oweals/openssl.git
8 years agotestutil: return 1 on success
Emilia Kasper [Tue, 5 Apr 2016 12:29:06 +0000 (14:29 +0200)]
testutil: return 1 on success

Require that test methods return 1 on success (not 0). This is more
customary for OpenSSL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agofix memory leak in ca
Dr. Stephen Henson [Tue, 5 Apr 2016 13:06:28 +0000 (14:06 +0100)]
fix memory leak in ca

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoNew SSL test framework
Emilia Kasper [Thu, 17 Mar 2016 14:14:30 +0000 (15:14 +0100)]
New SSL test framework

Currently, SSL tests are configured via command-line switches to
ssltest.c. This results in a lot of duplication between ssltest.c and
apps, and a complex setup. ssltest.c is also simply old and needs
maintenance.

Instead, we already have a way to configure SSL servers and clients, so
we leverage that. SSL tests can now be configured from a configuration
file. Test servers and clients are configured using the standard
ssl_conf module. Additional test settings are configured via a test
configuration.

Moreover, since the CONF language involves unnecessary boilerplate, the
test conf itself is generated from a shorter Perl syntax.

The generated testcase files are checked in to the repo to make
it easier to verify that the intended test cases are in fact run; and to
simplify debugging failures.

To demonstrate the approach, min/max protocol tests are converted to the
new format. This change also fixes MinProtocol and MaxProtocol
handling. It was previously requested that an SSL_CTX have both the
server and client flags set for these commands; this clearly can never work.

Guide to this PR:
 - test/ssl_test.c - test framework
 - test/ssl_test_ctx.* - test configuration structure
 - test/handshake_helper.* - new SSL test handshaking code
 - test/ssl-tests/ - test configurations
 - test/generate_ssl_tests.pl - script for generating CONF-style test
   configurations from perl inputs

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix a shadow symbol warning
FdaSilvaYY [Mon, 4 Apr 2016 22:13:06 +0000 (00:13 +0200)]
Fix a shadow symbol warning

... comes from c5137473bdc7.
Fix Travis builds.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoset exec attribute for .pl files
Viktor Szakats [Tue, 29 Mar 2016 19:30:11 +0000 (21:30 +0200)]
set exec attribute for .pl files

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agofix perl shebang
Viktor Szakats [Tue, 29 Mar 2016 19:26:39 +0000 (21:26 +0200)]
fix perl shebang

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agouse whitespace more consistently
Viktor Szakats [Tue, 29 Mar 2016 14:25:18 +0000 (16:25 +0200)]
use whitespace more consistently

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRevert "various spelling fixes"
Rich Salz [Mon, 4 Apr 2016 20:11:43 +0000 (16:11 -0400)]
Revert "various spelling fixes"

This reverts commit 620d540bd47a96fb6905fbbdd8ea5167a8841a3e.
It wasn't reviewed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRevert "Fix an error code spelling."
Rich Salz [Mon, 4 Apr 2016 20:11:04 +0000 (16:11 -0400)]
Revert "Fix an error code spelling."

This reverts commit 2b0bcfaf834e2fb7cd52888d7330b247e3878115.
It wasn't reviewed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix an error code spelling.
FdaSilvaYY [Mon, 4 Apr 2016 18:42:27 +0000 (20:42 +0200)]
Fix an error code spelling.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agovarious spelling fixes
FdaSilvaYY [Thu, 10 Mar 2016 20:34:48 +0000 (21:34 +0100)]
various spelling fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix a possible leak on NETSCAPE_SPKI_verify failure.
FdaSilvaYY [Sun, 3 Apr 2016 21:37:58 +0000 (23:37 +0200)]
Fix a possible leak on NETSCAPE_SPKI_verify failure.

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUse X509_REQ_get0_pubkey
FdaSilvaYY [Sun, 3 Apr 2016 21:37:32 +0000 (23:37 +0200)]
Use X509_REQ_get0_pubkey

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd X509_REQ_get0_pubkey method
FdaSilvaYY [Sun, 3 Apr 2016 21:24:51 +0000 (23:24 +0200)]
Add X509_REQ_get0_pubkey method

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix two leaks in X509_REQ_to_X509
FdaSilvaYY [Wed, 16 Mar 2016 23:15:48 +0000 (00:15 +0100)]
Fix two leaks in X509_REQ_to_X509

Issue #182

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake sure the rand_byte buffer in padlock engine is cleansed.
Richard Levitte [Mon, 4 Apr 2016 14:55:12 +0000 (16:55 +0200)]
Make sure the rand_byte buffer in padlock engine is cleansed.

Submitted by Michael McConville <mmcco@mykolab.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agocrypto/poly1305: don't break carry chains.
Andy Polyakov [Tue, 29 Mar 2016 08:02:45 +0000 (10:02 +0200)]
crypto/poly1305: don't break carry chains.

RT#4483

[poly1305-armv4.pl: remove redundant #ifdef __thumb2__]
[poly1305-ppc*.pl: presumably more accurate benchmark results]

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix memory leaks in ASN.1
Emilia Kasper [Wed, 30 Mar 2016 20:37:05 +0000 (22:37 +0200)]
Fix memory leaks in ASN.1

These leaks affect 1.1.0 dev branch only; introduced around commit
f93ad22f6adb00e722c130e792799467f3927b56

Found with LibFuzzer

Reviewed-by: Ben Laurie <ben@openssl.org>
8 years agoRemoved no-ops for the old locking API
Michał Trojnara [Sun, 3 Apr 2016 18:01:09 +0000 (20:01 +0200)]
Removed no-ops for the old locking API

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix mixed declarations and code
Viktor Dukhovni [Mon, 4 Apr 2016 00:58:09 +0000 (20:58 -0400)]
Fix mixed declarations and code

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
8 years agoDon't shadow known symbols write, read, puts, gets
Richard Levitte [Sun, 3 Apr 2016 22:11:20 +0000 (00:11 +0200)]
Don't shadow known symbols write, read, puts, gets

It was harmless in this case, but best avoid the annoying warnings.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years agoMakefile et al template: only modify static library with new object files
Richard Levitte [Sun, 3 Apr 2016 12:11:12 +0000 (14:11 +0200)]
Makefile et al template: only modify static library with new object files

Previously, we updated the static libraries (libcrypto.a on Unix,
libcrypto.lib on Windows) with all the object files, regardless of if
they were rebuilt or not.  With this change, we only update them with
the object files were rebuilt.

NOTE: this does not apply on VMS, as the expansion of $? may be too
large for a command line.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoapps/Makefile.in: add tsget rule.
Andy Polyakov [Fri, 1 Apr 2016 16:17:01 +0000 (18:17 +0200)]
apps/Makefile.in: add tsget rule.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoAfter saving errno clear it before calls to strtol et. al.
Viktor Dukhovni [Sun, 3 Apr 2016 19:21:34 +0000 (15:21 -0400)]
After saving errno clear it before calls to strtol et. al.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agomake update
Viktor Dukhovni [Sun, 20 Mar 2016 08:12:52 +0000 (04:12 -0400)]
make update

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
8 years agoMove peer chain security checks into x509_vfy.c
Viktor Dukhovni [Sat, 19 Mar 2016 02:09:41 +0000 (22:09 -0400)]
Move peer chain security checks into x509_vfy.c

A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level.  For verification of SSL peers, this
is automatically set from the SSL security level.  Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.

The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.

New verify(1) tests added to check enforcement of chain signature
and public key security levels.  Also added new tests of enforcement
of the verify_depth limit.

Updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
8 years agoTidy up x509_vfy callback handling
Viktor Dukhovni [Sat, 27 Feb 2016 19:17:28 +0000 (14:17 -0500)]
Tidy up x509_vfy callback handling

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
8 years agoOrdinals adjustment
Richard Levitte [Sun, 3 Apr 2016 07:15:19 +0000 (09:15 +0200)]
Ordinals adjustment

Two renamed functions were forgotten in util/libcrypto.num

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoRename get/set_app_data to get0/set0_app_data
Matt Caswell [Sat, 2 Apr 2016 22:08:14 +0000 (23:08 +0100)]
Rename get/set_app_data to get0/set0_app_data

Also fixed a style issue

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
8 years agoVarious DSA opacity fixups
Matt Caswell [Sat, 2 Apr 2016 18:41:41 +0000 (19:41 +0100)]
Various DSA opacity fixups

Numerous fixups based on feedback of the DSA opacity changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
8 years agomake update
Matt Caswell [Fri, 1 Apr 2016 14:43:17 +0000 (15:43 +0100)]
make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
8 years agoAdded DSA opacity to CHANGES
Matt Caswell [Fri, 1 Apr 2016 13:09:57 +0000 (14:09 +0100)]
Added DSA opacity to CHANGES

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
8 years agoDocument functions added as a result of DSA opacity changes
Matt Caswell [Thu, 31 Mar 2016 13:22:39 +0000 (14:22 +0100)]
Document functions added as a result of DSA opacity changes

A number of getters/setters have been added for examining DSA objects, as
well as a whole set of functions for creating and buildingup DSA_METHODs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
8 years agoMake DSA_METHOD opaque
Matt Caswell [Wed, 30 Mar 2016 16:18:55 +0000 (17:18 +0100)]
Make DSA_METHOD opaque

Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
8 years agoMake the DSA structure opaque
Matt Caswell [Wed, 30 Mar 2016 14:21:39 +0000 (15:21 +0100)]
Make the DSA structure opaque

Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
8 years agoAdapt some test recipes to the newer cmdstr()
Richard Levitte [Fri, 1 Apr 2016 13:09:28 +0000 (15:09 +0200)]
Adapt some test recipes to the newer cmdstr()

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoEnhance OpenSSL::Test::cmdstr to give cmd string variants
Richard Levitte [Fri, 1 Apr 2016 13:05:52 +0000 (15:05 +0200)]
Enhance OpenSSL::Test::cmdstr to give cmd string variants

Within OpenSSL::Test, all commands end up existing in two variants,
one that has redirections that are needed internally to work well
together with the test harness, and one without those redirections.

Depending on what the result is going to be used for, the caller may
want one for or the other, so we give them the possibility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agomoved structure bio_buf_mem_st from headers to bss_mem.c
Kirill Marinushkin [Wed, 30 Mar 2016 16:39:42 +0000 (18:39 +0200)]
moved structure bio_buf_mem_st from headers to bss_mem.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agosizeof() updated to cover coding style
Kirill Marinushkin [Wed, 16 Mar 2016 21:05:59 +0000 (22:05 +0100)]
sizeof() updated to cover coding style

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoOptimized BIO mem read - without reallocation
Kirill Marinushkin [Sun, 13 Mar 2016 12:20:52 +0000 (13:20 +0100)]
Optimized BIO mem read - without reallocation

Currently on every BIO mem read operation the remaining data is reallocated.
This commit solves the issue.
BIO mem structure includes additional pointer to the read position.
On every read the pointer moves instead of reallocating the memory for the remaining data.
Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer.
Also the flag is added to rewind the read pointer without losing the data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix: CRYPTO_THREAD_run_once
Mat [Fri, 1 Apr 2016 00:00:03 +0000 (02:00 +0200)]
Fix: CRYPTO_THREAD_run_once

InitOnceExecuteOnce returns nonzero on success:
MSDN: "If the function succeeds, the return value is nonzero."

So return 1 if it is nonzero, 0 others.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoapps/opt.c: next was only used when NDEBUG undefined, move it inside guard
Richard Levitte [Sat, 2 Apr 2016 17:59:19 +0000 (19:59 +0200)]
apps/opt.c: next was only used when NDEBUG undefined, move it inside guard

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agomake depend: Check that find returned a non-empty string rather than an empty
Richard Levitte [Sat, 2 Apr 2016 15:10:03 +0000 (17:10 +0200)]
make depend: Check that find returned a non-empty string rather than an empty

The logic to find out of there are any .d files newer than Makefile is
sound.  Checking the result was less so.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix X509_PUBKEY cached key handling.
Dr. Stephen Henson [Wed, 30 Mar 2016 20:46:13 +0000 (21:46 +0100)]
Fix X509_PUBKEY cached key handling.

Don't decode a public key in X509_PUBKEY_get0(): that is handled when
the key is parsed using x509_pubkey_decode() instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoCorrecting typo that causes make install fail
Coty Sutherland [Fri, 1 Apr 2016 18:20:11 +0000 (14:20 -0400)]
Correcting typo that causes make install fail

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoAdd the C macro NDEBUG when configuring for release
Richard Levitte [Fri, 1 Apr 2016 14:03:46 +0000 (16:03 +0200)]
Add the C macro NDEBUG when configuring for release

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoForce argv to be an array of long pointers on VMS
Richard Levitte [Fri, 1 Apr 2016 10:36:51 +0000 (12:36 +0200)]
Force argv to be an array of long pointers on VMS

Reverts commit 087ca80ad83071dde0bb6bc1c28c743caa00eaf8

Instead of battling the odd format of argv given to main() in default
P64 mode, tell the compiler to make it an array of 64-bit pointers
when compiling in P64 mode.

A note is added in NOTES.VMS regarding minimum DEC C version.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoMake the use of perl more consistent
Richard Levitte [Thu, 31 Mar 2016 07:27:15 +0000 (09:27 +0200)]
Make the use of perl more consistent

- In Configure, register the perl interpreter used to run Configure,
  so that's the one being used throughout instead of something else
  that Configure happens to find.  This is helpful for using a perl
  version that's not necessarely first in $PATH:

    /opt/perl/5.22.1/bin/perl ./Configure

- Make apps/tsget a generated file, just like apps/CA.pl, so the
  perl interpreter registered by Configure becomes the hashbang path
  instead of a hardcoded /usr/bin/perl

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoUse return "" not set a var and return.
Rich Salz [Tue, 22 Mar 2016 14:52:13 +0000 (10:52 -0400)]
Use return "" not set a var and return.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agocrypto/blake2: make lowest-level function handle multiple blocks..
Andy Polyakov [Sun, 13 Mar 2016 21:19:53 +0000 (22:19 +0100)]
crypto/blake2: make lowest-level function handle multiple blocks..

This minimizes inter-block overhead. Performance gain naturally
varies from case to case, up to 10% was spotted so far. There is
one thing to recognize, given same circumstances gain would be
higher faster computational part is. Or in other words biggest
improvement coefficient would have been observed with assembly.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoOpenSSL::Test: have cmdstr() return the true command.
Richard Levitte [Thu, 31 Mar 2016 13:08:34 +0000 (15:08 +0200)]
OpenSSL::Test: have cmdstr() return the true command.

On the other hand, have run() display the display variant.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoWhen looking for executables, don't forget the extension
Richard Levitte [Thu, 31 Mar 2016 13:02:02 +0000 (15:02 +0200)]
When looking for executables, don't forget the extension

Because some operating systems have executable extensions, typically
".exe", we need to append it when looking for files in test() and
app() (or rather, their subroutines).

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRT4458: Fix #ifndef line for GOST
Pauli [Mon, 21 Mar 2016 23:16:36 +0000 (09:16 +1000)]
RT4458: Fix #ifndef line for GOST

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix "no-ui" configuration
Richard Levitte [Mon, 21 Mar 2016 17:08:57 +0000 (18:08 +0100)]
Fix "no-ui" configuration

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoMake the '-in' option in apps/passwd.c less mandatory
Richard Levitte [Thu, 31 Mar 2016 06:29:39 +0000 (08:29 +0200)]
Make the '-in' option in apps/passwd.c less mandatory

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoRemove the CRYPTO_mem_leaks adjustment for the BIO
Matt Caswell [Wed, 30 Mar 2016 17:12:59 +0000 (18:12 +0100)]
Remove the CRYPTO_mem_leaks adjustment for the BIO

CRYPTO_mem_leaks attempts to adjust the count of bytes leaks to not
include the BIO that is being used to print the results out. However this
does not work properly. In all internal cases we switch off recording
the memory allocation during creation of the BIO so it makes no difference.
In other cases if the BIO allocates any additional memory during
construction then the adjustment will be wrong anyway. It also skips over
the BIO memory during print_leak anyway, so the BIO memory is never
added into the total. In other words this was broken in lots of ways and
has been since it was first added.

The simplest solution is just to make it the documented behaviour that
you must turn off memory logging when creating the BIO, and remove all
the adjustment stuff completely. The adjustment code was only ever in
master and never made it to a release branch so there is no loss of
functionality.

This commit also fixes a compilation failure when using
enable-crypto-mdebug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix buffer overrun in ASN1_parse().
Ben Laurie [Tue, 29 Mar 2016 18:37:57 +0000 (19:37 +0100)]
Fix buffer overrun in ASN1_parse().

Fix buffer overrun in asn1_get_length().

Reproducer: asn1parse-reproduce crash-6bfd417f47bc940f6984f5e639b637fd4e6074bc

Fix length calculations.

Reproducer: asn1parse-reproduce crash-1819d0e54cd2b0430626c59053e6077ef04c2ffb
Reproducer: asn1parse-reproduce crash-9969db8603e644ddc0ba3459b51eac7a2c4b729b

Make i long.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix pointer size issues with argv on VMS
Richard Levitte [Wed, 30 Mar 2016 06:35:18 +0000 (08:35 +0200)]
Fix pointer size issues with argv on VMS

The argument 'argv' in 'main' is a short pointer to a short pointer on
VMS, regardless of initial pointer size.  We must therefore make sure
that 'copy_argv' gets a 32-bit pointer for argv, and that the copied
argv is used for the rest of main().

This introduces the local type argv_t, which will have correct pointer
size in all cases (and be harmless on all other platforms) as well as
the macro Argv, which is defined as 'copied_argv' or 'argv', as the
case may be.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoFix pointer size issue with setbuf() on VMS
Richard Levitte [Wed, 30 Mar 2016 06:32:19 +0000 (08:32 +0200)]
Fix pointer size issue with setbuf() on VMS

setbuf() is only for 32-bit pointers.  If compiled with /POINTER_SIZE=64,
we get a nasty warning about possible loss of data.  However, since
the only pointer used in the call is a FILE *, and the C RTL shouldn't
give us a pointer above the first 4GB, it's safe to turn off the
warning for this call.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoFix pointer size issues on VMS
Richard Levitte [Wed, 30 Mar 2016 04:40:37 +0000 (06:40 +0200)]
Fix pointer size issues on VMS

On VMS, the C compiler can work with 32-bit and 64-bit pointers, and
the command line determines what the initial pointer size shall be.

However, there is some functionality that only works with 32-bit
pointers.  In this case, it's gethostbyname(), getservbyname() and
accompanying structures, so we need to make sure that we define our
own pointers as 32-bit ones.

Furthermore, there seems to be a bug in VMS C netdb.h, where struct
addrinfo is always defined with 32-bit pointers no matter what, but
the functions handling it are adapted to the initial pointer size.
This leads to pointer size warnings when compiling with
/POINTER_SIZE=64.  The workaround is to force struct addrinfo to be
the 64-bit variant if the initial pointer size is 64.

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoRearrange the use of 'proto' in BIO_lookup
Richard Levitte [Wed, 30 Mar 2016 16:18:24 +0000 (18:18 +0200)]
Rearrange the use of 'proto' in BIO_lookup

'proto' wasn't properly used as a fallback in all appropriate cases.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoWhen verbosity is requested, OpenSSL::Test::run() displays the command
Richard Levitte [Tue, 29 Mar 2016 17:43:33 +0000 (19:43 +0200)]
When verbosity is requested, OpenSSL::Test::run() displays the command

It displays the command's exit code as well.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoHave OpenSsl..Test::app() and friends look for file in source as well
Richard Levitte [Tue, 29 Mar 2016 17:41:20 +0000 (19:41 +0200)]
Have OpenSsl..Test::app() and friends look for file in source as well

If the command file that app(), test(), perlapp(9 and perltest() are
looking for doesn't exist in the build tree, look for it in the source
tree as well.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoSince OpenSSL::Test redirects stderr to /dev/null, don't do so in 80-test_ca.t
Richard Levitte [Tue, 29 Mar 2016 17:38:30 +0000 (19:38 +0200)]
Since OpenSSL::Test redirects stderr to /dev/null, don't do so in 80-test_ca.t

Since OpenSSL::Test only redirects stderr to /dev/null when being run
through non-verbose test harness, this change allows the stderr output
to be displayed when verbosity is requested.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoAdd the option 'interpreter_args' to perlapps() and perltest()
Richard Levitte [Tue, 29 Mar 2016 17:36:55 +0000 (19:36 +0200)]
Add the option 'interpreter_args' to perlapps() and perltest()

The intention with that option is to allow extra flags to the perl
interpreter itself.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoRemove X509_PUBKEY lock.
Dr. Stephen Henson [Wed, 23 Mar 2016 21:04:49 +0000 (21:04 +0000)]
Remove X509_PUBKEY lock.

Cache the decoded public key when an X509_PUBKEY structure is initially
parsed so no locking is required. Ignore any decode errors.

When an application calls X509_PUBKEY_get0() subsequently it will either
get the cached key or the decode operation will be repeated which will
return an appropriate error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake it legal C.
Ben Laurie [Sun, 27 Mar 2016 11:28:56 +0000 (12:28 +0100)]
Make it legal C.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMore things that don't work together.
Ben Laurie [Sun, 27 Mar 2016 11:28:23 +0000 (12:28 +0100)]
More things that don't work together.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix build compilation failures
Matt Caswell [Wed, 30 Mar 2016 09:59:32 +0000 (10:59 +0100)]
Fix build compilation failures

BIO_f_linebuffer() is now built by default instead of just on VMS, but
the prototype in the header was still only available on VMS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoBreak out DllMain from crypto/cryptlib.c and use it in shared libs only
Richard Levitte [Tue, 29 Mar 2016 14:48:02 +0000 (16:48 +0200)]
Break out DllMain from crypto/cryptlib.c and use it in shared libs only

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoMake it possible to specify source files that will only be used for shared libs
Richard Levitte [Tue, 29 Mar 2016 14:45:03 +0000 (16:45 +0200)]
Make it possible to specify source files that will only be used for shared libs

There are rare cases when an object file will only be used when
building a shared library.  To enable this, we introduce
SHARED_SOURCE:

    SHARED_SOURCE[libfoo]=dllmain.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoAdapt bf_lbuf for opaque BIO
Richard Levitte [Tue, 29 Mar 2016 19:36:06 +0000 (21:36 +0200)]
Adapt bf_lbuf for opaque BIO

Also, have it always be built, even though it's only (currently) used
on VMS.  That will assure it will get the same changes as all others.

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years ago'make test' depends of having util/shlib-wrap.sh symlinked in build dir
Richard Levitte [Tue, 29 Mar 2016 16:55:05 +0000 (18:55 +0200)]
'make test' depends of having util/shlib-wrap.sh symlinked in build dir

Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years agoRequire intermediate CAs to have basicConstraints CA:true.
Viktor Dukhovni [Tue, 29 Mar 2016 23:40:03 +0000 (19:40 -0400)]
Require intermediate CAs to have basicConstraints CA:true.

Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing.  That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix the zlib config option
Matt Caswell [Tue, 29 Mar 2016 22:20:32 +0000 (23:20 +0100)]
Fix the zlib config option

The zlib config option was broken by the BIO opacity changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoClarify the behavior of BIO_gets() a bit more
Benjamin Kaduk [Tue, 29 Mar 2016 19:56:44 +0000 (14:56 -0500)]
Clarify the behavior of BIO_gets() a bit more

The API contract is more tight than was previously documented -- the returned
string must be NUL-terminated, and the supplied buffer includes space for
the trailing NUL, so the maximum length that can be read in is reduced.

Clarify that the NUL is not included in the returned length, and fix the
spelling of "NUL-terminated" in a nearby spot.

Adjust punctuation to make a modest improvement to the grammar.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFixup SSL EX_DATA index
Todd Short [Tue, 29 Mar 2016 17:40:48 +0000 (13:40 -0400)]
Fixup SSL EX_DATA index

The SSL, SSL_CTX, and SSL_SESSION indices were being referenced
incorrectly in the "_get_ex_new_index" functions.

Remove the STORE EX_DATA index; that functionality is gone.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoConfig: The cflags in vms-alpha and vms-ia64 have to be added
Richard Levitte [Tue, 29 Mar 2016 20:06:07 +0000 (22:06 +0200)]
Config: The cflags in vms-alpha and vms-ia64 have to be added

"vms-generic" already has some values, which were discarded.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoVMS: Disable the warning MAYLOSEDATA3
Richard Levitte [Tue, 29 Mar 2016 18:18:31 +0000 (20:18 +0200)]
VMS: Disable the warning MAYLOSEDATA3

The warning MAYLOSEDATA3 is one you will always get when compiling
source that calculates the difference between two pointers with
/POINTER_SIZE=64.

The reason is quite simple, ptrdiff_t is always a 32-bit integer
regardless of pointer size, so the result of 'ptr1 - ptr2' can
potentially be larger than a 32-bit integer.  The compiler simply
warns you of that possibility.

However, we only use pointer difference within objects and strings,
all of them well within 2^32 bytes in size, so that operation is
harmless with our source, and we can therefore safely turn off that
warning.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoVMS: Harmonize the paths in openssl_startup.com with what's really installed
Richard Levitte [Tue, 29 Mar 2016 18:02:15 +0000 (20:02 +0200)]
VMS: Harmonize the paths in openssl_startup.com with what's really installed

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoVMS: Display the correct path to openssl_startup.com and openssl-utils.com
Richard Levitte [Tue, 29 Mar 2016 18:01:33 +0000 (20:01 +0200)]
VMS: Display the correct path to openssl_startup.com and openssl-utils.com

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRT 4393: Call EC_GROUP_order_bits in priv2opt.
David Benjamin [Mon, 7 Mar 2016 14:57:58 +0000 (09:57 -0500)]
RT 4393: Call EC_GROUP_order_bits in priv2opt.

The private key is a scalar and should be sized by the order, not the
degree. See RFC 5915.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoAdd a CHANGES entry for opaque BIOs
Matt Caswell [Tue, 29 Mar 2016 15:03:08 +0000 (16:03 +0100)]
Add a CHANGES entry for opaque BIOs

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoAdd documentation for BIO functions
Matt Caswell [Tue, 29 Mar 2016 13:25:23 +0000 (14:25 +0100)]
Add documentation for BIO functions

Add the documentation for new BIO functions added as a result of
making BIO and BIO_METHOD opaque.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agomake update
Matt Caswell [Wed, 23 Mar 2016 15:05:27 +0000 (15:05 +0000)]
make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoMake BIO opaque
Matt Caswell [Tue, 22 Mar 2016 09:21:29 +0000 (09:21 +0000)]
Make BIO opaque

Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoAdd functions for creating BIO_METHODs
Matt Caswell [Tue, 22 Mar 2016 11:34:32 +0000 (11:34 +0000)]
Add functions for creating BIO_METHODs

BIO_METHODs are soon to be opaque so we need to have functions available
to set them up.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix a big leak when using stack-allocated BIO items.
FdaSilvaYY [Fri, 18 Mar 2016 23:40:11 +0000 (00:40 +0100)]
Fix a big leak when using stack-allocated BIO items.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agopoly1305/asm/poly1305-x86.pl: don't loose 59-th bit.
Andy Polyakov [Sun, 20 Mar 2016 20:52:54 +0000 (21:52 +0100)]
poly1305/asm/poly1305-x86.pl: don't loose 59-th bit.

RT#4439

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agocrypto/seed: add small-footprint path.
Andy Polyakov [Mon, 21 Mar 2016 19:06:23 +0000 (20:06 +0100)]
crypto/seed: add small-footprint path.

The space saving is >5x on x86_64 at ~40% performance penalty.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoWindows build system: fix 32-bit appveyor build.
Andy Polyakov [Wed, 23 Mar 2016 20:04:22 +0000 (21:04 +0100)]
Windows build system: fix 32-bit appveyor build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoBuild system: VC-WIN64I fixups.
Andy Polyakov [Wed, 23 Mar 2016 19:33:29 +0000 (20:33 +0100)]
Build system: VC-WIN64I fixups.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoWhen using no-dtls create OPENSSL_NO_DTLS
Kurt Roeckx [Sun, 27 Mar 2016 22:31:23 +0000 (00:31 +0200)]
When using no-dtls create OPENSSL_NO_DTLS

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2452

8 years agoAdd session reuse tests.
Kurt Roeckx [Sun, 27 Mar 2016 18:53:01 +0000 (20:53 +0200)]
Add session reuse tests.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2452

8 years agoResolve DTLS cookie and version before session resumption.
David Benjamin [Sun, 6 Mar 2016 05:19:59 +0000 (00:19 -0500)]
Resolve DTLS cookie and version before session resumption.

Session resumption involves a version check, so version negotiation must
happen first. Currently, the DTLS implementation cannot do session
resumption in DTLS 1.0 because the ssl_version check always checks
against 1.2.

Switching the order also removes the need to fixup ssl_version in DTLS
version negotiation.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
RT: #4392, MR: #2452

8 years agoIt's called SSL_session_reused(), not SSL_session_resumed()
Kurt Roeckx [Sun, 27 Mar 2016 18:52:03 +0000 (20:52 +0200)]
It's called SSL_session_reused(), not SSL_session_resumed()

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2452

8 years agoAllow different protocol version when trying to reuse a session
Fedor Indutny [Fri, 11 Mar 2016 14:44:01 +0000 (17:44 +0300)]
Allow different protocol version when trying to reuse a session

We now send the highest supported version by the client, even if the session
uses an older version.

This fixes 2 problems:
- When you try to reuse a session but the other side doesn't reuse it and
  uses a different protocol version the connection will fail.
- When you're trying to reuse a session with an old version you might be
  stuck trying to reuse the old version while both sides support a newer
  version

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
GH: #852, MR: #2452

8 years agoMath::BigInt does floored divs, BN_div does truncated div, compensate
Richard Levitte [Fri, 25 Mar 2016 23:07:50 +0000 (00:07 +0100)]
Math::BigInt does floored divs, BN_div does truncated div, compensate

According to documentation, perl's Math::BigInt does floored division,
i.e. the bdiv function does 1 / -4 = -1.  OpenSSL's BN_div, as well as
bc, do truncated division, i.e. 1 / -4 = 0.

We need to compensate for that difference in test/recipes/bc.pl to
make sure to verify the bntest results under its own conditions, by
dividing the absolute values of the given numbers and fixup the
result's negativity afterwards.

Closes RT#4485

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years agoRT4476: Fix some cast-alignment warnings
Jeffrey Walton [Fri, 25 Mar 2016 13:06:47 +0000 (09:06 -0400)]
RT4476: Fix some cast-alignment warnings

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoVMS: add a note about DECC$* logical names
Richard Levitte [Fri, 25 Mar 2016 07:27:35 +0000 (08:27 +0100)]
VMS: add a note about DECC$* logical names

These logical names are used to make the C RTL change certain
behaviors, sometimes to make it act more like Unix.  While they can
make life easier in some cases, they can be disruptive as well.  When
building and testing OpenSSL, the latter is the case, so we ask people
to avoid using them.

Reviewed-by: Tim Hudson <tjh@openssl.org>