oweals/openssl.git
6 years agoVarious small build improvements on mkdef.pl, progs.pl, crypto/init.c, crypto/mem.c
David von Oheimb [Mon, 8 Jan 2018 13:13:51 +0000 (14:13 +0100)]
Various small build improvements on mkdef.pl, progs.pl, crypto/init.c, crypto/mem.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4994)

6 years agoDocument SSL_OP_NO_RENEGOTIATION as new in 1.1.1
Christian Heimes [Mon, 11 Dec 2017 06:00:29 +0000 (07:00 +0100)]
Document SSL_OP_NO_RENEGOTIATION as new in 1.1.1

Closes: https://github.com/openssl/openssl/issues/4897
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4898)

6 years agoAvoid only exact duplicates when creating the accepted CA names list
Tomas Mraz [Mon, 11 Dec 2017 12:09:13 +0000 (13:09 +0100)]
Avoid only exact duplicates when creating the accepted CA names list

This avoids situations where third party client is unable to recognize
that the client certificate was issued by the same CA with name differring
only by case or insignificant characters.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4731)

6 years agoDocument OPENSSL_ENGINES environment variable
Patrick Steuer [Mon, 8 Jan 2018 18:42:32 +0000 (13:42 -0500)]
Document OPENSSL_ENGINES environment variable

In man1/engine.pod and man3/ENGINE_add.pod

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4956)

6 years agocrypto/engine/eng_list.c: compare getenv rv to NULL instead of 0
Patrick Steuer [Mon, 18 Dec 2017 21:47:01 +0000 (22:47 +0100)]
crypto/engine/eng_list.c: compare getenv rv to NULL instead of 0

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4958)

6 years agoClarify error for unrecognized arguments.
Jacob Hoffman-Andrews [Sat, 23 Dec 2017 00:18:22 +0000 (16:18 -0800)]
Clarify error for unrecognized arguments.

Many of the sub-commands under apps/ accept cipher or digest arguments like
"-sha256". These are implemented using a catchall flag that runs the result
through opt_md() or opt_cipher(). That means any unrecognized flag, including
typos, gets sent to those two functions, producing confusing error messages like
below:

    $ ./apps/openssl req -x590
    req: Unrecognized digest x590
    req: Use -help for summary.

This change switches these two functions to say "Unrecognized flag X" instead.
The new message deliberately leaves off the "-" from the flag name, because
there are some cases where opt_md() and opt_cipher() are passed a flag value
instead (for instance, openssl ca -md). I think the new message is generic
enough that it can serve both cases with improved clarity.

CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4972)

6 years agofix compile error 'intrinsic function not declared'
EasySec [Sat, 30 Dec 2017 17:48:23 +0000 (18:48 +0100)]
fix compile error 'intrinsic function not declared'

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5000)

6 years agoFix spelling: adroideabi -> androideabi
pass86 [Sun, 7 Jan 2018 13:57:25 +0000 (21:57 +0800)]
Fix spelling: adroideabi -> androideabi

CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5029)

6 years agoUse the index that matches the key type (either SSL_PKEY_RSA_PSS_SIGN or SSL_PKEY_RSA).
Noah Robbin [Wed, 29 Nov 2017 21:58:25 +0000 (16:58 -0500)]
Use the index that matches the key type (either SSL_PKEY_RSA_PSS_SIGN or SSL_PKEY_RSA).

Extract the RSA key using EVP_PKEY_get0.  Type is checked externally to be either EVP_PKEY_RSA_PSS or EVP_PKEY_RSA.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4389)

6 years agoUse size of server key when selecting signature algorithm.
Noah Robbin [Tue, 19 Sep 2017 16:15:42 +0000 (12:15 -0400)]
Use size of server key when selecting signature algorithm.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4389)

6 years agoNUMERICSTRING support
Dmitry Belyavskiy [Mon, 8 Jan 2018 12:32:47 +0000 (15:32 +0300)]
NUMERICSTRING support

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5036)

6 years agoAdd util/openssl-update-copyright shell script
Dr. Matthias St. Pierre [Sun, 7 Jan 2018 01:29:01 +0000 (02:29 +0100)]
Add util/openssl-update-copyright shell script

usage: openssl-update-copyright [-h|--help] [file|directory] ...

Updates the year ranges of all OpenSSL copyright statements in the given
files or directories. (Directories are traversed recursively.)

Only copyright statements containing the string 'The OpenSSL Project' are
affected. The copyright time range is adjusted to include the current year.
If only a single year was specified, it is replaced by a time range starting
at that year and ending at the current year. All '(c)' and '(C)' signs are
preserved.

Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5027)

6 years agoSeparate general linking flags from extra libraries
Richard Levitte [Mon, 8 Jan 2018 11:28:08 +0000 (12:28 +0100)]
Separate general linking flags from extra libraries

So far, we've placed all extra library related flags together, ending
up in the make variable EX_LIBS.  This turns out to be problematic, as
for example, some compilers don't quite agree with something like
this:

    cc -o foo foo.o -L/whatever -lsomething

They prefer this:

    cc -L/whatever -o foo foo.o -lsomething

IBM's compiler on OS/390 is such a compiler that we know of, and we
have previously handled that as a previous case.

The answer here is to make a more general solution, where linking
options are divided in two parts, where one ends up in LDFLAGS and
the other in EX_LIBS (they corresponds to what is called LDFLAGS and
LDLIBS in the GNU world)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5033)

6 years agoClean up uClinux targets
Richard Levitte [Mon, 8 Jan 2018 11:40:06 +0000 (12:40 +0100)]
Clean up uClinux targets

The uClinux targets included some attributes that would result in
circular references of CFLAGS and LDCLAGS.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5034)

6 years agoFix IPv6 define
Rich Salz [Sun, 7 Jan 2018 20:58:52 +0000 (15:58 -0500)]
Fix IPv6 define

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5030)

6 years agoCHANGES: Document the removal of OS390-Unix
Richard Levitte [Sun, 7 Jan 2018 21:36:12 +0000 (22:36 +0100)]
CHANGES: Document the removal of OS390-Unix

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5031)

6 years agos390x assembly pack: add KMA code path for aes-gcm.
Patrick Steuer [Mon, 2 Oct 2017 13:53:00 +0000 (15:53 +0200)]
s390x assembly pack: add KMA code path for aes-gcm.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4634)

6 years agocrypto/aes/asm/aes-s390x.pl: replace decrypt flag by macro.
Patrick Steuer [Tue, 24 Oct 2017 11:29:40 +0000 (13:29 +0200)]
crypto/aes/asm/aes-s390x.pl: replace decrypt flag by macro.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4634)

6 years agos390x assembly pack: add KMA code path for aes-ctr.
Patrick Steuer [Tue, 14 Feb 2017 01:07:37 +0000 (02:07 +0100)]
s390x assembly pack: add KMA code path for aes-ctr.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4634)

6 years agoec/curve25519.c: avoid 2^51 radix on SPARC.
Andy Polyakov [Sun, 31 Dec 2017 12:23:08 +0000 (13:23 +0100)]
ec/curve25519.c: avoid 2^51 radix on SPARC.

SPARC ISA doesn't have provisions to back up 128-bit multiplications
and additions. And so multiplications are done with library calls
and carries with comparisons and conditional moves. As result base
2^51 code is >40% slower...

Reviewed-by: Tim Hudson <tjh@openssl.org>
6 years agoec/ecp_nistz256.c: switch to faster addition chain in scalar inversion.
Andy Polyakov [Sat, 30 Dec 2017 19:15:44 +0000 (20:15 +0100)]
ec/ecp_nistz256.c: switch to faster addition chain in scalar inversion.

[and improve formatting]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5001)

6 years agoec/asm/ecp_nistz256-armv8.pl: add optimized inversion.
Andy Polyakov [Sat, 30 Dec 2017 14:11:25 +0000 (15:11 +0100)]
ec/asm/ecp_nistz256-armv8.pl: add optimized inversion.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5001)

6 years agoec/asm/ecp_nistz256-x86_64.pl: add .cfi and SEH handlers to new functions.
Andy Polyakov [Sat, 30 Dec 2017 14:51:55 +0000 (15:51 +0100)]
ec/asm/ecp_nistz256-x86_64.pl: add .cfi and SEH handlers to new functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5001)

6 years agoec/ecp_nistz256.c: improve ECDSA sign by 30-40%.
Andy Polyakov [Sat, 30 Dec 2017 14:08:31 +0000 (15:08 +0100)]
ec/ecp_nistz256.c: improve ECDSA sign by 30-40%.

This is based on RT#3810, which added dedicated modular inversion.
ECDSA verify results improves as well, but not as much.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5001)

6 years agoRemove remaining NETWARE ifdef's
Rich Salz [Sat, 6 Jan 2018 16:49:53 +0000 (11:49 -0500)]
Remove remaining NETWARE ifdef's

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5028)

6 years agoAdd fingerprint text, remove MD5
Rich Salz [Sat, 4 Nov 2017 14:40:49 +0000 (10:40 -0400)]
Add fingerprint text, remove MD5

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4906)

6 years agoAdd the possibility to do 'openssl help [command]'
Richard Levitte [Sun, 31 Dec 2017 07:44:26 +0000 (08:44 +0100)]
Add the possibility to do 'openssl help [command]'

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5002)

6 years agoapps: make sure prog_init only calculates once
Richard Levitte [Sun, 31 Dec 2017 07:44:12 +0000 (08:44 +0100)]
apps: make sure prog_init only calculates once

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5002)

6 years agoCorrected 'cms' exit status when key or certificate cannot be opened
Konstantin Shemyak [Thu, 28 Dec 2017 21:12:59 +0000 (23:12 +0200)]
Corrected 'cms' exit status when key or certificate cannot be opened

Fixes #4996.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4997)

6 years agoFix error handling in X509_REQ_print_ex
Bernd Edlinger [Sat, 6 Jan 2018 14:21:46 +0000 (15:21 +0100)]
Fix error handling in X509_REQ_print_ex

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5025)

6 years agoStop using unimplemented cipher classes.
Bernd Edlinger [Fri, 5 Jan 2018 17:50:09 +0000 (18:50 +0100)]
Stop using unimplemented cipher classes.
Add comments to no longer usable ciphers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5023)

6 years agoAdd x509(1) reference
Viktor Dukhovni [Wed, 13 Dec 2017 15:55:38 +0000 (10:55 -0500)]
Add x509(1) reference

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
6 years agoRemove old config that used non-exist util script
Rich Salz [Thu, 4 Jan 2018 18:02:37 +0000 (13:02 -0500)]
Remove old config that used non-exist util script

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5016)

6 years agoRewrite RT3513.
Rich Salz [Wed, 3 Jan 2018 18:12:20 +0000 (13:12 -0500)]
Rewrite RT3513.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5011)

6 years agoImprove readability of evp.pod
Dr. Matthias St. Pierre [Wed, 3 Jan 2018 21:14:02 +0000 (22:14 +0100)]
Improve readability of evp.pod

The changes are analogous to the ones made in commit 0bf340e1350e
to x509.pod, see PR #4924.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5012)

6 years agocrypto/rand: restore the generic DRBG implementation
Dr. Matthias St. Pierre [Thu, 28 Dec 2017 20:42:14 +0000 (21:42 +0100)]
crypto/rand: restore the generic DRBG implementation

The DRGB concept described in NIST SP 800-90A provides for having different
algorithms to generate random output. In fact, the FIPS object module used to
implement three of them, CTR DRBG, HASH DRBG and HMAC DRBG.

When the FIPS code was ported to master in #4019, two of the three algorithms
were dropped, and together with those the entire code that made RAND_DRBG
generic was removed, since only one concrete implementation was left.

This commit restores the original generic implementation of the DRBG, making it
possible again to add additional implementations using different algorithms
(like RAND_DRBG_CHACHA20) in the future.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4998)

6 years agocrypto/rand: rename drbg_rand.c to drbg_ctr.c
Dr. Matthias St. Pierre [Thu, 28 Dec 2017 01:18:21 +0000 (02:18 +0100)]
crypto/rand: rename drbg_rand.c to drbg_ctr.c

The generic part of the FIPS DRBG was implemented in fips_drbg_lib.c and the
algorithm specific parts in fips_drbg_<alg>.c for <alg> in {ctr, hash, hmac}.
Additionally, there was the module fips_drbg_rand.c which contained 'gluing'
code between the RAND_METHOD api and the FIPS DRBG.

When the FIPS code was ported to master in #4019, for some reason the ctr-drbg
implementation from fips_drbg_ctr.c ended up in drbg_rand.c instead of drbg_ctr.c.

This commit renames the module drbg_rand.c back to drbg_ctr.c, thereby restoring
a simple relationship between the original fips modules and the drbg modules
in master:

 fips_drbg_lib.c    =>  drbg_lib.c    /* generic part of implementation */
 fips_drbg_<alg>.c  =>  drbg_<alg>.c  /* algorithm specific implementations */

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4998)

6 years agoTest that supported_groups is permitted in ServerHello
Benjamin Kaduk [Wed, 4 Oct 2017 17:09:16 +0000 (12:09 -0500)]
Test that supported_groups is permitted in ServerHello

Add a regression test for the functionality enabled in the
previous commit.

[extended tests]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4463)

6 years agoPermit the "supported_groups" extension in ServerHellos
Benjamin Kaduk [Wed, 4 Oct 2017 16:02:23 +0000 (11:02 -0500)]
Permit the "supported_groups" extension in ServerHellos

Although this is forbidden by all three(!) relevant specifications,
there seem to be multiple server implementations in the wild that
send it.  Since we didn't check for unexpected extensions in any
given message type until TLS 1.3 support was added, our previous
behavior was to silently accept these extensions and pass them over
to the custom extension callback (if any).  In order to avoid
regression of functionality, relax the check for "extension in
unexpected context" for this specific case, but leave the protocol
enforcment mechanism unchanged for other extensions and in other
extension contexts.

Leave a detailed comment to indicate what is going on.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4463)

6 years agoFix trace of TLSv1.3 Certificate Request message
Matt Caswell [Tue, 2 Jan 2018 15:51:23 +0000 (15:51 +0000)]
Fix trace of TLSv1.3 Certificate Request message

A TLSv1.3 Certificate Request message was issuing a "Message length parse
error" using the -trace option to s_server/s_client.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5008)

6 years agoFix minor 'the the' typos
Daniel Bevenius [Fri, 29 Dec 2017 06:07:15 +0000 (07:07 +0100)]
Fix minor 'the the' typos

Similar to commit 17b602802114d53017ff7894319498934a580b17(
"Remove extra `the` in SSL_SESSION_set1_id.pod"), this commit removes
typos where additional 'the' have been added.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4999)

6 years agoIgnore ORDINALS in build.info files, and remove its documentation
Richard Levitte [Thu, 28 Dec 2017 15:03:17 +0000 (16:03 +0100)]
Ignore ORDINALS in build.info files, and remove its documentation

Following the changes that removed Makefile.shared, we also changed
the generation of .def / .map / .opt files from ordinals more
explicit, removing the need to the "magic" ORDINALS declaration.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4993)

6 years agoec/curve25519.c: "double" ecdhx25519 performance on 64-bit platforms.
Andy Polyakov [Wed, 27 Dec 2017 10:55:34 +0000 (11:55 +0100)]
ec/curve25519.c: "double" ecdhx25519 performance on 64-bit platforms.

"Double" is in quotes because improvement coefficient varies
significantly depending on platform and compiler. You're likely
to measure ~2x improvement on popular desktop and server processors,
but not so much on mobile ones, even minor regression on ARM
Cortex series. Latter is because they have rather "weak" umulh
instruction. On low-end x86_64 problem is that contemporary gcc
and clang tend to opt for double-precision shift for >>51, which
can be devastatingly slow on some processors.

Just in case for reference, trick is to use 2^51 radix [currently
only for DH].

Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years agoUpdate the documentation for SSL_write_early_data()
Matt Caswell [Wed, 27 Dec 2017 13:55:03 +0000 (13:55 +0000)]
Update the documentation for SSL_write_early_data()

Now that we attempt to send early data in the first TCP packet along with
the ClientHello, the documentation for SSL_write_early_data() needed a
tweak.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4802)

6 years agoDisable partial writes for early data
Matt Caswell [Wed, 27 Dec 2017 13:36:45 +0000 (13:36 +0000)]
Disable partial writes for early data

We don't keep track of the number of bytes written between in the
SSL_write_ex() call and the subsequent flush. If the flush needs to be
retried then we will have forgotten how many bytes actually got written.
The simplest solution is to just disable it for this scenario.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4802)

6 years agoDon't flush the ClientHello if we're going to send early data
Matt Caswell [Mon, 27 Nov 2017 15:20:06 +0000 (15:20 +0000)]
Don't flush the ClientHello if we're going to send early data

We'd like the first bit of early_data and the ClientHello to go in the
same TCP packet if at all possible to enable things like TCP Fast Open.
Also, if you're only going to send one block of early data then you also
don't need to worry about TCP_NODELAY.

Fixes #4783

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4802)

6 years agoAdd 'openssl req' option to specify extension values on command line
Richard Levitte [Wed, 27 Dec 2017 17:29:36 +0000 (18:29 +0100)]
Add 'openssl req' option to specify extension values on command line

The idea is to be able to add extension value lines directly on the
command line instead of through the config file, for example:

    openssl req -new -extension 'subjectAltName = DNS:dom.ain, DNS:oth.er' \
                     -extension 'certificatePolicies = 1.2.3.4'

Fixes #3311

Thank you Jacob Hoffman-Andrews for the inspiration

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4986)

6 years agoAlternate fix for ../test/recipes/80-test_ssl_old.t with no-ec
Bernd Edlinger [Wed, 27 Dec 2017 15:37:22 +0000 (16:37 +0100)]
Alternate fix for ../test/recipes/80-test_ssl_old.t with no-ec

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4981)

6 years agoec/ecp_nistp*.c: sanitize for undefined/implmentation-specific behaviour.
Andy Polyakov [Sat, 23 Dec 2017 14:15:30 +0000 (15:15 +0100)]
ec/ecp_nistp*.c: sanitize for undefined/implmentation-specific behaviour.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4974)

6 years agoVMS fix: link shared libs from objects files instead of from static libs
Richard Levitte [Wed, 20 Dec 2017 10:02:39 +0000 (11:02 +0100)]
VMS fix: link shared libs from objects files instead of from static libs

The simplifications that were made when Makefile.shared was removed
didn't work quite right.  Also, this is what we do on Unix and Windows
anyway, so this makes us more consistent across all platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4982)

6 years agoRemove outdated comments
Paul Yang [Sun, 10 Dec 2017 15:48:23 +0000 (23:48 +0800)]
Remove outdated comments

Variables n, d, p are no longer there.

[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4894)

6 years agoSuggestion for improvements to x509.pod
Daniel Bevenius [Wed, 13 Dec 2017 14:41:02 +0000 (15:41 +0100)]
Suggestion for improvements to x509.pod

This commit is a suggestion to hopefully improve x509.pod. I had to
re-read it the first time through and with these changes it reads a
little easier, and wondering if others agree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4924)

6 years agoFix comment about undefined behavior of constant_time_msb
Kurt Roeckx [Sat, 23 Dec 2017 22:32:11 +0000 (23:32 +0100)]
Fix comment about undefined behavior of constant_time_msb

This comment was correct for the original commit introducing this
function (5a3d21c0585064292bde5cd34089e120487ab687), but was fixed
in commit d2fa182988afa33d9e950358de406cc9fb36d000 (and
67b8bcee95f225a07216700786b538bb98d63cfe)

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
GH: #4975

6 years agopoly1305/asm/poly1305-x86_64.pl: add Knights Landing AVX512 result.
Andy Polyakov [Wed, 6 Dec 2017 14:51:32 +0000 (15:51 +0100)]
poly1305/asm/poly1305-x86_64.pl: add Knights Landing AVX512 result.

Hardware used for benchmarking courtesy of Atos, experiments run by
Romain Dolbeau <romain.dolbeau@atos.net>. Kudos!

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4855)

6 years agoAdd sha/asm/keccak1600-avx512vl.pl.
Andy Polyakov [Sun, 17 Dec 2017 20:32:38 +0000 (21:32 +0100)]
Add sha/asm/keccak1600-avx512vl.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4948)

6 years agoRemove extra `the` in SSL_SESSION_set1_id.pod
Daniel Bevenius [Thu, 21 Dec 2017 08:08:25 +0000 (09:08 +0100)]
Remove extra `the` in SSL_SESSION_set1_id.pod

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4969)

6 years agoFix a typo in comment
Bernd Edlinger [Sun, 17 Dec 2017 21:15:15 +0000 (22:15 +0100)]
Fix a typo in comment

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4949)

6 years agoVMS build.info: uppercase args to perl modules must be quoted
Richard Levitte [Sun, 17 Dec 2017 08:47:04 +0000 (09:47 +0100)]
VMS build.info: uppercase args to perl modules must be quoted

This is because VMS perl will otherwise lowercase them

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4946)

6 years agoRestore the use of LDCMD when linking applications
Richard Levitte [Sun, 17 Dec 2017 11:56:24 +0000 (12:56 +0100)]
Restore the use of LDCMD when linking applications

It is a hack, but it existed in the recently removed Makefile.shared,
and its use is documented in fuzz/README.md, so we cannot drop it now.

Fixes https://github.com/google/oss-fuzz/issues/1037

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4947)

6 years agoEnable the ARIA ciphers by default.
Pauli [Sun, 17 Dec 2017 21:42:19 +0000 (07:42 +1000)]
Enable the ARIA ciphers by default.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4950)

6 years agoMake DRBG uninstantiate() and instantiate() methods inverse to each other
Dr. Matthias St. Pierre [Mon, 20 Nov 2017 22:27:23 +0000 (23:27 +0100)]
Make DRBG uninstantiate() and instantiate() methods inverse to each other

Previously, the RAND_DRBG_uninstantiate() call was not exactly inverse to
RAND_DRBG_instantiate(), because some important member values of the
drbg->ctr member where cleared. Now these values are restored internally.

Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4402)

6 years agoAllocate the three shared DRBGs on the secure heap
Dr. Matthias St. Pierre [Mon, 6 Nov 2017 01:29:15 +0000 (02:29 +0100)]
Allocate the three shared DRBGs on the secure heap

Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4402)

6 years agoImplement automatic reseeding of DRBG after a specified time interval
Dr. Matthias St. Pierre [Fri, 24 Nov 2017 14:24:51 +0000 (15:24 +0100)]
Implement automatic reseeding of DRBG after a specified time interval

Every DRBG now supports automatic reseeding not only after a given
number of generate requests, but also after a specified time interval.

Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4402)

6 years agoAdd master DRBG for reseeding
Dr. Matthias St. Pierre [Fri, 24 Nov 2017 13:59:58 +0000 (14:59 +0100)]
Add master DRBG for reseeding

A third shared DRBG is added, the so called master DRBG. Its sole purpose
is to reseed the two other shared DRBGs, the public and the private DRBG.
The randomness for the master DRBG is either pulled from the os entropy
sources, or added by the application using the RAND_add() call.

The master DRBG reseeds itself automatically after a given number of generate
requests, but can also be reseeded using RAND_seed() or RAND_add().
A reseeding of the master DRBG is automatically propagated to the public
and private DRBG. This construction fixes the problem, that up to now
the randomness provided by RAND_add() was added only to the public and
not to the private DRBG.

Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4402)

6 years agoRemove spaces at end of line in ssl/statem
Paul Yang [Fri, 15 Dec 2017 07:01:20 +0000 (15:01 +0800)]
Remove spaces at end of line in ssl/statem

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #4934

6 years agoAdd comments to NULL func ptrs in bio_method_st
Daniel Bevenius [Sun, 17 Dec 2017 21:04:48 +0000 (07:04 +1000)]
Add comments to NULL func ptrs in bio_method_st

This commit adds comments to bio_method_st definitions where the
function pointers are defined as NULL. Most of the structs have comments
but some where missing and not all consitent.

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4881)

6 years agoFix invalid function type casts.
Bernd Edlinger [Fri, 15 Dec 2017 18:33:48 +0000 (19:33 +0100)]
Fix invalid function type casts.
Rename bio_info_cb to BIO_info_cb.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4493)

6 years agoRemove test-runs dir, adjust .gitignore
Bernd Edlinger [Thu, 14 Dec 2017 20:16:41 +0000 (21:16 +0100)]
Remove test-runs dir, adjust .gitignore

Ignore libssl.map/libcrypto.map instead of ssl.map/crypto.map

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4932)

6 years agoFix 'make update'
Todd Short [Thu, 14 Dec 2017 19:38:24 +0000 (14:38 -0500)]
Fix 'make update'

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4931)

6 years agoFix some clang compilation errors
Matt Caswell [Thu, 30 Nov 2017 17:55:34 +0000 (17:55 +0000)]
Fix some clang compilation errors

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoDon't run the TLSv1.3 CCS tests if TLSv1.3 is not enabled
Matt Caswell [Thu, 30 Nov 2017 17:55:06 +0000 (17:55 +0000)]
Don't run the TLSv1.3 CCS tests if TLSv1.3 is not enabled

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoAdd some TLSv1.3 CCS tests
Matt Caswell [Thu, 30 Nov 2017 10:13:13 +0000 (10:13 +0000)]
Add some TLSv1.3 CCS tests

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoMake sure we treat records written after HRR as TLSv1.3
Matt Caswell [Thu, 30 Nov 2017 15:49:08 +0000 (15:49 +0000)]
Make sure we treat records written after HRR as TLSv1.3

This fixes a bug where some CCS records were written with the wrong TLS
record version.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoIssue a CCS from the client if we received an HRR
Matt Caswell [Thu, 30 Nov 2017 14:33:22 +0000 (14:33 +0000)]
Issue a CCS from the client if we received an HRR

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoFix server side HRR flushing
Matt Caswell [Thu, 30 Nov 2017 14:29:28 +0000 (14:29 +0000)]
Fix server side HRR flushing

Flush following the CCS after an HRR. Only flush the HRR if middlebox
compat is turned off.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoDelay flush until after CCS with early_data
Matt Caswell [Thu, 30 Nov 2017 11:28:26 +0000 (11:28 +0000)]
Delay flush until after CCS with early_data

Normally we flush immediately after writing the ClientHello. However if
we are going to write a CCS immediately because we've got early_data to
come, then we should move the flush until after the CCS.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoEnsure CCS sent before early_data has the correct record version
Matt Caswell [Mon, 13 Nov 2017 16:12:35 +0000 (16:12 +0000)]
Ensure CCS sent before early_data has the correct record version

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoSend supported_versions in an HRR
Matt Caswell [Tue, 5 Dec 2017 10:16:25 +0000 (10:16 +0000)]
Send supported_versions in an HRR

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoMake sure supported_versions appears in an HRR too
Matt Caswell [Mon, 13 Nov 2017 15:01:07 +0000 (15:01 +0000)]
Make sure supported_versions appears in an HRR too

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoUpdate TLSProxy to know about new HRR style
Matt Caswell [Mon, 13 Nov 2017 14:40:46 +0000 (14:40 +0000)]
Update TLSProxy to know about new HRR style

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoUpdate state machine to send CCS based on whether we did an HRR
Matt Caswell [Mon, 13 Nov 2017 11:24:51 +0000 (11:24 +0000)]
Update state machine to send CCS based on whether we did an HRR

The CCS may be sent at different times based on whether or not we
sent an HRR earlier. In order to make that decision this commit
also updates things to make sure we remember whether an HRR was
used or not.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoFix an HRR bug
Matt Caswell [Thu, 9 Nov 2017 16:03:40 +0000 (16:03 +0000)]
Fix an HRR bug

Ensure that after an HRR we can only negotiate TLSv1.3

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoMerge HRR into ServerHello
Matt Caswell [Tue, 5 Dec 2017 10:14:35 +0000 (10:14 +0000)]
Merge HRR into ServerHello

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoSend a CCS after ServerHello in TLSv1.3 if using middlebox compat mode
Matt Caswell [Wed, 8 Nov 2017 15:00:48 +0000 (15:00 +0000)]
Send a CCS after ServerHello in TLSv1.3 if using middlebox compat mode

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoSend a CCS from a client in an early_data handshake
Matt Caswell [Wed, 8 Nov 2017 14:26:48 +0000 (14:26 +0000)]
Send a CCS from a client in an early_data handshake

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoSend a CCS from the client in a non-early_data handshake
Matt Caswell [Wed, 8 Nov 2017 11:37:12 +0000 (11:37 +0000)]
Send a CCS from the client in a non-early_data handshake

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoRemove TLSv1.3 specific write transition for ClientHello
Matt Caswell [Wed, 8 Nov 2017 11:18:00 +0000 (11:18 +0000)]
Remove TLSv1.3 specific write transition for ClientHello

Since we no longer do version negotiation during the processing of an HRR
we do not need the TLSv1.3 specific write transition for ClientHello

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoDrop CCS messages received in the TLSv1.3 handshake
Matt Caswell [Tue, 7 Nov 2017 16:36:51 +0000 (16:36 +0000)]
Drop CCS messages received in the TLSv1.3 handshake

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoSend TLSv1.2 as the record version when using TLSv1.3
Matt Caswell [Tue, 7 Nov 2017 16:04:35 +0000 (16:04 +0000)]
Send TLSv1.2 as the record version when using TLSv1.3

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoImplement session id TLSv1.3 middlebox compatibility mode
Matt Caswell [Tue, 7 Nov 2017 10:45:43 +0000 (10:45 +0000)]
Implement session id TLSv1.3 middlebox compatibility mode

Clients will send a "fake" session id and servers must echo it back.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoUpdate ServerHello to new draft-22 format
Matt Caswell [Fri, 3 Nov 2017 16:38:48 +0000 (16:38 +0000)]
Update ServerHello to new draft-22 format

The new ServerHello format is essentially now the same as the old TLSv1.2
one, but it must additionally include supported_versions. The version
field is fixed at TLSv1.2, and the version negotiation happens solely via
supported_versions.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoUpdate the TLSv1.3 draft version indicators to draft 22
Matt Caswell [Fri, 3 Nov 2017 11:26:29 +0000 (11:26 +0000)]
Update the TLSv1.3 draft version indicators to draft 22

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

6 years agoMinor cleanup of the rsa mp limits code
Bernd Edlinger [Mon, 11 Dec 2017 15:10:36 +0000 (16:10 +0100)]
Minor cleanup of the rsa mp limits code

Reduce RSA_MAX_PRIME_NUM to 5.
Remove no longer used RSA_MIN_PRIME_SIZE.
Make rsa_multip_cap honor RSA_MAX_PRIME_NUM.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4905)

6 years agoFix VMS use of util/mkdef.pl in top build.info
Richard Levitte [Wed, 13 Dec 2017 09:49:14 +0000 (10:49 +0100)]
Fix VMS use of util/mkdef.pl in top build.info

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4921)

6 years agoDocument the X509_V_FLAG_PARTIAL_CHAIN flag
Viktor Dukhovni [Mon, 11 Dec 2017 23:33:59 +0000 (18:33 -0500)]
Document the X509_V_FLAG_PARTIAL_CHAIN flag

Also improved documentation of TRUSTED_FIRST

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years agoFix more OCSP_resp_get0_signer() nits
Ben Kaduk [Tue, 12 Dec 2017 17:41:26 +0000 (11:41 -0600)]
Fix more OCSP_resp_get0_signer() nits

Fix a typo for "retrieve" and some indentation.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4919)

6 years agoFix minor typo in bio.pod
Daniel Bevenius [Tue, 12 Dec 2017 15:56:50 +0000 (16:56 +0100)]
Fix minor typo in bio.pod

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4917)

6 years agocrypto/bio/bss_dgram.c: annotate fallthrough (-Wimplicit-fallthrough)
Patrick Steuer [Tue, 12 Dec 2017 13:49:21 +0000 (14:49 +0100)]
crypto/bio/bss_dgram.c: annotate fallthrough (-Wimplicit-fallthrough)

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4916)

6 years agoFix leak in ERR_get_state() when OPENSSL_init_crypto() isn't called yet
Richard Levitte [Tue, 12 Dec 2017 01:05:38 +0000 (02:05 +0100)]
Fix leak in ERR_get_state() when OPENSSL_init_crypto() isn't called yet

If OPENSSL_init_crypto() hasn't been called yet when ERR_get_state()
is called, it need to be called early, so the base initialization is
done.  On some platforms (those who support DSO functionality and
don't define OPENSSL_USE_NODELETE), that includes a call of
ERR_set_mark(), which calls this function again.
Furthermore, we know that ossl_init_thread_start(), which is called
later in ERR_get_state(), calls OPENSSL_init_crypto(0, NULL), except
that's too late.
Here's what happens without an early call of OPENSSL_init_crypto():

    => ERR_get_state():
         => CRYPTO_THREAD_get_local():
         <= NULL;
         # no state is found, so it gets allocated.
         => ossl_init_thread_start():
              => OPENSSL_init_crypto():
                   # Here, base_inited is set to 1
                   # before ERR_set_mark() call
                   => ERR_set_mark():
                        => ERR_get_state():
                             => CRYPTO_THREAD_get_local():
                             <= NULL;
                             # no state is found, so it gets allocated!!!!!
                             => ossl_init_thread_start():
                                  => OPENSSL_init_crypto():
                                       # base_inited is 1,
                                       # so no more init to be done
                                  <= 1
                             <=
                             => CRYPTO_thread_set_local():
                             <=
                        <=
                   <=
              <= 1
         <=
         => CRYPTO_thread_set_local()      # previous value removed!
    <=

Result: double allocation, and we have a leak.

By calling the base OPENSSL_init_crypto() early, we get this instead:

    => ERR_get_state():
         => OPENSSL_init_crypto():
              # Here, base_inited is set to 1
              # before ERR_set_mark() call
              => ERR_set_mark():
                   => ERR_get_state():
                        => OPENSSL_init_crypto():
                             # base_inited is 1,
                             # so no more init to be done
                        <= 1
                        => CRYPTO_THREAD_get_local():
                        <= NULL;
                        # no state is found, so it gets allocated
                        # let's assume we got 0xDEADBEEF
                        => ossl_init_thread_start():
                             => OPENSSL_init_crypto():
                                  # base_inited is 1,
                                  # so no more init to be done
                             <= 1
                        <= 1
                        => CRYPTO_thread_set_local():
                        <=
                   <=
              <=
         <= 1
         => CRYPTO_THREAD_get_local():
         <= 0xDEADBEEF
    <= 0xDEADBEEF

Result: no leak.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4913)

6 years agoVMS build file template: adapt for when someone disabled 'makedepend'
Richard Levitte [Mon, 11 Dec 2017 20:01:18 +0000 (21:01 +0100)]
VMS build file template: adapt for when someone disabled 'makedepend'

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4907)