oweals/openssl.git
7 years agoasn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.
Andy Polyakov [Fri, 28 Apr 2017 08:06:35 +0000 (10:06 +0200)]
asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.

"Next" refers to negative minimum "next" to one presentable by given
number of bytes. For example, -128 is negative minimum presentable by
one byte, and -256 is "next" one.

Thanks to Kazuki Yamaguchi for report, GH#3339

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 1e93d619b78832834ae32f5c0c1b0e466267f72d)

7 years agoCheck fflush on BIO_ctrl call
Rich Salz [Fri, 28 Apr 2017 18:14:59 +0000 (14:14 -0400)]
Check fflush on BIO_ctrl call

Bug found and fix suggested by Julian Rüth.
Push error if fflush fails

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3266)
(cherry picked from commit 595b2a42375427a254ad5a8c85870efea839a9b9)

7 years agoEnsure blank lines between tests.
Rich Salz [Fri, 28 Apr 2017 14:00:09 +0000 (10:00 -0400)]
Ensure blank lines between tests.

Also add a comment describing the file format.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3337)
(cherry picked from commit 9a837f220ad1320c51ad2b57b2466fbe28670a45)

7 years agoTLSProxy: When in debug mode, show the exact subprocess commands
Richard Levitte [Fri, 28 Apr 2017 07:20:05 +0000 (09:20 +0200)]
TLSProxy: When in debug mode, show the exact subprocess commands

When you want to debug a test that goes wrong, it's useful to know
exactly what subprocess commands are run.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3342)
(cherry picked from commit 46d5e2b42e00ec392bf3326743519bc25136db09)

7 years agoRemove (broken) diagnostic print
Rich Salz [Thu, 27 Apr 2017 15:38:17 +0000 (11:38 -0400)]
Remove (broken) diagnostic print

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3336)
(cherry picked from commit f2150cd74f45d49545d0787725f99723642b7c2c)

7 years agoRemove unnecessary loop in pkey_rsa_decrypt.
Bernd Edlinger [Wed, 26 Apr 2017 07:59:18 +0000 (09:59 +0200)]
Remove unnecessary loop in pkey_rsa_decrypt.

It is not necessary to remove leading zeros here because
RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done
in constant time, this might have leaked timing information.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3313)
(cherry picked from commit 237bc6c997e42295eeb32c8c1c709e6e6042b839)

7 years agoCT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
Rob Percival [Tue, 4 Apr 2017 22:24:28 +0000 (23:24 +0100)]
CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds

This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)

7 years agoAdd SSL tests for certificates with embedded SCTs
Rob Percival [Thu, 6 Apr 2017 12:21:27 +0000 (13:21 +0100)]
Add SSL tests for certificates with embedded SCTs

The only SSL tests prior to this tested using certificates with no
embedded Signed Certificate Timestamps (SCTs), which meant they couldn't
confirm whether Certificate Transparency checks in "strict" mode were
working.

These tests reveal a bug in the validation of SCT timestamps, which is
fixed by the next commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)

7 years agoAdd and use function test_pem to work out test filenames.
Dr. Stephen Henson [Thu, 16 Feb 2017 15:27:49 +0000 (15:27 +0000)]
Add and use function test_pem to work out test filenames.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)

7 years agoasn1/a_int.c: clean up asn1_get_int64.
Andy Polyakov [Sat, 15 Apr 2017 13:53:50 +0000 (15:53 +0200)]
asn1/a_int.c: clean up asn1_get_int64.

Trouble was that integer negation wasn't producing *formally* correct
result in platform-neutral sense. Formally correct thing to do is
-(int64_t)u, but this triggers undefined behaviour for one value that
would still be representable in ASN.1. The trigger was masked with
(int64_t)(0-u), but this is formally inappropriate for values other
than the problematic one. [Also reorder branches to favour most-likely
paths and harmonize asn1_string_set_int64 with asn1_get_int64].]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3231)

(cherry picked from commit 786b6a45fbecc068d0fb8b05252a9228e0661c63)

7 years agoasn1/a_int.c: don't write result if returning error.
Andy Polyakov [Tue, 11 Apr 2017 22:05:26 +0000 (00:05 +0200)]
asn1/a_int.c: don't write result if returning error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)

(cherry picked from commit b997adb3a518b065240e70acf38ec5f77a937f53)

7 years agoasn1/a_int.c: simplify asn1_put_uint64.
Andy Polyakov [Tue, 11 Apr 2017 22:03:35 +0000 (00:03 +0200)]
asn1/a_int.c: simplify asn1_put_uint64.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)

(cherry picked from commit 6d4321fc242829490e1e7a36358eb12874c9b9e0)

7 years agoasn1/a_int.c: remove code duplicate and optimize branches,
Andy Polyakov [Tue, 11 Apr 2017 21:15:55 +0000 (23:15 +0200)]
asn1/a_int.c: remove code duplicate and optimize branches,

i.e. reduce amount of branches and favour likely ones.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)

(cherry picked from commit a3ea6bf0ef703b38a656245931979c7e53c410b7)

7 years agoFix some variable references in init_client
Matt Caswell [Mon, 24 Apr 2017 10:45:42 +0000 (11:45 +0100)]
Fix some variable references in init_client

We were incorrectly using "res" when we meant "ai"

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3287)

7 years agoFix problem with SCTP close_notify alerts
Matt Caswell [Fri, 21 Apr 2017 15:56:06 +0000 (16:56 +0100)]
Fix problem with SCTP close_notify alerts

In SCTP the code was only allowing a send of a close_notify alert if the
socket is dry. If the socket isn't dry then it was attempting to save away
the close_notify alert to resend later when it is dry and then it returned
success. However because the application then thinks that the close_notify
alert has been successfully sent it never re-enters the DTLS code to
actually resend the alert. A much simpler solution is to just fail with a
retryable error in the event that the socket isn't dry. That way the
application knows to retry sending the close_notify alert.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3287)

7 years agoDon't attempt to send fragments > max_send_fragment in DTLS
Matt Caswell [Fri, 21 Apr 2017 13:00:20 +0000 (14:00 +0100)]
Don't attempt to send fragments > max_send_fragment in DTLS

We were allocating the write buffer based on the size of max_send_fragment,
but ignoring it when writing data. We should fragment handshake messages
if they exceed max_send_fragment and reject application data writes that
are too large.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3287)

7 years agoRemove special case code for SCTP reneg handling
Matt Caswell [Thu, 20 Apr 2017 14:13:28 +0000 (15:13 +0100)]
Remove special case code for SCTP reneg handling

There was code existing which attempted to handle the case where application
data is received after a reneg handshake has started in SCTP. In normal DTLS
we just fail the connection if this occurs, so there doesn't seem any reason
to try and work around it for SCTP. In practice it didn't work properly
anyway and is probably a bad idea to start with.

Fixes #3251

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3287)

7 years agoopenssl enc: Don't unbuffer stdin
Bernard Spil [Mon, 24 Apr 2017 16:43:49 +0000 (18:43 +0200)]
openssl enc: Don't unbuffer stdin

 - unbuffer causes single-byte reads from stdin and poor performance

Fixes #3281
CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3299)
(cherry picked from commit 65d62488b8c808350f440d2276034f5223b391ad)

7 years agocheck length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
Rich Salz [Mon, 24 Apr 2017 22:23:11 +0000 (18:23 -0400)]
check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3290)

7 years agoTypo fix in Configurations/descrip.mms.tmpl
Richard Levitte [Mon, 24 Apr 2017 07:31:45 +0000 (09:31 +0200)]
Typo fix in Configurations/descrip.mms.tmpl

... on the theme "I could have sworn I saved that fix!"

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3285)
(cherry picked from commit cb2a6eb76ef7304a1b76ac5e2578cd9d5f59af28)

7 years agoAnnotate ASN.1 attributes of the jurisdictionCountryName NID
Alex Gaynor [Mon, 24 Apr 2017 01:09:12 +0000 (21:09 -0400)]
Annotate ASN.1 attributes of the jurisdictionCountryName NID

EV Guidelines section 9.2.5 says jurisdictionCountryName follows the
same ASN.1 encoding rules as countryName.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3284)
(cherry picked from commit e8d542121b10158c1bdd5fbe02e0d17c59470cae)

7 years agoPort Ben's parallell Makefile hack to VMS
Richard Levitte [Sun, 23 Apr 2017 14:17:32 +0000 (16:17 +0200)]
Port Ben's parallell Makefile hack to VMS

As far as I know, there is no MMS / MMK with parallellism today.
However, it might be added in the future (perhaps in MMK at least), so
we may as well prepare for it now.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3282)
(cherry picked from commit 757264207ad8650a89ea903d48ad89f61d56ea9c)

7 years agoPort Ben's parallell Makefile hack to Windows
Richard Levitte [Sat, 22 Apr 2017 13:06:35 +0000 (15:06 +0200)]
Port Ben's parallell Makefile hack to Windows

jom is an nmake clone that does parallell building, via the same -j
argument as GNU make.  To make it work, we need to apply the same
dependeency build up as done in 27c40a93175d4dcb559325db9354910b3d16cd4e

Fixes #3272

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3277)
(cherry picked from commit f919c12f5c8b92f0318c650573e774fe6522c27c)

7 years agoFixed typo in X509_STORE_CTX_new description
Camille Guérin [Fri, 21 Apr 2017 11:35:51 +0000 (13:35 +0200)]
Fixed typo in X509_STORE_CTX_new description

 'X509_XTORE_CTX_cleanup' ->  'X509_STORE_CTX_cleanup'
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3271)
(cherry picked from commit 7643a1723ef8eb4e542e57dfadeeb8eff788ec05)

7 years agoNumbers greater than 1 are usually non-negative.
David Benjamin [Fri, 21 Apr 2017 16:07:03 +0000 (12:07 -0400)]
Numbers greater than 1 are usually non-negative.

BN_is_prime_fasttest_ex begins by rejecting if a <= 1. Then it goes to
set A := abs(a), but a cannot be negative at this point.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3275)
(cherry picked from commit 8b24f94209676bbe9933affd2879a686b1ed044d)

7 years agoDocument Next Protocol Negotiation APIs
Rich Salz [Wed, 19 Apr 2017 16:38:27 +0000 (12:38 -0400)]
Document Next Protocol Negotiation APIs

Add callback function prototypes, fix description

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3084)

(cherry picked from commit 87b81496fec2f969371b3167dea3b6aaed9f9f9d)

7 years agoupdate docs because depth refers only to intermediate certs
Thiago Arrais [Wed, 5 Apr 2017 15:10:26 +0000 (15:10 +0000)]
update docs because depth refers only to intermediate certs

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3132)
(cherry picked from commit 800b5dac006344896a3aa947ab13cd9f63e3fc4c)

7 years agoCatch EC_R_UNKNOWN_GROUP in check_unsupported()
Rich Salz [Mon, 17 Apr 2017 01:46:31 +0000 (21:46 -0400)]
Catch EC_R_UNKNOWN_GROUP in check_unsupported()

If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to
an unsupported algorithm/curve (e.g. if binary EC support is disabled).

Before this commit the issue arise for example if binary EC keys are added in
evptests.txt, and the test is run when EC is enabled but EC2m is disabled.

E.g. adding these lines to evptests.txt would reproduce the issue:

~~~

PrivateKey=KAS-ECC-CDH_K-163_C0
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB
SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA
Z7icPpo=
-----END PRIVATE KEY-----

PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
53YiHHK4SzR844PzgGe4nD6a
-----END PUBLIC KEY-----

PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM
JRuNoCHLrCgfEj969PrFs9u4
-----END PUBLIC KEY-----

Derive=KAS-ECC-CDH_K-163_C0
PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
Ctrl=ecdh_cofactor_mode:1
SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc

~~~

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3226)

(cherry picked from commit 0c44545c0f5781b1d2401b0d3c93c0376399c8e5)

7 years agoReformat evptests.txt
Nicola Tuveri [Thu, 13 Apr 2017 17:35:32 +0000 (20:35 +0300)]
Reformat evptests.txt

When compiling without EC support the test fails abruptly reading some keys.
Some keys merged in commit db040557c8bf4449e0a0b43510a2b30d89d58a83 start with
------BEGIN EC PRIVATE KEY-----

this format is not supported without EC support.

This commit reformat those keys with the generic format. After this change the
test simply skips the unsupported EC keys when EC is disabled, without parsing
errors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3222)

7 years agoRemove ecdhtest.c
Nicola Tuveri [Thu, 13 Apr 2017 13:09:21 +0000 (16:09 +0300)]
Remove ecdhtest.c

All tests from ecdhtest.c have been ported to evptests.txt

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3218)

7 years agoecdhtest.c: move co-factor ECDH KATs to evptests
Nicola Tuveri [Thu, 13 Apr 2017 12:54:06 +0000 (15:54 +0300)]
ecdhtest.c: move co-factor ECDH KATs to evptests

move NIST SP800-56A co-factor ECDH KATs from ecdhtest.c to evptests.txt

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3218)

7 years agoASN.1: adapt SSL_SESSION_ASN1 by explicitely embedding INTxx et al
Richard Levitte [Wed, 12 Apr 2017 09:52:52 +0000 (11:52 +0200)]
ASN.1: adapt SSL_SESSION_ASN1 by explicitely embedding INTxx et al

Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3200)

7 years agoASN.1: change INTxx, UINTxx and Z variants to be embedable
Richard Levitte [Wed, 12 Apr 2017 09:50:48 +0000 (11:50 +0200)]
ASN.1: change INTxx, UINTxx and Z variants to be embedable

Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3200)

7 years agoASN.1: extend the possibilities to embed data instead of pointers
Richard Levitte [Wed, 12 Apr 2017 09:48:12 +0000 (11:48 +0200)]
ASN.1: extend the possibilities to embed data instead of pointers

Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free().  Call prim_clear() instead.

Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3200)

7 years agoRemove more stale code in ecdhtest.c
Nicola Tuveri [Wed, 12 Apr 2017 03:36:50 +0000 (06:36 +0300)]
Remove more stale code in ecdhtest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3188)

7 years agoecdhtest.c: move KATs to evptests.txt
Nicola Tuveri [Tue, 11 Apr 2017 16:46:13 +0000 (19:46 +0300)]
ecdhtest.c: move KATs to evptests.txt

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3188)

7 years agoRemove stale code in ecdhtest.c
Nicola Tuveri [Tue, 11 Apr 2017 16:36:06 +0000 (19:36 +0300)]
Remove stale code in ecdhtest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3188)

7 years agoecdhtest.c: move NAMED CURVES TESTS to evptests.txt
Nicola Tuveri [Tue, 11 Apr 2017 16:22:13 +0000 (19:22 +0300)]
ecdhtest.c: move NAMED CURVES TESTS to evptests.txt

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3188)

7 years agoAdded error checking for OBJ_create
Frank Morgner [Mon, 10 Apr 2017 12:15:09 +0000 (14:15 +0200)]
Added error checking for OBJ_create

fixes segmentation fault in case of not enough memory for object creation

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3157)
(cherry picked from commit 487a73def65aa6ffedf5baf353e912fe61aa3c7c)

7 years agoFix x_int64.c
Richard Levitte [Mon, 10 Apr 2017 20:01:05 +0000 (22:01 +0200)]
Fix x_int64.c

Clearing a misunderstanding.  The routines c2i_uint64_int() and
i2c_uint64_int() expect to receive that internal values are absolute
and with a separate sign flag, and the x_int64.c code handles values
that aren't absolute and have the sign bit embedded.  We therefore
need to convert between absolute and non-absolute values for the
encoding of negative values to be correct.

[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3160)
(cherry picked from commit 429223d198aabacd129cf6dde5a4203b5af41737)

7 years agoRemove ECDH(E) ciphers from SSLv3
Todd Short [Tue, 11 Apr 2017 13:02:05 +0000 (09:02 -0400)]
Remove ECDH(E) ciphers from SSLv3

SSLv3 does not support TLS extensions, and thus, cannot provide any
curves for ECDH(E). With the removal of the default (all) list of curves
being used for connections that didn't provide any curves, ECDHE is no
longer possible.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3181)
(cherry picked from commit fe55c4a20f79c77c64a082c5df2c5e8a61317162)

7 years agoAdditional check to handle BAD SSL_write retry
Rich Salz [Tue, 11 Apr 2017 16:11:34 +0000 (12:11 -0400)]
Additional check to handle BAD SSL_write retry

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3123)

7 years agoReject decoding of an INT64 with a value >INT64_MAX
Matt Caswell [Mon, 10 Apr 2017 16:33:29 +0000 (17:33 +0100)]
Reject decoding of an INT64 with a value >INT64_MAX

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3159)
(cherry picked from commit 0856e3f167964f58c26796331eab9d8b0a883921)

7 years agoAllow an ALPN callback to pretend to not exist
Benjamin Kaduk [Tue, 7 Feb 2017 22:23:16 +0000 (16:23 -0600)]
Allow an ALPN callback to pretend to not exist

RFC 7301 mandates that the server SHALL respond with a fatal
"no_application_protocol" alert when there is no overlap between
the client's supplied list and the server's list of supported protocols.
In commit 062178678f5374b09f00d70796f6e692e8775aca we changed from
ignoring non-success returns from the supplied alpn_select_cb() to
treating such non-success returns as indicative of non-overlap and
sending the fatal alert.

In effect, this is using the presence of an alpn_select_cb() as a proxy
to attempt to determine whether the application has configured a list
of supported protocols.  However, there may be cases in which an
application's architecture leads it to supply an alpn_select_cb() but
have that callback be configured to take no action on connections that
do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from
the callback would be the natural way to do so.  Unfortunately, the
aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as
indicative of no overlap and terminated the connection; this change
supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the
callback.  In effect, it provides a way for a callback to obtain the
behavior that would have occurred if no callback was registered at
all, which was not possible prior to this change.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3158)
(cherry picked from commit 8313a787d770ac1d7ddafcbc41b13e7fb5841eae)

7 years agorand/rand_lib.c: keep fixing no-engine configuration.
Andy Polyakov [Sat, 8 Apr 2017 20:29:09 +0000 (22:29 +0200)]
rand/rand_lib.c: keep fixing no-engine configuration.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ce57ac431964f7692af674fd124103d6fe07af2e)

7 years agoasn1/x_long.c: remove conditions in inner loops and dependency on BN.
Andy Polyakov [Sat, 8 Apr 2017 16:01:36 +0000 (18:01 +0200)]
asn1/x_long.c: remove conditions in inner loops and dependency on BN.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3152)

(cherry picked from commit e128f891de71bbdba8391355af8d6d47d20b1969)

7 years agoe_os.h: omit PRIu64.
Andy Polyakov [Fri, 7 Apr 2017 20:30:13 +0000 (22:30 +0200)]
e_os.h: omit PRIu64.

PRIu64 is error-prone with BIO_printf, so introduce and stick to custom
platform-neutral macro. 'll' allows to print 64-bit values on *all*
supported platforms, but it's problematic with -Wformat -Werror. Hence
use 'l' in identifiable LP64 cases.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3148)

7 years agobio/b_print.c: drop dependency on BN config.
Andy Polyakov [Fri, 7 Apr 2017 18:26:59 +0000 (20:26 +0200)]
bio/b_print.c: drop dependency on BN config.

This might seem controversial, but it doesn't actually affect anything.
Or rather it doesn't make worse cases when it was problematic [with code
additions to 1.1.0]. One of such rare cases is 32-bit PA-RISC target
with *vendor* compiler.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3148)

7 years agoStandardize on =over 4 and check for it.
Rich Salz [Mon, 3 Apr 2017 19:39:09 +0000 (15:39 -0400)]
Standardize on =over 4 and check for it.

(cherry picked from commit dfc63ccebd8262648640fc6e35fffa132102b967)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)

7 years agoUse 'over 2' for bullet lists.
Rich Salz [Fri, 7 Apr 2017 17:37:47 +0000 (13:37 -0400)]
Use 'over 2' for bullet lists.

(cherry picked from commit 7ea8ceab4b21d93eb272a89bff73958010d5c2c4)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)

7 years agoFix rand_lib.c for no-engine configuration
Richard Levitte [Fri, 7 Apr 2017 14:26:10 +0000 (16:26 +0200)]
Fix rand_lib.c for no-engine configuration

When configured no-engine, we still refered to rand_engine_lock.
Rework the lock init code to avoid that.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3145)
(cherry picked from commit 2f881d2d9065342454fe352eac9e835cefa0ba90)

7 years agoDon't try to clean up RAND from ENGINE
Richard Levitte [Thu, 6 Apr 2017 13:58:38 +0000 (15:58 +0200)]
Don't try to clean up RAND from ENGINE

This is especially harmful since OPENSSL_cleanup() has already called
the RAND cleanup function

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3137)
(cherry picked from commit 789a2b6250d5e05dfde6ce259e79ef8c172c9f3f)

7 years agoMake getting and setting the RAND default method thread safe
Richard Levitte [Thu, 6 Apr 2017 09:30:03 +0000 (11:30 +0200)]
Make getting and setting the RAND default method thread safe

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3137)
(cherry picked from commit 87975cfa91c3f06a52f2550ed2ef632644be6dde)

7 years agoe_os2.h: Refine OSSL_SSIZE definition under UEFI environment
Qin Long [Tue, 4 Apr 2017 17:08:16 +0000 (01:08 +0800)]
e_os2.h: Refine OSSL_SSIZE definition under UEFI environment

Under UEFI build environment, we may encounter the OSSL_SSIZE macro
re-definition error in e_os2.h if any module call OpenSSL API directly
by including "openssl/xxxx.h" (caused by the predefined _WIN32/_WIN64
macro, which should have been un-defined under OPENSSL_SYS_UEFI).

Though it's not one recommended usage, this patch could still eliminate
the possible build issue by refining the OSSL_SSIZE definition under
OPENSSL_SYS_UEFI.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3121)

(cherry picked from commit 005f6766284155645fa760cf764f85031e209f6c)

7 years agoIn rand_cleanup_int(), don't go creating a default method
Richard Levitte [Thu, 6 Apr 2017 08:24:55 +0000 (10:24 +0200)]
In rand_cleanup_int(), don't go creating a default method

If no default method was yet given, RAND_get_rand_method() will set it
up.  Doing so just to clean it away seems pretty silly, so instead,
use the default_RAND_meth variable directly.

This also clears a possible race condition where this will try to init
things, such as ERR or ENGINE when in the middle of a OPENSSL_cleanup.

Fixes #3128

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3136)
(cherry picked from commit 5006b37b31c5a520c3065048bd8aba8cc3ff128d)

7 years agoConfigurations/README: reword bn_ops description.
Andy Polyakov [Mon, 3 Apr 2017 21:41:19 +0000 (23:41 +0200)]
Configurations/README: reword bn_ops description.

Fixes GH#3116.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 1bc563caa144a568fc505f210568f5ac5b66315e)

7 years agoFix faulty check of padding in x_long.c
Richard Levitte [Fri, 31 Mar 2017 19:31:43 +0000 (21:31 +0200)]
Fix faulty check of padding in x_long.c

Bug uncovered by test

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)

7 years agoFix a possible integer overflow in long_c2i
Matt Caswell [Mon, 27 Mar 2017 15:11:11 +0000 (16:11 +0100)]
Fix a possible integer overflow in long_c2i

Credit to OSS-Fuzz for finding this.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)

7 years agoConvert SSL_SESSION_ASN1 to use size specific integers
Richard Levitte [Thu, 30 Mar 2017 11:33:33 +0000 (13:33 +0200)]
Convert SSL_SESSION_ASN1 to use size specific integers

This increases portability of SSL_SESSION files between architectures
where the size of |long| may vary.  Before this, SSL_SESSION files
produced on a 64-bit long architecture may break on a 32-bit long
architecture.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)

7 years agomake update
Richard Levitte [Thu, 30 Mar 2017 11:33:20 +0000 (13:33 +0200)]
make update

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)

7 years agoImplement internal ASN.1 types INT32, UINT32, INT64, UINT64
Richard Levitte [Thu, 30 Mar 2017 11:31:16 +0000 (13:31 +0200)]
Implement internal ASN.1 types INT32, UINT32, INT64, UINT64

Also Z varieties.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)

7 years agoEnsure dhparams can handle X9.42 params in DER
Matt Caswell [Mon, 3 Apr 2017 11:42:58 +0000 (12:42 +0100)]
Ensure dhparams can handle X9.42 params in DER

dhparams correctly handles X9.42 params in PEM format. However it failed
to correctly processes them when reading/writing DER format.

Fixes #3102

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3111)
(cherry picked from commit 18d20b5eb66fda0ada2e65c2b19aeae75827bdf8)

7 years agoAdd missing macros for DHxparams
Matt Caswell [Mon, 3 Apr 2017 11:41:04 +0000 (12:41 +0100)]
Add missing macros for DHxparams

DHparams has d2i_DHparams_fp, d2i_DHxparams_bio etc, but the equivalent
macros for DHxparams were omitted.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3111)
(cherry picked from commit ff79a24402108ba2cc313f52c745b69d473eb4b1)

7 years agocrypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.
Andy Polyakov [Sat, 1 Apr 2017 13:28:28 +0000 (15:28 +0200)]
crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.

It seems to be problematic to probe processor capabilities with SIGILL
on MacOS X. The problem should be limited to cases when application code
is debugged, but crashes were reported even during normal execution...

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0bd93bbe4ae60e5f318b298bfe617e468a7b71d0)

7 years agoConfigure: use 5.10.0, don't require...
Andy Polyakov [Fri, 31 Mar 2017 12:37:10 +0000 (14:37 +0200)]
Configure: use 5.10.0, don't require...

Configure started with 'require 5.10.0', but if executed by older perl
it failed with "might be runaway multi-line // string" instead of
naturally expected "Perl v5.10.0 required--this is only v5.x.y".

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit d83112b7fd3b0e751f8a5947e5a93db1cbbe86dc)

7 years agoe_afalg.[ch]: fix --strict-warnings with gcc 4.x and 32-bit build.
Andy Polyakov [Thu, 30 Mar 2017 21:07:26 +0000 (23:07 +0200)]
e_afalg.[ch]: fix --strict-warnings with gcc 4.x and 32-bit build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit c27778d8adf7fca3128ece0b7efca09f628008b9)

7 years agoDon't mention TLS 1.3 in the man page
Sebastian Andrzej Siewior [Fri, 31 Mar 2017 18:48:28 +0000 (20:48 +0200)]
Don't mention TLS 1.3 in the man page

The man pages for ciphers, s_client and s_server mention the tls1_3
option but it is not implemented in the 1.1.0 branch. Thus remove it to
avoid confusion.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3099)

7 years agoFix for #2730. Add CRLDP extension to list of supported extensions
Jon Spillett [Thu, 30 Mar 2017 04:13:44 +0000 (14:13 +1000)]
Fix for #2730. Add CRLDP extension to list of supported extensions

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3087)
(cherry picked from commit e6f648fd880369e186039501c960809b17f96e88)

7 years agoMore typo fixes
FdaSilvaYY [Wed, 29 Mar 2017 19:26:13 +0000 (21:26 +0200)]
More typo fixes

Backport of 69687aa829bc8bdcaf5468eb3dd0ada13700b7aa
(Merged from #3069)

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3079)

7 years agoengines/e_capi.c: slip in PROV_RSA_AES for interchangable CSP only.
Andy Polyakov [Sun, 26 Mar 2017 15:40:32 +0000 (17:40 +0200)]
engines/e_capi.c: slip in PROV_RSA_AES for interchangable CSP only.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3034)

(cherry picked from commit 8ab9af5e28032478dd130467751b2e241eaee719)

7 years agoengines/e_capi.c: adhere to CryptAcquireContextW unconditionally.
Andy Polyakov [Sun, 26 Mar 2017 15:39:14 +0000 (17:39 +0200)]
engines/e_capi.c: adhere to CryptAcquireContextW unconditionally.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 3a5b64b2f039a237b595961da07350b3f23282d0)

7 years agoengine/e_capi.c: more formatting and styling fixes.
Andy Polyakov [Sun, 26 Mar 2017 14:12:10 +0000 (16:12 +0200)]
engine/e_capi.c: more formatting and styling fixes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 8f0e5888ea4c577c5a1f0d667786da6376099c86)

7 years agoengines/e_capi.c: formatting and styling fixes.
Andy Polyakov [Fri, 24 Mar 2017 15:00:31 +0000 (16:00 +0100)]
engines/e_capi.c: formatting and styling fixes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e08b444ac097825b10d3b90dbdb0d7197567cc4d)

7 years agodoc: Add stitched ciphers to EVP_EncryptInit.pod
Steven Collison [Tue, 28 Mar 2017 19:46:07 +0000 (12:46 -0700)]
doc: Add stitched ciphers to EVP_EncryptInit.pod

These ciphers don't appear to be documented anywhere. Given the
performance[1] benefits I think it makes sense to expose them.

[1] https://software.intel.com/sites/default/files/open-ssl-performance-paper.pdf

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3067)
(cherry picked from commit 209fac9f8a24000beaa8a438517115b42ca7e7c6)

7 years agodoc: Add missing options in s_{server,client}
Steven Collison [Tue, 28 Mar 2017 16:02:37 +0000 (09:02 -0700)]
doc: Add missing options in s_{server,client}

These were added to the help in ad775e04f6dab but not the pods.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3065)
(cherry picked from commit 254b58fd7335fa3c58e2535d46658109ffd8bdcd)

7 years agoAdd documentation for SNI APIs
Jon Spillett [Tue, 28 Mar 2017 22:34:37 +0000 (08:34 +1000)]
Add documentation for SNI APIs

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3071)
(cherry picked from commit 8c55c4614731487449a02f90ff9a209ff6c63447)

7 years agoRemove duplicate doc
Rich Salz [Tue, 28 Mar 2017 20:31:54 +0000 (16:31 -0400)]
Remove duplicate doc

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3068)
(cherry picked from commit a01dbac232166563cdeafcbe31f321c05d164a10)

7 years agoFix 0 -> NULL, indentation
FdaSilvaYY [Thu, 10 Nov 2016 00:22:17 +0000 (01:22 +0100)]
Fix 0 -> NULL, indentation

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066)
(cherry picked from commit a6ac1ed686346d2164c16446624c973e51d3ae92)

7 years agoRefomat a few comments on 80 cols
FdaSilvaYY [Thu, 10 Nov 2016 00:16:27 +0000 (01:16 +0100)]
Refomat a few comments on 80 cols

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066)
(cherry picked from commit cbe952418376a25acd872db4281a0b09735001f1)

7 years agoFix a few more typos
FdaSilvaYY [Fri, 17 Feb 2017 22:13:26 +0000 (23:13 +0100)]
Fix a few more typos

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066)
(cherry picked from commit 1ee4b98e695cd041da931c10fbdaf82f0ee0f268)

7 years agoSpelling fixes
FdaSilvaYY [Fri, 10 Feb 2017 22:17:00 +0000 (23:17 +0100)]
Spelling fixes

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066)
(cherry picked from commit a8cd439bf58708ffe234a9f707cf6a394d28a1f9)

7 years agoAdd documentation for SSL_*_ex_data() functions
Jon Spillett [Tue, 28 Mar 2017 06:22:07 +0000 (16:22 +1000)]
Add documentation for SSL_*_ex_data() functions

[skip ci]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3050)
(cherry picked from commit 09fdfa4b2fe4c9770c27cd523a5bf55b1d50eac9)

7 years agoMove PRIu64 to e_os.h
Rich Salz [Tue, 28 Mar 2017 13:24:16 +0000 (09:24 -0400)]
Move PRIu64 to e_os.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3061)

7 years agoProvide documentation for missing SSL_SESSION_* functions
Matt Caswell [Fri, 24 Mar 2017 16:01:50 +0000 (16:01 +0000)]
Provide documentation for missing SSL_SESSION_* functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3052)
(cherry picked from commit b31db50528ccfd493b3be73f55c53f4606943d28)

7 years agoasynctest: don't depend on apps
Emilia Kasper [Tue, 28 Mar 2017 11:08:07 +0000 (13:08 +0200)]
asynctest: don't depend on apps

Remove unnecessary include of apps.h. Tests shouldn't take a
dependency on apps. In this case, there is no dependency, the include
is unnecessary.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoRemove redundant decl of 509_STORE_set_flags
Hannes Magnusson [Mon, 27 Mar 2017 23:26:33 +0000 (16:26 -0700)]
Remove redundant decl of 509_STORE_set_flags

a47bc283 accidentally adds another define for X509_STORE_set_flags
It is already defined 5lines prior

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3047)

(cherry picked from commit feb891990a5137bbe11768a11100d2b423a6b11e)

7 years agoIn err_cleanup(), cleanup the thread local storage too
Richard Levitte [Sun, 26 Mar 2017 18:01:44 +0000 (20:01 +0200)]
In err_cleanup(), cleanup the thread local storage too

Fixes #3033

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3035)
(cherry picked from commit 165f1c3ef39680471339d21b9f6c12ea86b4a26a)

7 years agoaes/asm/bsaes-armv7.pl: relax stack alignment requirement.
Andy Polyakov [Sat, 25 Mar 2017 09:58:57 +0000 (10:58 +0100)]
aes/asm/bsaes-armv7.pl: relax stack alignment requirement.

Even though Apple refers to Procedure Call Standard for ARM Architecture
(AAPCS), they apparently adhere to custom version that doesn't follow
stack alignment constraints in the said standard. [Why or why? If it's
vendor lock-in thing, then it would be like worst spot ever.] And since
bsaes-armv7 relied on standard alignment, it became problematic to
execute the code on iOS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0822d41b6d54132df96c02cc6f6fa9b179378351)

7 years agoDon't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl...
Bernd Edlinger [Fri, 24 Mar 2017 08:03:54 +0000 (09:03 +0100)]
Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3023)

(cherry picked from commit 1b6f5a4d3b8cdb02e0bba6878a2b70c850522440)

7 years ago"any" instead of "and"
Zack Williams [Sat, 18 Mar 2017 01:43:53 +0000 (18:43 -0700)]
"any" instead of "and"

The "and" should be an "any"

Fixed in LibreSSL's docs: http://man.openbsd.org/man5/x509v3.cnf.5#Subject_alternative_name

CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2980)
(cherry picked from commit a41815f05e71009d2a5148bd30b70f47186ed66b)

7 years agoFix function documentation
Ian Spence [Fri, 17 Mar 2017 02:06:52 +0000 (19:06 -0700)]
Fix function documentation

CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2972)
(cherry picked from commit f5fd3848fe5033534b92d2d18ed6fbd16741a0a2)

7 years agobn/asm/sparcv9-mont.pl: fix squaring code path.
Andy Polyakov [Wed, 22 Mar 2017 09:51:25 +0000 (10:51 +0100)]
bn/asm/sparcv9-mont.pl: fix squaring code path.

This module is used only with odd input lengths, i.e. not used in normal
PKI cases, on contemporary processors. The problem was "illuminated" by
fuzzing tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 120a9e1a825bd0407639bedb1e8e15823cf7a545)

7 years agoLook for comma before - in POD pages
Rich Salz [Thu, 23 Mar 2017 17:04:52 +0000 (13:04 -0400)]
Look for comma before - in POD pages

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3021)
(cherry picked from commit 3ba4dac67a63c2d2589d46095d989b301cd62650)

7 years agoFix find-doc-nits: { is significant in regexps
Richard Levitte [Thu, 23 Mar 2017 14:09:41 +0000 (15:09 +0100)]
Fix find-doc-nits: { is significant in regexps

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3019)
(cherry picked from commit 5d5835219ea84b6aa35f82791fdc585362e210d4)

7 years agomodes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors.
Andy Polyakov [Mon, 20 Mar 2017 11:47:08 +0000 (12:47 +0100)]
modes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors.

One could have fixed the problem by arranging 64-bit alignment of
EVP_AES_OCB_CTX.aad_buf in evp/e_aes.c, but CRYPTO_ocb128_aad
prototype doesn't imply alignment and we have to honour it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2994)

(cherry picked from commit a2bb183623dac253792753b82e291fd1d180aa78)

7 years agoaes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
Andy Polyakov [Mon, 20 Mar 2017 10:38:25 +0000 (11:38 +0100)]
aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.

Initial IV was disregarded on SHAEXT-capable processors. Amazingly
enough bulk AES128-SHA* talk-to-yourself tests were passing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2992)

(cherry picked from commit 08d09628d2c9f3ef599399d8cad021a07ab98347)

7 years agoFix test/recipes/80-test_ssl_old.t
Richard Levitte [Tue, 21 Mar 2017 12:18:32 +0000 (13:18 +0100)]
Fix test/recipes/80-test_ssl_old.t

Cherry-pick error

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3006)

7 years agoRemove duplicate X509_OBJECT free function.
David Benjamin [Tue, 21 Mar 2017 04:27:35 +0000 (00:27 -0400)]
Remove duplicate X509_OBJECT free function.

These two functions do the same thing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3001)
(cherry picked from commit b6ef12c4baa3a2c1ff0e3ac71270588dfcfe8cbd)

7 years agoRework how protocol specific ciphers in 80-test_ssl_old.t are picked out
Richard Levitte [Wed, 15 Mar 2017 01:40:55 +0000 (02:40 +0100)]
Rework how protocol specific ciphers in 80-test_ssl_old.t are picked out

The code to do this incorrectly assumed that the protocol version
could be used as a valid cipher suite  for the 'openssl cipher'
command.  While this is true in some cases, that isn't something to be
trusted.  Replace that assumption with code that takes the full
'openssl ciphers' command output and parses it to find the ciphers we
look for.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2956)
(cherry picked from commit 9ea6d56d044a95459e563abdc85aed26149e6ee9)

7 years agoFix decoding of ASN.1 LONG and ZLONG items
Richard Levitte [Mon, 20 Mar 2017 20:31:02 +0000 (21:31 +0100)]
Fix decoding of ASN.1 LONG and ZLONG items

LONG and ZLONG items (which are OpenSSL private special cases of
ASN1_INTEGER) are encoded into DER with padding if the leading octet
has the high bit set, where the padding can be 0x00 (for positive
numbers) or 0xff (for negative ones).

When decoding DER to LONG or ZLONG, the padding wasn't taken in
account at all, which means that if the encoded size with padding
is one byte more than the size of long, decoding fails.  This change
fixes that issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3000)