH) paths to the
shared objects.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)

6 years agoKMAC implementation using EVP_MAC
Shane Lontis [Fri, 9 Nov 2018 04:00:05 +0000 (14:00 +1000)]
KMAC implementation using EVP_MAC

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7597)

6 years agoRemove markdown links from HTML comments in issue templates
Richard Levitte [Tue, 13 Nov 2018 16:01:41 +0000 (17:01 +0100)]
Remove markdown links from HTML comments in issue templates

HTML comments aren't rendered, so markdown link syntax is irrelevant
inside them, and more confusing than useful.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7632)

6 years agoAdd issue templates and a user support page
Richard Levitte [Mon, 12 Nov 2018 13:17:24 +0000 (14:17 +0100)]
Add issue templates and a user support page

This will hopefully help directing our users to better user support
resources as well as give some relevant advice in issue templates.

https://help.github.com/articles/setting-up-your-project-for-healthy-contributions/

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7623)

6 years agoAdded missing signature algorithm reflection functions
Viktor Dukhovni [Sat, 10 Nov 2018 06:53:56 +0000 (01:53 -0500)]
Added missing signature algorithm reflection functions

    SSL_get_signature_nid()      -- local signature algorithm
    SSL_get_signature_type_nid() -- local signature algorithm key type
    SSL_get_peer_tmp_key()       -- Peer key-exchange public key
    SSL_get_tmp_key              -- local key exchange public key

Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key().  Changed internal
calls to use the new name.

Reviewed-by: Matt Caswell <matt@openssl.org>
6 years agoMerge the CA list documentation for clarity
Matt Caswell [Thu, 1 Nov 2018 11:53:49 +0000 (11:53 +0000)]
Merge the CA list documentation for clarity

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)