oweals/openssl.git
7 years agoMove certificate table to header file so it can be tested.
Dr. Stephen Henson [Sat, 8 Jul 2017 11:11:59 +0000 (12:11 +0100)]
Move certificate table to header file so it can be tested.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agoAdd additional ECDSA/Ed25519 selection tests.
Dr. Stephen Henson [Tue, 4 Jul 2017 12:07:22 +0000 (13:07 +0100)]
Add additional ECDSA/Ed25519 selection tests.

Add two tests with ECDSA+SHA256 preferred over Ed25519, the second also
excludes P-256 from the supported curves extension which will force the
use of Ed25519 in TLS 1.2, but not TLS 1.3: this would fail before the
certificate table updates.

Add TLS 1.3 test also with P-256 exclude from the groups extension: this
should have no effect as the groups extension is not used for signature
selection in TLS 1.3

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agoUse cert tables in ssl_set_sig_mask
Dr. Stephen Henson [Tue, 4 Jul 2017 10:38:23 +0000 (11:38 +0100)]
Use cert tables in ssl_set_sig_mask

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agomake errors
Dr. Stephen Henson [Sat, 8 Jul 2017 22:16:09 +0000 (23:16 +0100)]
make errors

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agoUse cert tables instead of X509_certificate_type
Dr. Stephen Henson [Thu, 29 Jun 2017 15:10:31 +0000 (16:10 +0100)]
Use cert tables instead of X509_certificate_type

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agoUse certificate tables instead of ssl_cert_type
Dr. Stephen Henson [Thu, 29 Jun 2017 14:20:09 +0000 (15:20 +0100)]
Use certificate tables instead of ssl_cert_type

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agoUse certificate tables instead of ssl_cipher_get_cert_index.
Dr. Stephen Henson [Thu, 29 Jun 2017 13:55:06 +0000 (14:55 +0100)]
Use certificate tables instead of ssl_cipher_get_cert_index.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agoReplace tls12_get_pkey_idx
Dr. Stephen Henson [Wed, 28 Jun 2017 16:56:45 +0000 (17:56 +0100)]
Replace tls12_get_pkey_idx

The functiontls12_get_pkey_idx is only used to see if a certificate index is
enabled: call ssl_cert_is_disabled instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agoAdd SSL_aCERT: this is used for any ciphersuite with a certificate.
Dr. Stephen Henson [Fri, 30 Jun 2017 17:57:42 +0000 (18:57 +0100)]
Add SSL_aCERT: this is used for any ciphersuite with a certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agoAdd certificate properties table.
Dr. Stephen Henson [Wed, 28 Jun 2017 16:45:10 +0000 (17:45 +0100)]
Add certificate properties table.

Add certificate table giving properties of each certificate index:
specifically the NID associated with the index and the the auth mask
value for any cipher the certificate can be used with.

This will be used to generalise certificate handling instead of hard coding
algorithm specific cases.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

7 years agoDemo style fixes and modernisation.
Pauli [Wed, 12 Jul 2017 04:18:00 +0000 (14:18 +1000)]
Demo style fixes and modernisation.

Address some style issues in the demos and modernise the C.
Fix the exit/return from main handling.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3914)

7 years agocoding style: remove extra whitespace charactor
hongliang [Wed, 12 Jul 2017 02:51:00 +0000 (10:51 +0800)]
coding style: remove extra whitespace charactor

CLA: trivial

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3913)

7 years agoRewrite RAND_egd
Rich Salz [Sat, 8 Jul 2017 18:45:15 +0000 (14:45 -0400)]
Rewrite RAND_egd

Use stdio and its buffering.
Limit to 255 bytes (could remove that if neceessary).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3888)

7 years agoFix error handling in get_header_and_data.
Bernd Edlinger [Sun, 9 Jul 2017 19:24:18 +0000 (21:24 +0200)]
Fix error handling in get_header_and_data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3896)

7 years agoFix crash in BUF_MEM_grow_clean.
Bernd Edlinger [Sun, 9 Jul 2017 19:22:26 +0000 (21:22 +0200)]
Fix crash in BUF_MEM_grow_clean.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3896)

7 years agoOptimize sha/asm/keccak1600-avx2.pl.
Andy Polyakov [Sat, 8 Jul 2017 14:06:49 +0000 (16:06 +0200)]
Optimize sha/asm/keccak1600-avx2.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoAdd sha/asm/keccak1600-avx2.pl.
Andy Polyakov [Sat, 8 Jul 2017 14:05:30 +0000 (16:05 +0200)]
Add sha/asm/keccak1600-avx2.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoTrivial bounds checking.
Pauli [Thu, 6 Jul 2017 04:56:20 +0000 (14:56 +1000)]
Trivial bounds checking.

Bounds checking strpy, strcat and sprintf.
These are the remaining easy ones to cover a recently removed commit.
Some are trivial, some have been modified and a couple left as they are because the reverted change didn't bounds check properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3871)

7 years agoFix cipher_compare
Richard Levitte [Sat, 8 Jul 2017 20:13:24 +0000 (22:13 +0200)]
Fix cipher_compare

Unsigned overflow.  Found by Brian Carpenter

Fixes #3889

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3890)

7 years agoUpdate various RAND podpages
Rich Salz [Fri, 7 Jul 2017 20:47:39 +0000 (16:47 -0400)]
Update various RAND podpages

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3883)

7 years agoFix s_client crash where the hostname is provided as a positional arg
Matt Caswell [Fri, 7 Jul 2017 14:51:02 +0000 (15:51 +0100)]
Fix s_client crash where the hostname is provided as a positional arg

If the hostname is provided as a positional arg then s_client crashes.
The crash occurs as s_client exits (after either a successful or
unsuccessful connection attempt).

This issue was introduced by commit 729ef85611.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3881)

7 years agoSome SSL_OP_ values can't be used in 1.1.x
Matt Caswell [Fri, 7 Jul 2017 13:43:21 +0000 (14:43 +0100)]
Some SSL_OP_ values can't be used in 1.1.x

SSL_OP_ALL was set in 0x0BFF so reusing some of these bits would cause
ABI compatibility issues.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)

7 years agoChoose a safer value for SSL_OP_ALLOW_NO_DHE_KEX
Matt Caswell [Fri, 7 Jul 2017 09:56:48 +0000 (10:56 +0100)]
Choose a safer value for SSL_OP_ALLOW_NO_DHE_KEX

1.1.0 included the previous value for SSL_OP_ALLOW_NO_DHE_KEX in
SSL_OP_ALL. This might cause binary compatibility issues. We should choose
a value that is not in SSL_OP_ALL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)

7 years agoUpdate the documentation for the new SSL_OP_ALLOW_NO_DHE_KEX option
Matt Caswell [Mon, 3 Jul 2017 14:59:30 +0000 (15:59 +0100)]
Update the documentation for the new SSL_OP_ALLOW_NO_DHE_KEX option

Also the associated configuration parameters and command line switches.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)

7 years agoDo not allow non-dhe kex_modes by default
Matt Caswell [Fri, 30 Jun 2017 08:41:03 +0000 (09:41 +0100)]
Do not allow non-dhe kex_modes by default

Allow that mode to be configured if desired.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)

7 years agoUpdates following review feedback of TLSv1.3 draft-21 code
Matt Caswell [Fri, 7 Jul 2017 10:21:29 +0000 (11:21 +0100)]
Updates following review feedback of TLSv1.3 draft-21 code

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

7 years agoUpdate SSL_trace() to know about ticket_nonce
Matt Caswell [Wed, 5 Jul 2017 10:31:51 +0000 (11:31 +0100)]
Update SSL_trace() to know about ticket_nonce

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

7 years agoUpdate the early_secret generation to use the new ticket_nonce field
Matt Caswell [Wed, 5 Jul 2017 10:26:10 +0000 (11:26 +0100)]
Update the early_secret generation to use the new ticket_nonce field

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

7 years agoUpdate the test/session.pem to have a tick_nonce value
Matt Caswell [Wed, 5 Jul 2017 10:24:30 +0000 (11:24 +0100)]
Update the test/session.pem to have a tick_nonce value

Otherwise the ClientHello test fails

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

7 years agoUpdate tls13_hkdf_expand() to take the length of the data
Matt Caswell [Wed, 5 Jul 2017 10:23:16 +0000 (11:23 +0100)]
Update tls13_hkdf_expand() to take the length of the data

In most scenarios the length of the input data is the hashsize, or 0 if
the data is NULL. However with the new ticket_nonce changes the length can
be different.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

7 years agoThe correct key length for a TLSv1.3 SHA384 ciphersuite is 48
Matt Caswell [Wed, 5 Jul 2017 09:45:02 +0000 (10:45 +0100)]
The correct key length for a TLSv1.3 SHA384 ciphersuite is 48

Our test was using 32. The latest ticket nonce changes now validate this
value and so sslapitest was failing.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

7 years agoSend and receive the ticket_nonce field in a NewSessionTicket
Matt Caswell [Wed, 5 Jul 2017 07:45:46 +0000 (08:45 +0100)]
Send and receive the ticket_nonce field in a NewSessionTicket

This just adds the processing for sending and receiving the newly added
ticket_nonce field. It doesn't actually use it yet.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

7 years agoUpdate the version number for TLSv1.3 draft 21
Matt Caswell [Tue, 4 Jul 2017 10:02:02 +0000 (11:02 +0100)]
Update the version number for TLSv1.3 draft 21

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

7 years agoFix memory leak when using PSK session files
Matt Caswell [Wed, 5 Jul 2017 09:32:33 +0000 (10:32 +0100)]
Fix memory leak when using PSK session files

We were not freeing the session created when loading a PSK session file.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3855)

7 years agotest/run_tests.pl: Make sure to exit with a code that's understood universally
Richard Levitte [Fri, 7 Jul 2017 09:11:33 +0000 (11:11 +0200)]
test/run_tests.pl: Make sure to exit with a code that's understood universally

TAP::Parser::Aggregator::has_errors may return any number, not just 0
and 1.  With Perl on VMS, any number from 2 and on is interpreted as a
VMS status, the 3 lower bits are the encoded severity (1 = SUCCESS,
for example), so depending on what has_errors returns, a test failure
might be interpreted as a success.  Therefore, it's better to make
sure the exit code is 0 or 1, nothing else (they are special on VMS,
and mean SUCCESS or FAILURE, to match Unix conventions).

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3880)

7 years agotest/recipes/90-test_shlibload.t: Make sure to handle library renames
Richard Levitte [Fri, 7 Jul 2017 09:10:05 +0000 (11:10 +0200)]
test/recipes/90-test_shlibload.t: Make sure to handle library renames

VMS renames our libraries to fit VMS conventions.  This must be accounted
for when we want to load them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3880)

7 years agoVMS: When running a sub-MMS, make sure to give it the main MMS' qualifiers
Richard Levitte [Fri, 7 Jul 2017 09:09:19 +0000 (11:09 +0200)]
VMS: When running a sub-MMS, make sure to give it the main MMS' qualifiers

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3880)

7 years agoAdd sha/asm/keccak1600-avx512.pl.
Andy Polyakov [Wed, 5 Jul 2017 17:59:19 +0000 (19:59 +0200)]
Add sha/asm/keccak1600-avx512.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3861)

7 years agoAddress potential buffer overflows.
Pauli [Fri, 7 Jul 2017 00:17:59 +0000 (10:17 +1000)]
Address potential buffer overflows.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3878)

7 years agochange return (x) to return x
Pauli [Thu, 6 Jul 2017 21:29:55 +0000 (07:29 +1000)]
change return (x) to return x

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3878)

7 years agoRearrange link line so the libraries come after the source.
Pauli [Fri, 7 Jul 2017 01:44:52 +0000 (11:44 +1000)]
Rearrange link line so the libraries come after the source.
Some linkers like it this way.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3879)

7 years agoRemove some now-unneeded VMS controls
Rich Salz [Thu, 6 Jul 2017 19:28:35 +0000 (15:28 -0400)]
Remove some now-unneeded VMS controls

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3875)

7 years agoBIO range checking.
Pauli [Thu, 6 Jul 2017 04:11:27 +0000 (14:11 +1000)]
BIO range checking.

Add length limits to avoid problems with sprintf, strcpy and strcat.  This replaces recently removed code but also guards some previously missing function calls (for DOS & Windows).

Reworked the BIO_dump_indent_cb code to reduce temporary storage.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3870)

7 years agoCleanup RAND_load_file,RAND_write_file
Rich Salz [Wed, 5 Jul 2017 20:08:19 +0000 (16:08 -0400)]
Cleanup RAND_load_file,RAND_write_file

Document an internal assumption that these are only for use with files,
and return an error if not. That made the code much simpler.
Leave it as writing 1024 bytes, even though we don't need more than 256
from a security perspective.  But the amount isn't specified, now, so we
can change it later if we want.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3864)

7 years agoMemory bounds checking in asn1 code.
Pauli [Thu, 6 Jul 2017 01:39:03 +0000 (11:39 +1000)]
Memory bounds checking in asn1 code.

Check that sprint, strcpy don't overflow.

Avoid some strlen operations when the previous sprintf return value can be used.

Also fix the undefined behaviour `*(long *)x = y` when x isn't a long or character pointer.
ISO/IEC 9899:1999 6.5/7 for the details.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3869)

7 years agoBounds check string functions in apps.
Pauli [Thu, 6 Jul 2017 00:37:10 +0000 (10:37 +1000)]
Bounds check string functions in apps.
This includes strcat, strcpy and sprintf.

In the x509 app, the code has been cleaned up as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3868)

7 years agoAdd two trivial fixes from old commits
Rich Salz [Wed, 5 Jul 2017 21:12:35 +0000 (17:12 -0400)]
Add two trivial fixes from old commits

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3865)

7 years agoRework the append_buf function
Pauli [Wed, 5 Jul 2017 22:03:58 +0000 (08:03 +1000)]
Rework the append_buf function

It won't overflow the buffer and will allocate new buffers sufficiently large to
hold new strings longer than the expansion factor.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3847)

7 years agoAvoid buffer overruns in the req command line utility.
Pauli [Wed, 5 Jul 2017 04:40:39 +0000 (14:40 +1000)]
Avoid buffer overruns in the req command line utility.

Clean up some of the formatting "return x" instead of "return (x)" mostly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3848)

7 years agoFix crash
Rich Salz [Thu, 15 Jun 2017 22:51:10 +0000 (18:51 -0400)]
Fix crash

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

7 years agoUndo commit dc00fb9
Rich Salz [Wed, 14 Jun 2017 19:08:39 +0000 (15:08 -0400)]
Undo commit dc00fb9

Original text:
    Document openssl dgst -hmac option

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

7 years agoUndo commit cd359b2
Rich Salz [Wed, 14 Jun 2017 19:07:52 +0000 (15:07 -0400)]
Undo commit cd359b2

Original text:
    Clarify use of |$end0| in stitched x86-64 AES-GCM code.

    There was some uncertainty about what the code is doing with |$end0|
    and whether it was necessary for |$len| to be a multiple of 16 or 96.
    Hopefully these added comments make it clear that the code is correct
    except for the caveat regarding low memory addresses.

    Change-Id: Iea546a59dc7aeb400f50ac5d2d7b9cb88ace9027
    Reviewed-on: https://boringssl-review.googlesource.com/7194
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

7 years agoUndo commit 40720ce
Rich Salz [Wed, 14 Jun 2017 17:54:04 +0000 (13:54 -0400)]
Undo commit 40720ce

Comment in the commit:
    /* Ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

7 years agoUndo commit de02ec2
Rich Salz [Wed, 14 Jun 2017 17:53:01 +0000 (13:53 -0400)]
Undo commit de02ec2

Original text:
    Check if a random "file" is really a device file, and treat it
    specially if it is.
    Add a few OpenBSD-specific cases.
    This is part of a large change submitted by Markus Friedl <markus@openbsd.or

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

7 years agoUndo commit 0755217
Rich Salz [Wed, 14 Jun 2017 17:47:17 +0000 (13:47 -0400)]
Undo commit 0755217

Original text:
    Fix Perl problems on sparc64.
    This is part of a large change submitted by Markus Friedl
    <markus@openbsd.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

7 years agoSTORE 'file' scheme loader: fix try_decode_params() to check ambiguity
Richard Levitte [Wed, 5 Jul 2017 18:54:08 +0000 (20:54 +0200)]
STORE 'file' scheme loader: fix try_decode_params() to check ambiguity

The way try_decode_params works in raw more, it would take the first ASN1
that could decode and return a STORE_INFO with the resulting EVP_PKEY.
This change has it go through all the matching ASN1 methods and properly
check if there's more than one match, i.e. an ambiguity.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3863)

7 years agoError out when forcing an unsupported TLS version
Benjamin Kaduk [Tue, 9 May 2017 23:39:50 +0000 (18:39 -0500)]
Error out when forcing an unsupported TLS version

If the result of a SSL_{CTX_,}set_{min,max}_proto_version() call
leaves the min and max version identical, and support for that version
is compiled out of the library, return an error.  Such an object has
no hope of successfully completing a handshake, and this error may
be easier to decipher than the resulting handshake failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3422)

7 years agoImprove BN_CTX documentation
Benjamin Kaduk [Wed, 14 Jun 2017 16:47:02 +0000 (11:47 -0500)]
Improve BN_CTX documentation

Since BN_CTX_init() is gone, all calls use BN_CTX_new().  Also,
essentially all consumers will use BN_CTX_start()/BN_CTX_end(),
so make that more clear from the BN_CTX_new() man page.

Document the thread-unsafety of individual BN_CTX objects.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3682)

7 years agoFix small UI issues
Richard Levitte [Wed, 5 Jul 2017 08:26:25 +0000 (10:26 +0200)]
Fix small UI issues

- in EVP_read_pw_string_min(), the return value from UI_add_* wasn't
  properly checked
- in UI_process(), |state| was never made NULL, which means an error
  when closing the session wouldn't be accurately reported.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3849)

7 years agoAvoid possible memleak in X509_policy_check()
Richard Levitte [Wed, 5 Jul 2017 09:03:34 +0000 (11:03 +0200)]
Avoid possible memleak in X509_policy_check()

When tree_calculate_user_set() fails, a jump to error failed to
deallocate a possibly allocated |auth_nodes|.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3850)

7 years agoFix compiler warnings
Pauli [Wed, 5 Jul 2017 03:40:23 +0000 (13:40 +1000)]
Fix compiler warnings

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3839)

7 years agoUndo commit d420ac2
Rich Salz [Thu, 15 Jun 2017 00:34:37 +0000 (20:34 -0400)]
Undo commit d420ac2

[extended tests]

Original text:
    Use BUF_strlcpy() instead of strcpy().
    Use BUF_strlcat() instead of strcat().
    Use BIO_snprintf() instead of sprintf().
    In some cases, keep better track of buffer lengths.
    This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3701)

7 years agoRemove the TEST_check macro.
Pauli [Tue, 4 Jul 2017 03:44:52 +0000 (13:44 +1000)]
Remove the TEST_check macro.

This macro aborted the process which stopped any later tests from running.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3838)

7 years agoAdd echo for end of each build phase
Rich Salz [Mon, 3 Jul 2017 17:33:58 +0000 (13:33 -0400)]
Add echo for end of each build phase

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3842)

7 years agoSTORE: fix possible memory leak
Richard Levitte [Tue, 4 Jul 2017 15:18:31 +0000 (17:18 +0200)]
STORE: fix possible memory leak

If scheme is NULL, the allocated res is leaked

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3841)

7 years agoUse the return value from write(2)
Pauli [Mon, 3 Jul 2017 23:56:05 +0000 (09:56 +1000)]
Use the return value from write(2)
This prevents a warning when building with crypto-mdebug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3836)

7 years agoBN_pseudo_rand is really BN_rand
Rich Salz [Wed, 21 Jun 2017 12:55:02 +0000 (13:55 +0100)]
BN_pseudo_rand is really BN_rand

And BN_pseudo_rand_range is really BN_rand_range.
Document that we might deprecate those functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3743)

7 years ago'make update' after objects/objects.txt update.
Andy Polyakov [Sat, 24 Jun 2017 19:26:44 +0000 (21:26 +0200)]
'make update' after objects/objects.txt update.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3643)

7 years agoobjects/objects.txt: add SHA3 OIDs.
Andy Polyakov [Sun, 18 Jun 2017 21:30:24 +0000 (23:30 +0200)]
objects/objects.txt: add SHA3 OIDs.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3643)

7 years agoCorrect documentation for UI_get0_result_string
Richard Levitte [Sat, 1 Jul 2017 16:28:50 +0000 (18:28 +0200)]
Correct documentation for UI_get0_result_string

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3824)

7 years agosha/keccak1600.c: internalize KeccakF1600 and simplify SHA3_absorb.
Andy Polyakov [Fri, 30 Jun 2017 11:35:59 +0000 (13:35 +0200)]
sha/keccak1600.c: internalize KeccakF1600 and simplify SHA3_absorb.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
7 years agosha/asm/keccak1600-x86_64.pl: close gap with Keccak Code Package.
Andy Polyakov [Fri, 30 Jun 2017 09:45:34 +0000 (11:45 +0200)]
sha/asm/keccak1600-x86_64.pl: close gap with Keccak Code Package.

[Also typo and readability fixes. Ryzen result is added.]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
7 years agosha/asm/keccak1600-s390x.pl: typo and readability, minor size optimization.
Andy Polyakov [Fri, 30 Jun 2017 09:42:58 +0000 (11:42 +0200)]
sha/asm/keccak1600-s390x.pl: typo and readability, minor size optimization.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
7 years agox86_64 assembly pack: fill some blanks in Ryzen results.
Andy Polyakov [Fri, 30 Jun 2017 09:42:00 +0000 (11:42 +0200)]
x86_64 assembly pack: fill some blanks in Ryzen results.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
7 years agoVarious doc fixes
Rich Salz [Sun, 2 Jul 2017 16:16:38 +0000 (12:16 -0400)]
Various doc fixes

Fix a =head1 section name
Fix a typo in POD label
Remove a spurious =back
Add a missing blank line
Avoid 'legacy' -- use 'deprecated' if still needed if we cannot just reword.
Always do strict checking
Do not warn about missing "RETURN VALUES" unless -s is set.
Change OpenSSL version 1.1 -> 1.1.0

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3830)

7 years agoFix potential crash in tls_construct_finished.
Bernd Edlinger [Wed, 14 Jun 2017 18:25:52 +0000 (20:25 +0200)]
Fix potential crash in tls_construct_finished.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3667)

7 years agoFix a crash in tls_construct_client_certificate.
Bernd Edlinger [Tue, 13 Jun 2017 05:25:43 +0000 (07:25 +0200)]
Fix a crash in tls_construct_client_certificate.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3667)

7 years agoFix TLSv1.3 exporter
Matt Caswell [Fri, 30 Jun 2017 09:45:11 +0000 (10:45 +0100)]
Fix TLSv1.3 exporter

We need to use the hashsize in generating the exportsecret not 0! Otherwise
we end up with random garbage for the secret.

It was pure chance that this passed the tests previously. It so happens
that, because we call SSL_export_keying_material() repeatedly for different
scenarios in the test, we end up in the tls13_export_keying_material() at
exactly the same position in the stack each time and therefore end up using
the same random garbage secret each time!

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3810)

7 years agoRemove the possibility to disable the UI module entirely
Richard Levitte [Sat, 1 Jul 2017 10:14:37 +0000 (12:14 +0200)]
Remove the possibility to disable the UI module entirely

Instead, make it possible to disable the console reader that's part of
the UI module.  This makes it possible to use the UI API and other UI
methods in environments where the console reader isn't useful.

To disable the console reader, configure with 'no-ui-console' /
'disable-ui-console'.

'no-ui' / 'disable-ui' is now an alias for  'no-ui-console' /
'disable-ui-console'.

Fixes #3806

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3820)

7 years agoMake sure OSSL_STORE_load() isn't caught in an endless loop
Richard Levitte [Sat, 1 Jul 2017 16:25:43 +0000 (18:25 +0200)]
Make sure OSSL_STORE_load() isn't caught in an endless loop

The post process callback might potentially say "no" to everything (by
constantly returning NULL) and thereby cause an endless loop.  Ensure
that we stop all processing when "eof" is reached.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3823)

7 years agoFix copyright date for the ARIA evp file.
Pauli [Mon, 3 Jul 2017 02:14:59 +0000 (12:14 +1000)]
Fix copyright date for the ARIA evp file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3831)

7 years agoUpdate fuzz corpora
Kurt Roeckx [Sun, 2 Jul 2017 15:40:51 +0000 (17:40 +0200)]
Update fuzz corpora

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #3829

7 years agoSTORE 'file' scheme loader: DNS name in URI is case insensitive
Richard Levitte [Sun, 2 Jul 2017 09:54:40 +0000 (11:54 +0200)]
STORE 'file' scheme loader: DNS name in URI is case insensitive

...  so compare accordingly with "//localhost"

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3827)

7 years agoWhen apps_startup() fails, exit with a failure code and a message
Richard Levitte [Fri, 30 Jun 2017 18:47:45 +0000 (20:47 +0200)]
When apps_startup() fails, exit with a failure code and a message

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3816)

7 years agoCleanup some copyright stuff
Rich Salz [Thu, 15 Jun 2017 16:03:40 +0000 (12:03 -0400)]
Cleanup some copyright stuff

Remove some incorrect copyright references.
Move copyright to standard place
Add OpenSSL copyright where missing.
Remove copyrighted file that we don't use any more
Remove Itanium assembler for RC4 and MD5 (assembler versions of old and
weak algorithms for an old chip)
Standardize apps/rehash copyright comment; approved by Timo
Put dual-copyright notice on mkcert

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3691)

7 years agoFix build with no-threads no-ec
Dr. Stephen Henson [Fri, 30 Jun 2017 18:55:47 +0000 (19:55 +0100)]
Fix build with no-threads no-ec

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3817)

7 years agoFix atfork flag. Avoid double-negatives :)
Rich Salz [Fri, 30 Jun 2017 17:55:08 +0000 (13:55 -0400)]
Fix atfork flag.  Avoid double-negatives :)

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3815)

7 years agoMerge Intel copyright notice into standard
Rich Salz [Thu, 15 Jun 2017 16:08:35 +0000 (12:08 -0400)]
Merge Intel copyright notice into standard

This is done with the kind permission of Intel.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3813)

7 years agoAdd ECHO to makefiles for real silence
Rich Salz [Thu, 29 Jun 2017 15:40:19 +0000 (11:40 -0400)]
Add ECHO to makefiles for real silence

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3801)

7 years agoDrop support for OPENSSL_NO_TLS1_3_METHOD
Matt Caswell [Thu, 29 Jun 2017 14:03:14 +0000 (15:03 +0100)]
Drop support for OPENSSL_NO_TLS1_3_METHOD

There are no public TLSv1_3_*method() functions so
OPENSSL_NO_TLS1_3_METHOD doesn't make any sense and should be removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3800)

7 years agoAdd fork handlers, based on pthread_atfork
Rich Salz [Thu, 22 Jun 2017 18:00:06 +0000 (14:00 -0400)]
Add fork handlers, based on pthread_atfork

Only for Unix platforms

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3754)

7 years agoSTORE: Make sure the loader to be registered is complete
Richard Levitte [Thu, 29 Jun 2017 19:47:54 +0000 (21:47 +0200)]
STORE: Make sure the loader to be registered is complete

Most of the loader function pointers are crucial, they must be defined
unconditionally.  Therefore, let's make sure OSSL_STORE_register_loader
refuses to register incomplete loaders

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3805)

7 years agoSTORE: simplify store_loader_cmp()
Richard Levitte [Thu, 29 Jun 2017 19:46:02 +0000 (21:46 +0200)]
STORE: simplify store_loader_cmp()

We have already made sure that the loader scheme isn't NULL, so
checking if they are NULL or not when comparing registered loaders
is redundant.  We still soft assert it, just to be entirely sure.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3805)

7 years agoutil/mkdef.pl: Make symbol version processing Linux only
Richard Levitte [Thu, 29 Jun 2017 19:11:48 +0000 (21:11 +0200)]
util/mkdef.pl: Make symbol version processing Linux only

For Windows, we care which way it is, the resulting file is just a pile
of symbols.  For VMS, we really need to care about the numeric ordering,
and getting the symbols sorted by symbol version too didn't agree with
that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)

7 years agoutil/mkdef.pl: Add UNIX as a platform
Richard Levitte [Thu, 29 Jun 2017 19:09:52 +0000 (21:09 +0200)]
util/mkdef.pl: Add UNIX as a platform

This allows us to guard Unix specific functions with
#ifndef / #ifdef OPENSSL_SYS_UNIX

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)

7 years agoAdd sha/asm/keccak1600-s390x.pl.
Andy Polyakov [Tue, 27 Jun 2017 19:45:18 +0000 (21:45 +0200)]
Add sha/asm/keccak1600-s390x.pl.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agosha/asm/keccak1600-x86_64.pl: add CFI directives.
Andy Polyakov [Mon, 26 Jun 2017 15:39:43 +0000 (17:39 +0200)]
sha/asm/keccak1600-x86_64.pl: add CFI directives.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agosha/asm/keccak1600-x86_64.pl: optimize by re-ordering instructions.
Andy Polyakov [Mon, 26 Jun 2017 15:29:24 +0000 (17:29 +0200)]
sha/asm/keccak1600-x86_64.pl: optimize by re-ordering instructions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agosha/asm/keccak1600-x86_64.pl: remove redundant moves.
Andy Polyakov [Mon, 26 Jun 2017 15:28:13 +0000 (17:28 +0200)]
sha/asm/keccak1600-x86_64.pl: remove redundant moves.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd sha/asm/keccak1600-x86_64.pl.
Andy Polyakov [Mon, 26 Jun 2017 15:27:09 +0000 (17:27 +0200)]
Add sha/asm/keccak1600-x86_64.pl.

Reviewed-by: Richard Levitte <levitte@openssl.org>