oweals/openssl.git
6 years agoDocument EC_POINT_get_affine_coordinates_*.
David Benjamin [Tue, 6 Mar 2018 19:00:24 +0000 (14:00 -0500)]
Document EC_POINT_get_affine_coordinates_*.

In particular, x and y may be NULL, as used in ecdsa_ossl.c. Make use of
this in ecdh_ossl.c as well, to save an otherwise unnecessary temporary.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5532)

6 years agoCleanup the s_time command.
Bernd Edlinger [Wed, 21 Mar 2018 15:23:57 +0000 (16:23 +0100)]
Cleanup the s_time command.

Various code-cleanups.
Use SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) insead of handling
SSL_ERROR_WANT_READ everywhere.
Turn off the linger option on connected sockets to avoid failure.
Add BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) to improve thruput.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3952)

6 years agoConvert _meth_get_ functions to const getters
Jack Bates [Thu, 5 Jan 2017 16:58:18 +0000 (09:58 -0700)]
Convert _meth_get_ functions to const getters

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2181)

6 years agoDon't wait for dry at the end of a handshake
Matt Caswell [Tue, 16 Jan 2018 11:26:50 +0000 (11:26 +0000)]
Don't wait for dry at the end of a handshake

For DTLS/SCTP we were waiting for a dry event during the call to
tls_finish_handshake(). This function just tidies up various internal
things, and after it completes the handshake is over. I can find no good
reason for waiting for a dry event here, and nothing in RFC6083 suggests
to me that we should need to. More importantly though it seems to be
wrong. It is perfectly possible for a peer to send app data/alerts/new
handshake while we are still cleaning up our handshake. If this happens
then we will never get the dry event and so we cannot continue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)

6 years agoCheck for alerts while waiting for a dry event
Matt Caswell [Tue, 16 Jan 2018 10:48:01 +0000 (10:48 +0000)]
Check for alerts while waiting for a dry event

At a couple of points in a DTLS/SCTP handshake we need to wait for a dry
event before continuing. However if an alert has been sent by the peer
then we will never receive that dry event and an infinite loop results.

This commit changes things so that we attempt to read a message if we
are waiting for a dry event but haven't got one yet. This should never
succeed, but any alerts will be processed.

Fixes #4763

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)

6 years agoFix stack-use-after-scope
Peter Wu [Tue, 20 Mar 2018 22:47:06 +0000 (23:47 +0100)]
Fix stack-use-after-scope

Fixes regression from #5667.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5701)

6 years agoo_fopen.c,rand/randfile.c: compensate for e_os.h omission.
Andy Polyakov [Mon, 19 Mar 2018 17:12:31 +0000 (18:12 +0100)]
o_fopen.c,rand/randfile.c: compensate for e_os.h omission.

At earlier point e_os.h was omitted from a number of headers (in order
to emphasize OS neutrality), but this affected o_fopen.c and randfile.c
which are not OS-neutral, and contain some Win32-specific code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5676)

6 years agoAdd dladdr() for AIX
Matthias Kraft [Mon, 19 Mar 2018 17:37:46 +0000 (13:37 -0400)]
Add dladdr() for AIX

Although it deviates from the actual prototype of DSO_dsobyaddr(), this
is now ISO C compliant and gcc -Wpedantic accepts the code.

Added DATA segment checking to catch ptrgl virtual addresses. Avoid
memleaks with every AIX/dladdr() call. Removed debug-fprintf()s.
Added test case for DSO_dsobyaddr(), which will eventually call dladdr().
Removed unecessary AIX ifdefs again.

The implementation can only lookup function symbols, no data symbols.
Added PIC-flag to aix*-cc build targets.

As AIX is missing a dladdr() implementation it is currently uncertain our
exit()-handlers can still be called when the application exits. After
dlclose() the whole library might have been unloaded already.

Signed-off-by: Matthias Kraft <makr@gmx.eu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5668)

6 years agoDo not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER
Benjamin Kaduk [Fri, 26 Jan 2018 17:16:21 +0000 (11:16 -0600)]
Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER

The sid_ctx is something of a "certificate request context" or a
"session ID context" -- something from the application that gives
extra indication of what sort of thing this session is/was for/from.
Without a sid_ctx, we only know that there is a session that we
issued, but it could have come from a number of things, especially
with an external (shared) session cache.  Accordingly, when resuming,
we will hard-error the handshake when presented with a session with
zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no
information about the peer to verify, so the verification must fail.

In order to prevent these future handshake failures, proactively
decline to add the problematic sessions to the session cache.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5175)

6 years agoRemove mention of link between message digests and public key algorithms.
Pauli [Tue, 20 Mar 2018 00:03:10 +0000 (10:03 +1000)]
Remove mention of link between message digests and public key algorithms.

The comment in EVP_DigestInit.pod is:

> Returns the NID of the public key signing algorithm associated with this
digest. For example EVP_sha1() is associated with RSA so this will return
B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms are no
longer linked this function is only retained for compatibility reasons.

I.e. there is no link anymore.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5682)

6 years agoaix compat fixes for ocsp.c
Eric Covener [Sat, 17 Mar 2018 18:00:15 +0000 (14:00 -0400)]
aix compat fixes for ocsp.c

WCOREDUMP and vsyslog are not portable

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5657)

6 years agoMake pkeyutl a bit more user-friendly
Johannes Bauer [Fri, 21 Jul 2017 20:19:35 +0000 (22:19 +0200)]
Make pkeyutl a bit more user-friendly

Give meaningful error messages when the user incorrectly uses pkeyutl.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3987)

6 years agoReduce the verbosity of test_store
Matt Caswell [Tue, 20 Mar 2018 15:48:33 +0000 (15:48 +0000)]
Reduce the verbosity of test_store

The travis logs are going above 4Mb causing the builds to fail. One
test creates excessive output. This change reduces that output by approx
180k.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5694)

6 years agoFix the OCSP responder mode
Matt Caswell [Tue, 20 Mar 2018 11:16:39 +0000 (11:16 +0000)]
Fix the OCSP responder mode

Broken by commit 3e3c7c36.

Fixes #5681

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5688)

6 years agoPrepare for 1.1.1-pre4-dev
Matt Caswell [Tue, 20 Mar 2018 13:15:39 +0000 (13:15 +0000)]
Prepare for 1.1.1-pre4-dev

Reviewed-by: Richard Levitte <levitte@openssl.org>
6 years agoPrepare for 1.1.1-pre3 release OpenSSL_1_1_1-pre3
Matt Caswell [Tue, 20 Mar 2018 13:13:56 +0000 (13:13 +0000)]
Prepare for 1.1.1-pre3 release

Reviewed-by: Richard Levitte <levitte@openssl.org>
6 years agoUpdate copyright year
Matt Caswell [Tue, 20 Mar 2018 13:00:17 +0000 (13:00 +0000)]
Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5689)

6 years agocrypto/rand/rand_vms.c: include "internal/rand_int.h"
Richard Levitte [Tue, 20 Mar 2018 07:31:10 +0000 (08:31 +0100)]
crypto/rand/rand_vms.c: include "internal/rand_int.h"

Without it, the RAND_POOL typedef is missing

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5685)

6 years agoFix: drbgtest fails when tests are executed in random order
Dr. Matthias St. Pierre [Mon, 19 Mar 2018 20:11:50 +0000 (21:11 +0100)]
Fix: drbgtest fails when tests are executed in random order

[extended tests]

The test_rand_reseed assumed that the global DRBGs were not used
previously. This assumption is false when the tests are executed
in random order (OPENSSL_TEST_RAND_ORDER). So we uninstantiate
them first and add a test for the first instantiation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5680)

6 years agos_client, s_server: do generic SSL configuration first, specialization after
Richard Levitte [Mon, 19 Mar 2018 19:33:50 +0000 (20:33 +0100)]
s_client, s_server: do generic SSL configuration first, specialization after

We did the SSL_CONF_cmd() pass last of all things that could affect
the SSL ctx.  However, the results of this, for example:

    -max_protocol TLSv1.3 -tls1_2

... would mean that the protocol min got set to TLSv1.2 and the
protocol max to TLSv1.3, when they should clearly both be TLSv1.2.

However, if we see the SSL_CONF_cmd() switches as generic and those
internal to s_client and s_server as specialisations, we get something
that makes a little more sense.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5679)

6 years agoFix no-sm3/no-sm2 (with strict-warnings)
Todd Short [Mon, 19 Mar 2018 18:22:56 +0000 (14:22 -0400)]
Fix no-sm3/no-sm2 (with strict-warnings)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5677)

6 years agoFix no-sm3 (and no-sm2)
Todd Short [Mon, 19 Mar 2018 17:21:13 +0000 (13:21 -0400)]
Fix no-sm3 (and no-sm2)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5677)

6 years agoDon't generate buildtest_*err.c
Richard Levitte [Mon, 19 Mar 2018 17:54:27 +0000 (18:54 +0100)]
Don't generate buildtest_*err.c

The error string header files aren't supposed to be included directly,
so there's no point testing that they can.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5678)

6 years agoEnhance ssltestlib's create_ssl_ctx_pair to take min and max proto version
Richard Levitte [Mon, 19 Mar 2018 08:08:06 +0000 (09:08 +0100)]
Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version

Have all test programs using that function specify those versions.
Additionally, have the remaining test programs that use SSL_CTX_new
directly specify at least the maximum protocol version.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)

6 years agoIn TLSProxy::Proxy, specify TLSv1.3 as maximum allowable protocol
Richard Levitte [Mon, 19 Mar 2018 07:44:04 +0000 (08:44 +0100)]
In TLSProxy::Proxy, specify TLSv1.3 as maximum allowable protocol

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)

6 years agoSupport "-min_protocol" and "-max_protocol" in s_server and s_client
Richard Levitte [Mon, 19 Mar 2018 06:46:10 +0000 (07:46 +0100)]
Support "-min_protocol" and "-max_protocol" in s_server and s_client

If for nothing else, they are needed when doing a regression test

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)

6 years agoFix no-ec
Matt Caswell [Mon, 19 Mar 2018 16:24:49 +0000 (16:24 +0000)]
Fix no-ec

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)

6 years agoFix no-sm2
Matt Caswell [Mon, 19 Mar 2018 16:17:58 +0000 (16:17 +0000)]
Fix no-sm2

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)

6 years agoFix no-posix-io compile failure
Matt Caswell [Mon, 19 Mar 2018 11:29:06 +0000 (11:29 +0000)]
Fix no-posix-io compile failure

The fix in conf_include_test.c  seems to be required because some
compilers give an error if you give an empty string for the second
argument to strpbrk(). It doesn't really make sense to send an empty
string for this argument anyway, so make sure it has at least one character
in it.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5666)

6 years agoPlace ticket keys into secure memory
Todd Short [Mon, 19 Mar 2018 14:50:51 +0000 (10:50 -0400)]
Place ticket keys into secure memory

Place the session ticket AES and HMAC keys into secure memory.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2351)

6 years agoFix no-psk
Matt Caswell [Mon, 19 Mar 2018 12:58:05 +0000 (12:58 +0000)]
Fix no-psk

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5667)

6 years agoRevise and cleanup; use strict,warnings
Rich Salz [Mon, 19 Mar 2018 14:23:28 +0000 (10:23 -0400)]
Revise and cleanup; use strict,warnings

Use shorter names for some defines, so also had to change the .c file
that used them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5669)

6 years agoApply system_default configuration on SSL_CTX_new().
Tomas Mraz [Mon, 19 Mar 2018 14:01:39 +0000 (10:01 -0400)]
Apply system_default configuration on SSL_CTX_new().

When SSL_CTX is created preinitialize it with system default
configuration from system_default section.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4848)

6 years agoAdd a multithread rand test
Kurt Roeckx [Sun, 11 Mar 2018 14:19:13 +0000 (15:19 +0100)]
Add a multithread rand test

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)

6 years agoDon't use a ssl specific DRBG anymore
Kurt Roeckx [Thu, 8 Mar 2018 21:30:28 +0000 (22:30 +0100)]
Don't use a ssl specific DRBG anymore

Since the public and private DRBG are per thread we don't need one
per ssl object anymore. It could also try to get entropy from a DRBG
that's really from an other thread because the SSL object moved to an
other thread.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)

6 years agoMake the public and private DRBG thread local
Kurt Roeckx [Wed, 7 Mar 2018 18:25:55 +0000 (19:25 +0100)]
Make the public and private DRBG thread local

This avoids lock contention.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)

6 years agoHandle evp_tests assumption of EVP_PKEY_FLAG_AUTOARGLEN
Jack Lloyd [Fri, 9 Feb 2018 17:21:56 +0000 (12:21 -0500)]
Handle evp_tests assumption of EVP_PKEY_FLAG_AUTOARGLEN

Without actually using EVP_PKEY_FLAG_AUTOARGLEN

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)

6 years agoSupport SM2 ECIES scheme via EVP
Jack Lloyd [Wed, 24 Jan 2018 21:45:48 +0000 (16:45 -0500)]
Support SM2 ECIES scheme via EVP

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)

6 years agoAdd SM2 signature and ECIES schemes
Jack Lloyd [Wed, 24 Jan 2018 16:56:02 +0000 (11:56 -0500)]
Add SM2 signature and ECIES schemes

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)

6 years agoConfigurations/15-android.conf: detect clang by PATH, not by CC.
Andy Polyakov [Sat, 17 Mar 2018 09:59:57 +0000 (10:59 +0100)]
Configurations/15-android.conf: detect clang by PATH, not by CC.

Since they intend to omit gcc, it's more appropriate to simply detect
if there is NDK's clang on PATH, as opposite to requiring to specify it
with CC=clang (and looking for it on PATH).

Also detect NDK version and default to armv7-a for NDK>16.

Address failure to recognize -D__ADNDROID_API__=N in CPPFLAGS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)

6 years agoAdd NOTES.ANDROID.
Andy Polyakov [Fri, 16 Mar 2018 11:14:28 +0000 (12:14 +0100)]
Add NOTES.ANDROID.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)

6 years agoConfigurations/15-android.conf: default to RC4_CHAR whenever possible.
Andy Polyakov [Wed, 14 Mar 2018 16:30:22 +0000 (17:30 +0100)]
Configurations/15-android.conf: default to RC4_CHAR whenever possible.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)

6 years agoMIPS assembly pack: default heuristic detection to little-endian.
Andy Polyakov [Wed, 14 Mar 2018 16:23:16 +0000 (17:23 +0100)]
MIPS assembly pack: default heuristic detection to little-endian.

Current endianness detection is somewhat opportunistic and can fail
in cross-compile scenario. Since we are more likely to cross-compile
for little-endian now, adjust the default accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)

6 years agoConfigurations/15-android.conf: refine clang support.
Andy Polyakov [Wed, 14 Mar 2018 08:45:31 +0000 (09:45 +0100)]
Configurations/15-android.conf: refine clang support.

Adjusting ARM default broke clang support, and x86[_64] needed
path adjustment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)

6 years agoConfigure: pass -no-integrated-as.
Andy Polyakov [Wed, 14 Mar 2018 08:42:42 +0000 (09:42 +0100)]
Configure: pass -no-integrated-as.

Occasionally you have to pass -no-integrated-as to clang, but we
consider any -no-option as no-option. Don't touch -no-integrated-as.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)

6 years agoFix bio callback backward compatibility
Bernd Edlinger [Mon, 19 Mar 2018 13:20:53 +0000 (14:20 +0100)]
Fix bio callback backward compatibility

Don't pass a pointer to uninitialized processed value
for BIO_CB_READ and BIO_CB_WRITE

Check the correct cmd code in BIO_callback_ctrl

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5516)

6 years agoFix a crash in SSLfatal due to invalid enc_write_ctx
Bernd Edlinger [Fri, 16 Mar 2018 12:29:51 +0000 (13:29 +0100)]
Fix a crash in SSLfatal due to invalid enc_write_ctx

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5645)

6 years agoFix no-cmac
Matt Caswell [Mon, 19 Mar 2018 10:35:16 +0000 (10:35 +0000)]
Fix no-cmac

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5665)

6 years agoFix no-ec
Matt Caswell [Mon, 19 Mar 2018 10:22:46 +0000 (10:22 +0000)]
Fix no-ec

Raw private/public key loading may fail for X25519/X448 if ec has been
disabled.

Also fixed a missing blank line in evppkey.txt resulting in a warning in
the test output.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5664)

6 years agoAdd a CHANGES entry to mention the replay protection capabilities
Matt Caswell [Fri, 16 Mar 2018 11:09:39 +0000 (11:09 +0000)]
Add a CHANGES entry to mention the replay protection capabilities

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

6 years agoDocument the replay protection capabilities
Matt Caswell [Fri, 16 Mar 2018 11:07:58 +0000 (11:07 +0000)]
Document the replay protection capabilities

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

6 years agoAdd a test for 0RTT replay protection
Matt Caswell [Fri, 16 Mar 2018 09:53:38 +0000 (09:53 +0000)]
Add a test for 0RTT replay protection

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

6 years agoAdd an anti-replay mechanism
Matt Caswell [Fri, 16 Mar 2018 09:25:34 +0000 (09:25 +0000)]
Add an anti-replay mechanism

If the server is configured to allow early data then we check if the PSK
session presented by the client is available in the cache or not. If it
isn't then this may be a replay and we disallow it. If it is then we allow
it and remove the session from the cache. Note: the anti-replay protection
is not used for externally established PSKs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

6 years agoDon't update the session cache when processing a client certificate in TLSv1.3
Matt Caswell [Thu, 15 Mar 2018 21:02:15 +0000 (21:02 +0000)]
Don't update the session cache when processing a client certificate in TLSv1.3

We should only update the session cache when we issue a NewSessionTicket.
These are issued automatically after processing a client certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

6 years agoAlways call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
Matt Caswell [Thu, 15 Mar 2018 17:47:29 +0000 (17:47 +0000)]
Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3

Conceptually in TLSv1.3 there can be multiple sessions associated with a
single connection. Each NewSessionTicket issued can be considered a
separate session. We can end up issuing multiple NewSessionTickets on a
single connection at the moment (e.g. in a post-handshake auth scenario).
Each of those issued tickets should have the new_session_cb called, it
should go into the session cache separately and it should have a unique
id associated with it (so that they can be found individually in the
cache).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

6 years agoengines/asm/e_padlock*: add support for Zhaoxin's x86 platform
JeffZhao [Fri, 16 Mar 2018 06:15:16 +0000 (14:15 +0800)]
engines/asm/e_padlock*: add support for Zhaoxin's x86 platform

VIA and Shanghai United Investment Co.,Ltd. found Shanghai ZhaoXin,
which is a fabless x86 CPU IC design company. ZhaoXin has issued
ZX-C, ZX-D x86 processors, which have 'Shanghai' CPU vendor id.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5640)

6 years agoClarify a couple of details around "make variables"
Richard Levitte [Mon, 19 Mar 2018 06:18:56 +0000 (07:18 +0100)]
Clarify a couple of details around "make variables"

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5660)

6 years agoStop test/shlibloadtest.c from failing in a regression test
Richard Levitte [Wed, 14 Mar 2018 16:31:20 +0000 (17:31 +0100)]
Stop test/shlibloadtest.c from failing in a regression test

When doing a regression test, it's obvious that the version
test/shlibloadtest is built for will not be the same as the library
version.  So we change the test to check for assumed compatibility.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5619)

6 years agoAdd a simple method to run regression tests
Richard Levitte [Wed, 14 Mar 2018 16:25:37 +0000 (17:25 +0100)]
Add a simple method to run regression tests

This is only useful when building shared libraries.  This allows us to
run our tests against newer libraries when the time comes.  Simply do
this:

    OPENSSL_REGRESSION=/other/OpenSSL/build/tree make test

($OPENSSL_REGRESSION *must* be an absolute path)

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5619)

6 years agoNOTES.WIN: classify targets to "native" and "hosted" and restructure.
Andy Polyakov [Fri, 16 Mar 2018 14:39:51 +0000 (15:39 +0100)]
NOTES.WIN: classify targets to "native" and "hosted" and restructure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5647)

6 years agoFix miscellaneous typos in docs and source
Dr. Matthias St. Pierre [Fri, 16 Feb 2018 14:45:32 +0000 (15:45 +0100)]
Fix miscellaneous typos in docs and source

- d2i_PKC8PrivateKey -> d2i_PKCS8PrivateKey
- bechmark -> benchmark
- ciperhsuite -> ciphersuite
- EncyptedPreMasterSecret -> EncryptedPreMasterSecret

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5570)

6 years agots_RESP_sign: Don't try to use v2 signing when ESS digest isn't set
Richard Levitte [Sat, 17 Mar 2018 11:30:47 +0000 (12:30 +0100)]
ts_RESP_sign: Don't try to use v2 signing when ESS digest isn't set

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5653)

6 years agoReturn error when trying to use prediction resistance
Kurt Roeckx [Sun, 18 Feb 2018 19:55:28 +0000 (20:55 +0100)]
Return error when trying to use prediction resistance

There is a requirements of having access to a live entropy source
which we can't do with the default callbacks. If you need prediction
resistance you need to set up your own callbacks that follow the
requirements of NIST SP 800-90C.

Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402

6 years agoPropagate the request for prediction resistance to the get entropy call
Kurt Roeckx [Sun, 18 Feb 2018 18:26:55 +0000 (19:26 +0100)]
Propagate the request for prediction resistance to the get entropy call

Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402

6 years agoFix a memory leak in tls1_mac
Bernd Edlinger [Fri, 16 Mar 2018 20:12:22 +0000 (21:12 +0100)]
Fix a memory leak in tls1_mac

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5650)

6 years agoFix a memory leak in n_ssl3_mac
Bernd Edlinger [Fri, 16 Mar 2018 15:45:55 +0000 (16:45 +0100)]
Fix a memory leak in n_ssl3_mac

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5648)

6 years agoFixed a crash in error handing of rand_drbg_new
Bernd Edlinger [Fri, 16 Mar 2018 14:32:25 +0000 (15:32 +0100)]
Fixed a crash in error handing of rand_drbg_new

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5646)

6 years agoFix error handling in b2i_dss and b2i_rsa
Bernd Edlinger [Thu, 15 Mar 2018 11:34:12 +0000 (12:34 +0100)]
Fix error handling in b2i_dss and b2i_rsa

Fixes: #5567

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5624)

6 years agoRAND_DRBG: add a function for setting the default DRBG type and flags
Dr. Matthias St. Pierre [Thu, 15 Mar 2018 18:48:43 +0000 (19:48 +0100)]
RAND_DRBG: add a function for setting the default DRBG type and flags

This commit adds a new api RAND_DRBG_set_defaults() which sets the
default type and flags for new DRBG instances. See also #5576.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5632)

6 years agoINSTALL: Add a note about backward compatibility and "make variables"
Richard Levitte [Fri, 16 Mar 2018 09:47:36 +0000 (10:47 +0100)]
INSTALL: Add a note about backward compatibility and "make variables"

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)

6 years agoConfigure: maintain compability with pre-"make variables" Configure
Richard Levitte [Fri, 16 Mar 2018 07:59:03 +0000 (08:59 +0100)]
Configure: maintain compability with pre-"make variables" Configure

There were a few environment variables that we supported in earlier
Configure versions which got transfered to the %user table.  This
change makes sure that we still support them, by simply pre-populating
the corresponding %user entries with those environment values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)

6 years agoConfigure: Don't fail if there were "make variables" set in env
Richard Levitte [Fri, 16 Mar 2018 07:24:50 +0000 (08:24 +0100)]
Configure: Don't fail if there were "make variables" set in env

The original intent was that if someone had a "make variable" set in
any kind of way, be it as an environment variable or as an argument to
Configure, we wouldn't allow compiler or linker flags as arguments as
well.  That made both of these configurations equivalently impossible:

    ./Configure target CFLAGS=-foo -lextra

     CFLAGS=-foo ./Configure target -lextra

While this makes things look nice and consistent, real world use makes
this hard, as many projects where OpenSSL is a component also set
these variables for other components that use GNU autotools.

Therefore, we need to adapt our Configure accordingly.  By
consequence, the two Configure lines above will not be equivalent any
more:

    ./Configure target CFLAGS=-foo -lextra

This command line will still fail, because the "make variable" was
given as a command line argument.  This cannot be a mistake and is
therefore not allowed.

     CFLAGS=-foo ./Configure target -lextra

This command line will work, but because there is a linker flag as
a command line argument, the environment (i.e. CFLAGS) is ignored.
That isn't quite consistent with the previous command, but is the old
Configure behavior, before the support for "make variables" was added,
and is therefore the backward compatible behavior.

Fixes google/oss-fuzz#1244

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)

6 years agoVMS C: reduce the dependency paths to be relative
Richard Levitte [Thu, 15 Mar 2018 21:05:00 +0000 (22:05 +0100)]
VMS C: reduce the dependency paths to be relative

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)

6 years agoVisual C: reduce the dependency paths to be relative
Richard Levitte [Thu, 15 Mar 2018 19:38:23 +0000 (20:38 +0100)]
Visual C: reduce the dependency paths to be relative

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)

6 years agoutil/add-depends.pl: add the possibility for debug printouts
Richard Levitte [Thu, 15 Mar 2018 19:37:39 +0000 (20:37 +0100)]
util/add-depends.pl: add the possibility for debug printouts

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)

6 years agoMove all dependency post-processing to util/add-depends.pl
Richard Levitte [Thu, 15 Mar 2018 17:06:18 +0000 (18:06 +0100)]
Move all dependency post-processing to util/add-depends.pl

In the end, it's more efficient to only have one perl instance (that
loads configdata.pm) dealing with dependency files than running one
(that still loads configdata.pm) for each such file.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)

6 years agoVMS: add alias macros to avoid 31 character symbol name limit warning
Richard Levitte [Thu, 15 Mar 2018 19:01:11 +0000 (20:01 +0100)]
VMS: add alias macros to avoid 31 character symbol name limit warning

Affected symbol names:

generate_stateless_cookie_callback
verify_stateless_cookie_callback

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5633)

6 years agoWindows makefile: don't use different looking variants of same cmd
Richard Levitte [Thu, 15 Mar 2018 20:37:32 +0000 (21:37 +0100)]
Windows makefile: don't use different looking variants of same cmd

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5635)

6 years agoPublish the RAND_DRBG API
Dr. Matthias St. Pierre [Mon, 5 Mar 2018 22:45:44 +0000 (23:45 +0100)]
Publish the RAND_DRBG API

Fixes #4403

This commit moves the internal header file "internal/rand.h" to
<openssl/rand_drbg.h>, making the RAND_DRBG API public.
The RAND_POOL API remains private, its function prototypes were
moved to "internal/rand_int.h" and converted to lowercase.

Documentation for the new API is work in progress on GitHub #5461.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5462)

6 years agoAdd code to run test, get malloc counts
Rich Salz [Thu, 15 Mar 2018 14:51:17 +0000 (10:51 -0400)]
Add code to run test, get malloc counts

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4528)

6 years agoutil/postprocess-makedepend.pl: make an effort to collect dependencies
Richard Levitte [Wed, 14 Mar 2018 12:24:12 +0000 (13:24 +0100)]
util/postprocess-makedepend.pl: make an effort to collect dependencies

Instead of just working line by line, we collect all dependencies for
every target and print everything out at the end, with each target
getting a potentially long list of dependencies.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)

6 years agoutil/postprocess-makedepend.pl: For VC, don't include system headers
Richard Levitte [Wed, 14 Mar 2018 09:37:26 +0000 (10:37 +0100)]
util/postprocess-makedepend.pl: For VC, don't include system headers

All dependencies that VC gives us are absolute paths, so we need to
check if some of them are within our source or build tree.  We do that
by comparing the start of each dependency with the absolute versions
of our source and build directories.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)

6 years agoStreamline dependency generation
Richard Levitte [Mon, 12 Mar 2018 08:18:44 +0000 (09:18 +0100)]
Streamline dependency generation

It seems that only gcc -MMD produces dependency files that are "sane"
for our needs.  For all other methods, some post processing is needed:

- 'makedepend' (Unix) insists that object files are located in the
  same spot as the source file.
- 'cl /Zs /showIncludes' (Visual C) has "Note: including file: " where
  we'd like to see the object.
- 'CC/DECC' (VMS) insists that the object file is located in the
  current directory, i.e. it strips away all directory information.

So far, we've managed this (except for the VMS case) with individual
uncommented perl command lines directly in the build file template.
We're now collecting these diverse hacks into one perl script that
takes an argument to tell what kind of input to expect and that
massages whatever it gets on STDIN and outputs the result on STDOUT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)

6 years agoFix no-chacha and no-poly1305
Matt Caswell [Thu, 15 Mar 2018 08:45:22 +0000 (08:45 +0000)]
Fix no-chacha and no-poly1305

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5623)

6 years agoFix a memory leak in the ca application
Matt Caswell [Wed, 14 Mar 2018 14:32:48 +0000 (14:32 +0000)]
Fix a memory leak in the ca application

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoAllow multiple entries without a Subject even if unique_subject == yes
Matt Caswell [Fri, 23 Feb 2018 19:48:11 +0000 (19:48 +0000)]
Allow multiple entries without a Subject even if unique_subject == yes

It is quite likely for there to be multiple certificates with empty
subjects, which are still distinct because of subjectAltName. Therefore
we allow multiple certificates with an empty Subject even if
unique_subject is set to yes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoReport a readable error on a duplicate cert in ca app
Matt Caswell [Fri, 23 Feb 2018 18:28:47 +0000 (18:28 +0000)]
Report a readable error on a duplicate cert in ca app

Commit 87e8feca (16 years ago!) introduced a bug where if we are
attempting to insert a cert with a duplicate subject name, and
duplicate subject names are not allowed (which is the default),
then we get an unhelpful error message back (error number 2). Prior
to that commit we got a helpful error message which displayed details
of the conflicting entry in the database.

That commit was itself attempting to fix a bug with the noemailDN option
where we were setting the subject field in the database too early
(before extensions had made any amendments to it).

This PR moves the check for a conflicting Subject name until after all
changes to the Subject have been made by extensions etc.

This also, co-incidentally fixes the ca crashing bug described in issue
5109.

Fixes #5109

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoRevert "Don't allow an empty Subject when creating a Certificate"
Matt Caswell [Fri, 23 Feb 2018 09:46:30 +0000 (09:46 +0000)]
Revert "Don't allow an empty Subject when creating a Certificate"

This reverts commit e505f1e86874acfd98826d64c53bf2ddfd9c1399.

Empty Subjects should be permissible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoRevert "Don't crash on a missing Subject in index.txt"
Matt Caswell [Fri, 23 Feb 2018 09:46:06 +0000 (09:46 +0000)]
Revert "Don't crash on a missing Subject in index.txt"

This reverts commit 1e05c6d07ff963107286d028f6778d2ccc863a9a.

Empty subjects should be permissible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)

6 years agoRename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Matt Caswell [Thu, 15 Mar 2018 12:19:16 +0000 (12:19 +0000)]
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()

Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd functions for setting the new EVP_PKEY_ASN1_METHOD functions
Matt Caswell [Fri, 9 Mar 2018 11:02:28 +0000 (11:02 +0000)]
Add functions for setting the new EVP_PKEY_ASN1_METHOD functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoMake sure all errors go on the stack in the EVP_PKEY_new*() functions
Matt Caswell [Mon, 5 Mar 2018 19:26:36 +0000 (19:26 +0000)]
Make sure all errors go on the stack in the EVP_PKEY_new*() functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoExpand the 25519/448 overview man pages
Matt Caswell [Mon, 5 Mar 2018 19:16:35 +0000 (19:16 +0000)]
Expand the 25519/448 overview man pages

Include more information about how to create keys for these algorithms.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd some test vectors for testing raw 448/25519 keys
Matt Caswell [Mon, 5 Mar 2018 18:39:44 +0000 (18:39 +0000)]
Add some test vectors for testing raw 448/25519 keys

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd PrivateKeyRaw and PublicKeyRaw support to evp_test
Matt Caswell [Fri, 1 Dec 2017 17:57:42 +0000 (17:57 +0000)]
Add PrivateKeyRaw and PublicKeyRaw support to evp_test

Previously private and public keys had to be pem encoded to be read by
evp_test. This enables us to embed the raw private/public key values
in the test file. The algorithm has to support EVP_PKEY_new_private_key()
and EVP_PKEY_new_public_key() for this to work.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd documentation for the newly added EVP_PKEY_new*() functions
Matt Caswell [Mon, 5 Mar 2018 17:41:49 +0000 (17:41 +0000)]
Add documentation for the newly added EVP_PKEY_new*() functions

Also adds some documentation for related existing functions/macros

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoUpdate the tests to use the new EVP_PKEY_new_private_key() function
Matt Caswell [Mon, 5 Mar 2018 16:22:41 +0000 (16:22 +0000)]
Update the tests to use the new EVP_PKEY_new_private_key() function

Also to use the new EVP_PKEY_new_CMAC_key()

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd the function EVP_PKEY_new_CMAC_key()
Matt Caswell [Mon, 5 Mar 2018 17:23:57 +0000 (17:23 +0000)]
Add the function EVP_PKEY_new_CMAC_key()

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd support for setting raw private Poly1305 keys
Matt Caswell [Mon, 5 Mar 2018 16:22:24 +0000 (16:22 +0000)]
Add support for setting raw private Poly1305 keys

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

6 years agoAdd support for setting raw private SIPHASH keys
Matt Caswell [Mon, 5 Mar 2018 16:17:24 +0000 (16:17 +0000)]
Add support for setting raw private SIPHASH keys

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)