oweals/openssl.git
7 years agoFix a ssl session leak due to OOM in lh_SSL_SESSION_insert
Bernd Edlinger [Thu, 22 Dec 2016 19:17:29 +0000 (20:17 +0100)]
Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert

- s == NULL can mean c is a new session *or* lh_insert was
  unable to create a hash entry.
- use lh_SSL_SESSION_retrieve to check for this error condition.
- If it happens simply remove the extra reference again.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2138)
(cherry picked from commit 38088ce9934a90d4aea486edbff864f3935342e6)

7 years agoRAND_egd_bytes: No need to check RAND_status on connection error.
ganesh [Fri, 11 Nov 2016 03:13:13 +0000 (08:43 +0530)]
RAND_egd_bytes: No need to check RAND_status on connection error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)
(cherry picked from commit c2114afc1622ff0113974b3696e557ea8bf7ffb4)

7 years agoFixed the return code for RAND_egd_bytes.
ganesh [Thu, 10 Nov 2016 11:16:43 +0000 (16:46 +0530)]
Fixed the return code for RAND_egd_bytes.

According to the documentation, the return code should be -1 when
RAND_status does not return 1.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)
(cherry picked from commit 3ed93c863374125296954edcbc595599adbd07ea)

7 years agoFixed the return code of RAND_query_egd_bytes when connect fails.
ganesh [Wed, 9 Nov 2016 15:14:22 +0000 (20:44 +0530)]
Fixed the return code of RAND_query_egd_bytes when connect fails.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)
(cherry picked from commit 1381684daf8800487b48a70cd634f433b1d6366f)

7 years agoFix use before assignment
FdaSilvaYY [Wed, 16 Nov 2016 21:46:25 +0000 (22:46 +0100)]
Fix use before assignment

 it was getting the SerialNumber of a previous cert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2272)
(cherry picked from commit 0db1fb3fc13c4b1a2b916efbb374f40579b1398f)

7 years agoExtend the test_ssl_new renegotiation tests to include client auth
Matt Caswell [Tue, 22 Nov 2016 16:55:35 +0000 (16:55 +0000)]
Extend the test_ssl_new renegotiation tests to include client auth

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1983)

7 years agoStop server from expecting Certificate message when not requested
Matt Caswell [Tue, 22 Nov 2016 16:54:28 +0000 (16:54 +0000)]
Stop server from expecting Certificate message when not requested

In a non client-auth renegotiation where the original handshake *was*
client auth, then the server will expect the client to send a Certificate
message anyway resulting in a connection failure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1983)

7 years agoStop client from sending Certificate message when not requested
Matt Caswell [Tue, 22 Nov 2016 16:39:27 +0000 (16:39 +0000)]
Stop client from sending Certificate message when not requested

In a non client-auth renegotiation where the original handshake *was*
client auth, then the client will send a Certificate message anyway
resulting in a connection failure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1983)

7 years agoFix SSL_VERIFY_CLIENT_ONCE
Matt Caswell [Tue, 22 Nov 2016 16:23:22 +0000 (16:23 +0000)]
Fix SSL_VERIFY_CLIENT_ONCE

The flag SSL_VERIFY_CLIENT_ONCE is documented as follows:

  B<Server mode:> only request a client certificate on the initial TLS/SSL
  handshake. Do not ask for a client certificate again in case of a
  renegotiation. This flag must be used together with SSL_VERIFY_PEER.

  B<Client mode:> ignored

But the implementation actually did nothing. After the server sends its
ServerKeyExchange message, the code was checking s->session->peer to see if
it is NULL. If it was set then it did not ask for another client
certificate. However s->session->peer will only be set in the event of a
resumption, but a ServerKeyExchange message is only sent in the event of a
full handshake (i.e. no resumption).

The documentation suggests that the original intention was for this to
have an effect on renegotiation, and resumption doesn't come into it.

The fix is to properly check for renegotiation, not whether there is already
a client certificate in the session.

As far as I can tell this has been broken for a *long* time.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1983)

7 years agoAdd a test to check messsages sent are the ones we expect
Matt Caswell [Tue, 22 Nov 2016 16:16:11 +0000 (16:16 +0000)]
Add a test to check messsages sent are the ones we expect

Repeat for various handshake types

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1983)

7 years agoSupport renegotiation in TLSProxy
Matt Caswell [Tue, 22 Nov 2016 13:43:50 +0000 (13:43 +0000)]
Support renegotiation in TLSProxy

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1983)

7 years agoFix a bug in TLSProxy where zero length messages were not being recorded
Matt Caswell [Tue, 22 Nov 2016 16:16:23 +0000 (16:16 +0000)]
Fix a bug in TLSProxy where zero length messages were not being recorded

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1983)

7 years agofix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_ci...
Bernd Edlinger [Sun, 1 Jan 2017 00:43:20 +0000 (01:43 +0100)]
fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2164)
(cherry picked from commit a6fd7c1dbef2c3da3c87f1582ae48e4c29aa303c)

7 years agoCheck the exit code from the server process
Bernd Edlinger [Tue, 10 Jan 2017 08:22:05 +0000 (09:22 +0100)]
Check the exit code from the server process

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2205)
(cherry picked from commit 57a19206b5aad7ca67f0d5ebae05af2799609819)

7 years agoFix DSA parameter generation control error
Richard Levitte [Wed, 18 Jan 2017 15:19:26 +0000 (16:19 +0100)]
Fix DSA parameter generation control error

When setting the digest parameter for DSA parameter generation, the
signature MD was set instead of the parameter generation one.
Fortunately, that's also the one that was used for parameter
generation, but it ultimately meant the parameter generator MD and the
signature MD would always be the same.

Fixes github issue #2016

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2250)
(cherry picked from commit 8a05c4d3b5a1bfb9193ea24e71735e11de7168d2)

7 years agocorrect 3 mistakes
Markus Triska [Wed, 18 Jan 2017 23:07:20 +0000 (00:07 +0100)]
correct 3 mistakes

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2257)

(cherry picked from commit 424baabdf5af540bda4a69122d274b071d804390)

7 years agoSkip ECDH tests for SSLv3
Rich Salz [Mon, 16 Jan 2017 19:30:59 +0000 (14:30 -0500)]
Skip ECDH tests for SSLv3

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1597)
(cherry picked from commit 4f326dd8998d5b33f72b11432f110e0f2cfcb92b)

7 years agoIf client doesn't send curves list, don't assume all.
Rich Salz [Mon, 19 Sep 2016 17:09:58 +0000 (13:09 -0400)]
If client doesn't send curves list, don't assume all.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1597)
(cherry picked from commit 3e37351834c203421b7f492dd83d5e5872e17778)

7 years agoClean dead macros and defines
FdaSilvaYY [Tue, 8 Nov 2016 18:21:51 +0000 (19:21 +0100)]
Clean dead macros and defines

... mostly related to some old discarded modules .

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)
(cherry picked from commit 31a51151fc163a7f5f4d07dff9478be50e4b5707)

7 years agoClean one unused variable, plus an useless one.
FdaSilvaYY [Thu, 10 Nov 2016 22:28:10 +0000 (23:28 +0100)]
Clean one unused variable, plus an useless one.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)
(cherry picked from commit 2191dc846a85ce82925cb06b4dd8649da7fc403c)

7 years agoCorrect reference to SSL_get_peer_cert_chain().
Markus Triska [Wed, 18 Jan 2017 00:40:36 +0000 (01:40 +0100)]
Correct reference to SSL_get_peer_cert_chain().

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2247)
(cherry picked from commit 1f164c6fadd0eef0aa0997c51639a11276bf9072)

7 years agoFix list -disabled for blake2 alg
EasySec [Tue, 17 Jan 2017 16:21:55 +0000 (17:21 +0100)]
Fix list -disabled for blake2 alg

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2241)
(cherry picked from commit 487d3a726a1970e84853434561d88cb4ac212d15)

7 years agoFix man3 reference to CRYPTO_secure_used
xemdetia [Mon, 16 Jan 2017 19:41:03 +0000 (14:41 -0500)]
Fix man3 reference to CRYPTO_secure_used

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2238)

(cherry picked from commit ef3f621ed572fefe768f26989c16264496d24f69)

7 years agoAdd missing braces.
Kurt Roeckx [Sun, 15 Jan 2017 23:04:31 +0000 (00:04 +0100)]
Add missing braces.

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2234
(cherry picked from commit c4a60150914fc260c3fc2854e13372c870bdde76)

7 years agoFix undefined behaviour when printing the X509 and CRL version
Kurt Roeckx [Sat, 14 Jan 2017 15:10:25 +0000 (16:10 +0100)]
Fix undefined behaviour when printing the X509 and CRL version

Found by oss-fuzz

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2231
(cherry picked from commit c2ce477f1f3c0a98802fb087b0cf4b0a99ea2b1d)

7 years agoFix VC warnings about unary minus to an unsigned type.
Kurt Roeckx [Sun, 15 Jan 2017 11:33:45 +0000 (12:33 +0100)]
Fix VC warnings about unary minus to an unsigned type.

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
(cherry picked from commit 68d4bcfd0651c7ea5d37ca52abc0d2e6e6b3bd20)

7 years agoFix undefined behaviour when printing the X509 serial
Kurt Roeckx [Sat, 14 Jan 2017 14:58:42 +0000 (15:58 +0100)]
Fix undefined behaviour when printing the X509 serial

Found by afl

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
(cherry picked from commit 244d7b288f2b9ab7f6a2dbf068eccd6e20d9eef6)

7 years agoClarify what RUN_ONCE returns
Richard Levitte [Thu, 12 Jan 2017 22:13:17 +0000 (23:13 +0100)]
Clarify what RUN_ONCE returns

RUN_ONCE really just returns 0 on failure or whatever the init
function returned.  By convention, however, the init function must
return 0 on failure and 1 on success.  This needed to be clarified.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2225)
(cherry picked from commit 37b8f1e21c56996644afa38816f575b05eb483ae)

7 years agoFix no-ocsp
Richard Levitte [Fri, 13 Jan 2017 11:03:16 +0000 (12:03 +0100)]
Fix no-ocsp

The use of EXFLAG_SET requires the inclusion of openssl/x509v3.h.
openssl/ocsp.h does that, except when OCSP is disabled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2227)
(cherry picked from commit d62210af2e169d0818c65ff9f20ab5276693b2bf)

7 years agoMake X509_Digest,others public
Rich Salz [Thu, 12 Jan 2017 21:39:41 +0000 (16:39 -0500)]
Make X509_Digest,others public

Also, if want SHA1 then use the pre-computed value if there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2223)
(cherry picked from commit 3e5d9da5fc45a5d129e0daa7211125eba097c3dd)

7 years agoGH2176: Add X509_VERIFY_PARAM_get_time
Rich Salz [Tue, 10 Jan 2017 21:18:33 +0000 (16:18 -0500)]
GH2176: Add X509_VERIFY_PARAM_get_time

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)
(cherry picked from commit 329f2f4a428b0acb7a579869a13f6cd6bf0a3551)

7 years agoFix typo in Blake2 function names
Rich Salz [Tue, 10 Jan 2017 20:40:27 +0000 (15:40 -0500)]
Fix typo in Blake2 function names

Fixes GitHub issue 2169.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2207)
(cherry picked from commit e043e882395c6104ce2a84f7ced0dc01b09791ad)

7 years agoPrint the X509 version signed, and convert to unsigned for the hex version.
Kurt Roeckx [Thu, 20 Oct 2016 18:49:22 +0000 (20:49 +0200)]
Print the X509 version signed, and convert to unsigned for the hex version.

Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754
(cherry picked from commit 676befbeb76ca19c9e7b2febfabda16bd26e00a0)

7 years agoMark a HelloRequest record as read if we ignore it
Matt Caswell [Mon, 9 Jan 2017 17:29:44 +0000 (17:29 +0000)]
Mark a HelloRequest record as read if we ignore it

Otherwise the client will try to process it again. The second time around
it will try and move the record data into handshake fragment storage and
realise that there is no data left. At that point it marks it as read
anyway. However, it is a bug that we go around the loop a second time, so
we prevent that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2200)
(cherry picked from commit 290a0419f0c13a30fb3a1d1a279125c8aeafd17e)

7 years agoFix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
Bernd Edlinger [Fri, 23 Dec 2016 13:35:16 +0000 (14:35 +0100)]
Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140
(cherry picked from commit c6d215e0d278fcd51ad474a3647b61e1b67290bb)

7 years agoRename "verify_cb" to SSL_verify_cb
Rich Salz [Sun, 8 Jan 2017 17:50:52 +0000 (12:50 -0500)]
Rename "verify_cb" to SSL_verify_cb

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
(cherry picked from commit 3adc41dd22080c4161d8a2af98d7b29fdbb11915)

7 years agoDoc nits: callback function typedefs
Rich Salz [Tue, 27 Dec 2016 20:00:06 +0000 (15:00 -0500)]
Doc nits: callback function typedefs

Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
(cherry picked from commit 121677b4875b08df99a48d20ab5c26f54782f21d)

7 years agoAdd new ssl_test option.
Dr. Stephen Henson [Sun, 8 Jan 2017 00:09:08 +0000 (00:09 +0000)]
Add new ssl_test option.

Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
(cherry picked from commit b93ad05dba3e3d2ceb79799a883ae43d42ba16e2)

7 years agoAdd server temp key type checks
Dr. Stephen Henson [Sun, 8 Jan 2017 19:36:20 +0000 (19:36 +0000)]
Add server temp key type checks

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
(cherry picked from commit 9c4319bd03f17fc87ae63b6231c87c678e5cabd1)

7 years agoRemove BIO_seek/BIO_tell from evp_test.c
Dr. Stephen Henson [Thu, 5 Jan 2017 19:27:41 +0000 (19:27 +0000)]
Remove BIO_seek/BIO_tell from evp_test.c

BIO_seek and BIO_tell can cause problems with evp_test.c on some platforms.
Avoid them by using a temporary memory BIO to store key PEM data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2183)
(cherry picked from commit 71f60ef3376144885384f2b1b3f00c3d54806f38)

7 years agoevptests.txt is not a shell script
Dr. Stephen Henson [Sun, 1 Jan 2017 19:23:28 +0000 (19:23 +0000)]
evptests.txt is not a shell script

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4fee75ca23b9434928be2476080be42b45a8d99a)

7 years agoAdd RSA decrypt and OAEP tests.
Dr. Stephen Henson [Sun, 1 Jan 2017 19:23:46 +0000 (19:23 +0000)]
Add RSA decrypt and OAEP tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 13ab87083af862e4af752efa4b0552149ed2cc19)

7 years agoProvide some tests for the sig algs API
Matt Caswell [Fri, 30 Dec 2016 17:12:11 +0000 (17:12 +0000)]
Provide some tests for the sig algs API

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
(cherry picked from commit f1b25aaed32f90b3309243d24353bf636c1c786b)

7 years agoFix the SSL_set1_sigalgs() macro
Matt Caswell [Fri, 30 Dec 2016 17:11:09 +0000 (17:11 +0000)]
Fix the SSL_set1_sigalgs() macro

This macro has a typo in it which makes it unusable. This issue was already
fixed in 1.0.2 in commit 75fdee04827, but the same fix was not applied to
other branches.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
(cherry picked from commit fb3ae0e830097a3a2a41a0ea82c7ad725f05a451)

7 years agoreplace "will lookup up" by "will look up"
Markus Triska [Sun, 25 Dec 2016 18:58:38 +0000 (19:58 +0100)]
replace "will lookup up" by "will look up"

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2145)
(cherry picked from commit 67adf0a7c273a82901ce8705ae8d71ee2f1c959c)

7 years agoFix EVP_MD_meth_get_flags
Todd Short [Thu, 22 Dec 2016 14:06:59 +0000 (09:06 -0500)]
Fix EVP_MD_meth_get_flags

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2134)
(cherry picked from commit 8bfa99f04f9763a6a8d72a6d5c1f0a962f8a084b)

7 years agoReformat M_check_autoarg to match our coding style
Richard Levitte [Tue, 20 Dec 2016 18:21:00 +0000 (19:21 +0100)]
Reformat M_check_autoarg to match our coding style

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2121)
(cherry picked from commit 2629440d42e4d64cd0cb849c1b19fa87a4fcb90f)

7 years agoM_check_autoarg: sanity check the key
Richard Levitte [Tue, 20 Dec 2016 11:56:14 +0000 (12:56 +0100)]
M_check_autoarg: sanity check the key

For now, checking that the size is non-zero will suffice.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)
(cherry picked from commit d7c8f142ea5953bf260b70a58739c1c9b0f038eb)

7 years agoFix typo.
Finn Hakansson [Thu, 15 Dec 2016 17:58:19 +0000 (12:58 -0500)]
Fix typo.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2086)
(cherry picked from commit 0b742f93ea7882a447f6523ac56a6f847d9f8e92)

7 years agotest/ssl_test: give up if both client and server wait on read
Richard Levitte [Fri, 16 Dec 2016 10:18:47 +0000 (11:18 +0100)]
test/ssl_test: give up if both client and server wait on read

In some cases, both client and server end of the test can end up in
SSL_ERROR_WANT_READ and never get out of it, making the test spin.
Detect it and give up instead of waiting endlessly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)
(cherry picked from commit ceb6d746941063eccf7655c7709ba56ca117044b)

7 years agoe_afalg: Don't warn about kernel version when pedantic
Richard Levitte [Fri, 16 Dec 2016 08:24:00 +0000 (09:24 +0100)]
e_afalg: Don't warn about kernel version when pedantic

When built with --strict-warnings and the Linux kernel headers don't
match the kernel version, the preprocessor warnings in
engines/afalg/e_afalg.c cause compilation errors.  Use the macro
PEDANTIC to avoid those warnings in that case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2095)
(cherry picked from commit 97043e46aa7083c787a1efd72ac31ca97ed41610)

7 years agoevp_test: when function and reason strings aren't available, just skip
Richard Levitte [Fri, 16 Dec 2016 03:15:02 +0000 (04:15 +0100)]
evp_test: when function and reason strings aren't available, just skip

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2093)
(cherry picked from commit cd3fe0e09c97700005ed96c8113907cbdfc45edf)

7 years agoHP-UX doesn't have hstrerror(), so make our own for that platform
Richard Levitte [Fri, 16 Dec 2016 02:50:40 +0000 (03:50 +0100)]
HP-UX doesn't have hstrerror(), so make our own for that platform

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2092)

7 years agoDon't call memcpy with NULL as source
Kurt Roeckx [Thu, 15 Dec 2016 19:23:52 +0000 (20:23 +0100)]
Don't call memcpy with NULL as source

Calling it with lenght 0 and NULL as source is undefined behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2089
(cherry picked from commit eeab356c298248108b82157ef51172ba040646f7)

7 years agoCRL critical extension bugfix
Rich Salz [Mon, 28 Nov 2016 20:33:40 +0000 (15:33 -0500)]
CRL critical extension bugfix

More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1775)
(cherry picked from commit 2b40699082d1e5d0e94811542c4f0633ab2d5989)

7 years agoAdd function and reason checking to evp_test
Dr. Stephen Henson [Sat, 10 Dec 2016 19:21:01 +0000 (19:21 +0000)]
Add function and reason checking to evp_test

Add options to check the function and reason code matches expected values.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 99f2f1dc3e5c95961f57ca41e9fbb76863e69e46)

7 years agoAdd X509_VERIFY_PARAM inheritance flag set/get
Rich Salz [Tue, 13 Dec 2016 16:52:22 +0000 (11:52 -0500)]
Add X509_VERIFY_PARAM inheritance flag set/get

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)

7 years agoFix various doc nits.
Rich Salz [Mon, 12 Dec 2016 16:14:40 +0000 (11:14 -0500)]
Fix various doc nits.

Don't use regexps for section names, just strings:  More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)
(cherry picked from commit 3dfda1a6363c0cf4efee94754a36c2d86be190c3)

7 years agoRemove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)
Azat Khuzhin [Tue, 1 Nov 2016 14:35:35 +0000 (17:35 +0300)]
Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)

Fixes: 8d00e30f96fb86b20bc992f626b188c3548fc58c ("Don't try to init
dasync internally")

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
(cherry picked from commit b9b5181dd2f52ff0560a33b116396cdae5e48048)

7 years agoTypo fixed
Dmitry Belyavskiy [Mon, 12 Dec 2016 12:35:09 +0000 (15:35 +0300)]
Typo fixed

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2075)
(cherry picked from commit 498180de5c766f68f6d2b65454357bc263773c66)

7 years agoupdated macro spacing for styling purposes
Paul Hovey [Mon, 5 Dec 2016 22:17:11 +0000 (17:17 -0500)]
updated macro spacing for styling purposes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
(cherry picked from commit 6974fca49d9d0b110c02c83a7bbe01907472ac5e)

7 years agofix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272...
Paul Hovey [Mon, 5 Dec 2016 21:57:25 +0000 (16:57 -0500)]
fix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
(cherry picked from commit 8bd62abe00b893573920a7a12769fb00bd8da234)

7 years agoRestore the ERR_FATAL_ERROR() macro
Benjamin Kaduk [Thu, 8 Dec 2016 18:01:31 +0000 (12:01 -0600)]
Restore the ERR_FATAL_ERROR() macro

Commit 0cd0a820abc6124cf8e176fa92d620a2abf9e419 removed this macro
along with many unused function and reason codes; ERR_FATAL_ERROR()
was not used in the tree, but did have external consumers.

Add it back to restore the API compatibility and avoid breaking
applications for no internal benefit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2049)
(cherry picked from commit 036ba500f7886ca2e7231549fa574ec2cdd45cef)

7 years agoFix a leak in SSL_clear()
Matt Caswell [Tue, 6 Dec 2016 10:49:01 +0000 (10:49 +0000)]
Fix a leak in SSL_clear()

SSL_clear() was resetting numwpipes to 0, but not freeing any allocated
memory for existing write buffers.

Fixes #2026

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4bf086005fe5ebcda5dc4d48ff701b41ab9b07f0)

7 years agoperlasm/x86_64-xlate.pl: refine sign extension in ea package.
Andy Polyakov [Fri, 9 Dec 2016 14:26:19 +0000 (15:26 +0100)]
perlasm/x86_64-xlate.pl: refine sign extension in ea package.

$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while,
relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But
this apparently changed in some version past minimally required 5.10,
and operation result became 0. Yet, it went unnoticed for another while,
because most perl package providers configure their packages with
-Duse64bitint option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 82e089308bd9a7794a45f0fa3973d7659420fbd8)

7 years agoAvoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)
Davide Galassi [Fri, 2 Dec 2016 16:10:37 +0000 (17:10 +0100)]
Avoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)

CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2021)
(cherry picked from commit 210fe4edee6514e4c1f0677adc9112c4459da02b)

7 years agoFix reference to SSL_set_max_proto_version.
Markus Triska [Fri, 9 Dec 2016 17:07:09 +0000 (18:07 +0100)]
Fix reference to SSL_set_max_proto_version.

CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2059)
(cherry picked from commit 2884c76a4e4c1f98d17a10e2d0f5dfc43e9cb04a)

7 years agoAdditional error tests in evp_test.c
Dr. Stephen Henson [Sat, 10 Dec 2016 13:59:29 +0000 (13:59 +0000)]
Additional error tests in evp_test.c

Support checking for errors during test initialisation and parsing.

Add errors and tests for key operation initalisation and ctrl errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cce65266299e2e89303a90c131e8171225a1bf88)

7 years agoVMS UI_OpenSSL: generate OpenSSL errors when things go wrong.
Richard Levitte [Fri, 9 Dec 2016 22:35:53 +0000 (23:35 +0100)]
VMS UI_OpenSSL: generate OpenSSL errors when things go wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
(cherry picked from commit c922ebe23247ff9ee07310fa30647623c0547cd9)

7 years agoVMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error
Richard Levitte [Fri, 9 Dec 2016 22:32:09 +0000 (23:32 +0100)]
VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error

On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero...  except on VMS, where this was
treated as an error.  Change this to behave like the other platforms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
(cherry picked from commit 18edbe6519bd5b738bf410b23f437df3005526e3)

7 years agoCheck input length to pkey_rsa_verify()
Dr. Stephen Henson [Thu, 8 Dec 2016 12:16:02 +0000 (12:16 +0000)]
Check input length to pkey_rsa_verify()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
(cherry picked from commit 71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0)

7 years agoAdd RSA PSS tests
Dr. Stephen Henson [Wed, 7 Dec 2016 23:03:47 +0000 (23:03 +0000)]
Add RSA PSS tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
(cherry picked from commit 2d7bbd6c9fb6865e0df480602c3612652189e182)

7 years agoRemove extra bang
Richard Levitte [Thu, 8 Dec 2016 19:51:21 +0000 (20:51 +0100)]
Remove extra bang

A bang (!) slipped through in the recent UI cleanup

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2051)
(cherry picked from commit 949320c567811e714216ea987fe24eea1b56da5e)

7 years agoOnly call memcpy when the length is larger than 0.
Kurt Roeckx [Thu, 8 Dec 2016 18:20:55 +0000 (19:20 +0100)]
Only call memcpy when the length is larger than 0.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2050
(cherry picked from commit a19fc66a6b5f99ad00305e152bdb41460d728640)

7 years agoUI code style cleanup
Richard Levitte [Thu, 8 Dec 2016 17:01:04 +0000 (18:01 +0100)]
UI code style cleanup

Mostly condition check changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2047)
(cherry picked from commit 120fb9e43656e1801c75a4fbb7c178ebec9bac18)

7 years agoUI_OpenSSL()'s session opener fails on MacOS X
Richard Levitte [Wed, 7 Dec 2016 19:28:43 +0000 (20:28 +0100)]
UI_OpenSSL()'s session opener fails on MacOS X

If on a non-tty stdin, TTY_get() will fail with errno == ENODEV.
We didn't catch that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2039)
(cherry picked from commit c901bccec6f747467e1af31473655c8290e32309)

7 years agoIn UI_OpenSSL's open(), generate an error on unknown errno
Richard Levitte [Thu, 8 Dec 2016 10:16:37 +0000 (11:16 +0100)]
In UI_OpenSSL's open(), generate an error on unknown errno

TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not.  This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)
(cherry picked from commit 4984448648f69ed4425df68900b1fd6f17c6c271)

7 years agoMake sure that password_callback exercises UI
Richard Levitte [Thu, 8 Dec 2016 00:27:31 +0000 (01:27 +0100)]
Make sure that password_callback exercises UI

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
(cherry picked from commit 57c0f378b8fdbdc55dba783e9b744b8ed2132819)

7 years agoAdd a test for the UI API
Richard Levitte [Wed, 7 Dec 2016 21:44:47 +0000 (22:44 +0100)]
Add a test for the UI API

The best way to test the UI interface is currently by using an openssl
command that uses password_callback.  The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
(cherry picked from commit 17ac8eaf611b588cca251ba63b187e7d9c7edb83)

7 years agoUI_process() didn't generate errors
Richard Levitte [Wed, 7 Dec 2016 15:36:44 +0000 (16:36 +0100)]
UI_process() didn't generate errors

Since there are many parts of UI_process() that can go wrong, it isn't
very helpful to only return -1 with no further explanation.  With this
change, the error message will at least show which part went wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2037)
(cherry picked from commit 0a687ab0a92d2d68289364a6e232028c229f44bb)

7 years agoRestore last-resort expired untrusted intermediate issuers
Viktor Dukhovni [Fri, 25 Nov 2016 05:38:04 +0000 (00:38 -0500)]
Restore last-resort expired untrusted intermediate issuers

Reviewed-by: Matt Caswell <matt@openssl.org>
7 years agoEnsure we are in accept state in DTLSv1_listen
Matt Caswell [Wed, 23 Nov 2016 23:03:13 +0000 (23:03 +0000)]
Ensure we are in accept state in DTLSv1_listen

Calling SSL_set_accept_state() after DTLSv1_listen() clears the state, so
SSL_accept() no longer works. In 1.0.2 calling DTLSv1_listen() would set
the accept state automatically. We should still do that.

Fixes #1989

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 5bdcd362d24cbbcf18c5eb9df655fe9f7bcf5850)

7 years agoFix ctrl operation for SHA1/MD5SHA1.
Dr. Stephen Henson [Tue, 22 Nov 2016 21:59:21 +0000 (21:59 +0000)]
Fix ctrl operation for SHA1/MD5SHA1.

This makes S/MIME and CMS signing in MIME format for SHA1 work again.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a5abd438f85737ffa56320b67c5ef5525fc495c3)

7 years agoadd CMS SHA1 signing test
Dr. Stephen Henson [Tue, 22 Nov 2016 22:07:16 +0000 (22:07 +0000)]
add CMS SHA1 signing test

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c6d67f09f34d8203c5bad7171ed45ec8771c9764)

7 years agoINSTALL: clarify 386 and no-sse2 options.
Andy Polyakov [Sun, 20 Nov 2016 20:52:41 +0000 (21:52 +0100)]
INSTALL: clarify 386 and no-sse2 options.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 5ae5dc96610f0a598dac9d2f267b5c0ddd77b2e4)

7 years agomodes/ctr128.c: fix false carry in counter increment procedure.
Andy Polyakov [Sun, 20 Nov 2016 22:38:12 +0000 (23:38 +0100)]
modes/ctr128.c: fix false carry in counter increment procedure.

GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 76f572ed0469a277d92378848250b7a9705d3071)

7 years agotest/evptests.txt: add regression test for false carry in ctr128.c.
Andy Polyakov [Sun, 20 Nov 2016 22:32:24 +0000 (23:32 +0100)]
test/evptests.txt: add regression test for false carry in ctr128.c.

GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b47f116b1e02d20b1f8a7488be5a04f7cf5bc712)

7 years agoFix a missing function prototype in AFALG engine
Matt Caswell [Wed, 23 Nov 2016 22:55:13 +0000 (22:55 +0000)]
Fix a missing function prototype in AFALG engine

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a1fd1fb241069cc987d0d2cf13880bd16cada3c9)

7 years agoFix missing NULL checks in CKE processing
Matt Caswell [Wed, 23 Nov 2016 22:12:40 +0000 (22:12 +0000)]
Fix missing NULL checks in CKE processing

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoClarify what X509_NAME_online does with the given buffer and size
Richard Levitte [Tue, 22 Nov 2016 10:22:16 +0000 (11:22 +0100)]
Clarify what X509_NAME_online does with the given buffer and size

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1980)
(cherry picked from commit 19cb71ef6e414759d737918bab10be2cc1d8bd99)

8 years agoAdd missing -zdelete for some linux arches
Kurt Roeckx [Mon, 21 Nov 2016 21:15:11 +0000 (22:15 +0100)]
Add missing -zdelete for some linux arches

b6d5ba1a9f004d637acac18ae3519fe063b6b5e1 forgot to update some linux arches.

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1977
(cherry picked from commit 55ab86e4c202e202a2b9200291d038878a727815)

8 years agoMake SSL_read and SSL_write return the old behaviour and document it.
Kurt Roeckx [Tue, 15 Nov 2016 17:58:52 +0000 (18:58 +0100)]
Make SSL_read and SSL_write return the old behaviour and document it.

Backport of beacb0f0c1ae7b0542fe053b95307f515b578eb7, revert of
122580ef71e4e5f355a1a104c9bfb36feee43759

Fixes: #1903

Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #1966

8 years agoMake async_read and async_write return -1 on failure.
Kurt Roeckx [Sun, 20 Nov 2016 22:22:14 +0000 (23:22 +0100)]
Make async_read and async_write return -1 on failure.

Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #1966

8 years agoSkipping tests in evp_test leaks memory
Todd Short [Thu, 17 Nov 2016 16:56:47 +0000 (11:56 -0500)]
Skipping tests in evp_test leaks memory

When configured with "no-mdc2 enable-crypto-mdebug" the evp_test
will leak memory due to skipped tests, and error out.

Also fix a skip condition

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1946)

8 years agoUse consistent variable names
Beat Bolli [Fri, 18 Nov 2016 08:53:48 +0000 (09:53 +0100)]
Use consistent variable names

In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called
"loc", but the one used in the for loop is called "lastpos". Make the names match.

CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1949)

8 years agoSupport MSBLOB format if RC4 is disabled
Dr. Stephen Henson [Thu, 17 Nov 2016 13:17:28 +0000 (13:17 +0000)]
Support MSBLOB format if RC4 is disabled

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b6c6898234a12b9c6cdaa8f16fb9156097649ad7)

8 years agoFix MSBLOB format with RSA.
Dr. Stephen Henson [Wed, 16 Nov 2016 23:03:43 +0000 (23:03 +0000)]
Fix MSBLOB format with RSA.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 159f6e7ecfde9e98194d6111c85587b85b6a8fc5)

8 years agoMake MSBLOB format work with dsa utility.
Dr. Stephen Henson [Wed, 16 Nov 2016 23:14:30 +0000 (23:14 +0000)]
Make MSBLOB format work with dsa utility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b3795987477f1d478fd8bd20efb812e71b190e8b)

8 years agoAdd conversion test for MSBLOB format.
Dr. Stephen Henson [Wed, 16 Nov 2016 23:04:14 +0000 (23:04 +0000)]
Add conversion test for MSBLOB format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d922634d0c63cee01c89869d79306cd2df628855)

8 years agoRaise an error on memory alloc failure.
FdaSilvaYY [Wed, 9 Nov 2016 23:54:03 +0000 (00:54 +0100)]
Raise an error on memory alloc failure.

Both strdup or malloc failure should raise an err.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)
(cherry picked from commit bad6b116a2d3c005330e618c726f172fd0fefc2a)