oweals/openssl.git
5 years agoDon't get the mac type in TLSv1.3
Matt Caswell [Mon, 14 Jan 2019 16:37:14 +0000 (16:37 +0000)]
Don't get the mac type in TLSv1.3

We don't use this information so we shouldn't fetch it. As noted in the
comments in #8005.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8020)

5 years agoAdd missing entries in ssl_mac_pkey_id
Matt Caswell [Mon, 14 Jan 2019 16:36:33 +0000 (16:36 +0000)]
Add missing entries in ssl_mac_pkey_id

Fixes #8005

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8020)

5 years agoCheck more return values in the SRP code
Matt Caswell [Mon, 14 Jan 2019 11:22:42 +0000 (11:22 +0000)]
Check more return values in the SRP code

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8019)

5 years agoCheck a return value in the SRP code
Matt Caswell [Mon, 14 Jan 2019 11:06:43 +0000 (11:06 +0000)]
Check a return value in the SRP code

Spotted by OSTIF audit

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8019)

5 years agoFix compilation with `-DREF_PRINT`
Anna Henningsen [Sun, 13 Jan 2019 17:26:43 +0000 (18:26 +0100)]
Fix compilation with `-DREF_PRINT`

CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8016)

5 years agoDon't artificially limit the size of the ClientHello
Matt Caswell [Wed, 17 Oct 2018 15:17:25 +0000 (16:17 +0100)]
Don't artificially limit the size of the ClientHello

We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the
ClientHello. AFAIK there is nothing in the standards that requires this
limit.

The limit goes all the way back to when support for extensions was first
added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most
likely it was originally added to avoid the complexity of having to grow
the init_buf in the middle of adding extensions. With WPACKET this is
irrelevant since it will grow automatically.

This issue came up when an attempt was made to send a very large
certificate_authorities extension in the ClientHello.

We should just remove the limit.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7424)

5 years agoFix compilation on sparc
Matt Caswell [Mon, 7 Jan 2019 15:16:23 +0000 (15:16 +0000)]
Fix compilation on sparc

Fixes #7966

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7997)

5 years agoFix CID 1434549: Unchecked return value in test/evp_test.c
FdaSilvaYY [Tue, 8 Jan 2019 06:27:27 +0000 (16:27 +1000)]
Fix CID 1434549: Unchecked return value in test/evp_test.c

5. check_return: Calling EVP_EncodeUpdate without checking return value
(as is done elsewhere 4 out of 5 times).

Fix CID 13716951371698: Resource leak in test/evp_test.c

- leaked_storage: Variable edata going out of scope leaks the storage it
points to.

- leaked_storage: Variable encode_ctx going out of scope leaks the
storage it points to

Fix CID 143043714304261430429 : Dereference before null check in test/drbg_cavs_test.c

check_after_deref: Null-checking drbg suggests that it
may be null, but it has already been dereferenced on all paths leading
to the check

Fix CID 1440765: Dereference before null check in test/ssltestlib.c

check_after_deref: Null-checking ctx suggests that it may be null, but
it has already been dereferenced on all paths leading to the check.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7993)

5 years agoMore configurable crypto and ssl library initialization
Viktor Dukhovni [Tue, 1 Jan 2019 07:53:24 +0000 (02:53 -0500)]
More configurable crypto and ssl library initialization

1.  In addition to overriding the default application name,
    one can now also override the configuration file name
    and flags passed to CONF_modules_load_file().

2.  By default we still keep going when configuration file
    processing fails.  But, applications that want to be strict
    about initialization errors can now make explicit flag
    choices via non-null OPENSSL_INIT_SETTINGS that omit the
    CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been
    both undocumented and unused).

3.  In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
    if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.

4.  Don't set up atexit() handlers when called with INIT_BASE_ONLY.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7986)

5 years agoUpdate generator copyright year.
Viktor Dukhovni [Wed, 2 Jan 2019 00:19:43 +0000 (19:19 -0500)]
Update generator copyright year.

Some Travis builds appear to fail because generated objects get
2019 copyrights now, and the diff complains.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7986)

5 years agoAdd a test for correct handling of the cryptopro bug extension
Matt Caswell [Fri, 4 Jan 2019 16:55:15 +0000 (16:55 +0000)]
Add a test for correct handling of the cryptopro bug extension

This was complicated by the fact that we were using this extension for our
duplicate extension handling tests. In order to add tests for cryptopro
bug the duplicate extension handling tests needed to change first.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)

5 years agoDon't complain if we receive the cryptopro extension in the ClientHello
Matt Caswell [Fri, 4 Jan 2019 16:54:03 +0000 (16:54 +0000)]
Don't complain if we receive the cryptopro extension in the ClientHello

The cryptopro extension is supposed to be unsolicited and appears in the
ServerHello only. Additionally it is unofficial and unregistered - therefore
we should really treat it like any other unknown extension if we see it in
the ClientHello.

Fixes #7747

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)

5 years agodoc/man1/x509.pod: fix typo
Dr. Matthias St. Pierre [Mon, 7 Jan 2019 00:21:56 +0000 (01:21 +0100)]
doc/man1/x509.pod: fix typo

This looks like a copy&paste error from req.pod to x509.pod.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7995)

5 years agoRestore compatibility with GOST2001 implementations.
Dmitry Belyavskiy [Fri, 4 Jan 2019 17:38:29 +0000 (20:38 +0300)]
Restore compatibility with GOST2001 implementations.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7985)

5 years agoFix no-sock
Matt Caswell [Fri, 4 Jan 2019 11:13:39 +0000 (11:13 +0000)]
Fix no-sock

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7981)

5 years agoFix no-cmac
Matt Caswell [Fri, 4 Jan 2019 10:24:19 +0000 (10:24 +0000)]
Fix no-cmac

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7979)

5 years agocrypto/evp/e_aes.c: build again on s390x
Richard Levitte [Sat, 5 Jan 2019 08:33:22 +0000 (09:33 +0100)]
crypto/evp/e_aes.c: build again on s390x

The stuff needed to build with SIV wasn't in place for s390x

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7988)

5 years agocrypto/chacha/asm/chacha-s390x.pl: add vx code path.
Patrick Steuer [Fri, 3 Aug 2018 22:10:06 +0000 (00:10 +0200)]
crypto/chacha/asm/chacha-s390x.pl: add vx code path.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6919)

5 years agos390x assembly pack: perlasm support.
Patrick Steuer [Wed, 7 Dec 2016 11:58:34 +0000 (12:58 +0100)]
s390x assembly pack: perlasm support.

Added crypto/perlasm/s390x.pm Perl module. Its primary use is to be
independent of binutils version, that is to write byte codes of
instructions that are not part of the base instruction set.
Currently only gas format is supported.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6919)

5 years agoSupport _onexit() in preference to atexit() on Windows
Matt Caswell [Fri, 16 Nov 2018 17:26:23 +0000 (17:26 +0000)]
Support _onexit() in preference to atexit() on Windows

This enables cleanup to happen on DLL unload instead of at process exit.

[extended tests]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)

5 years agoIntroduce a no-pinshared option
Matt Caswell [Fri, 16 Nov 2018 14:05:14 +0000 (14:05 +0000)]
Introduce a no-pinshared option

This option prevents OpenSSL from pinning itself in memory.

Fixes #7598

[extended tests]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)

5 years agoTest atexit handlers
Matt Caswell [Thu, 15 Nov 2018 17:41:06 +0000 (17:41 +0000)]
Test atexit handlers

Test that atexit handlers get called properly at process exit, unless we
have explicitly asked for them not to be.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)

5 years agoDon't link shlibloadtest against libcrypto
Matt Caswell [Thu, 15 Nov 2018 16:59:41 +0000 (16:59 +0000)]
Don't link shlibloadtest against libcrypto

The whole point of shlibloadtest is to test dynamically loading and
unloading the library. If we link shlibloadtest against libcrypto then that
might mask potential issues.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)

5 years agoImplement OPENSSL_INIT_NO_ATEXIT
Matt Caswell [Thu, 15 Nov 2018 16:27:34 +0000 (16:27 +0000)]
Implement OPENSSL_INIT_NO_ATEXIT

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)

5 years agoFix a RUN_ONCE bug
Matt Caswell [Tue, 20 Nov 2018 15:32:55 +0000 (15:32 +0000)]
Fix a RUN_ONCE bug

We have a number of instances where there are multiple "init" functions for
a single CRYPTO_ONCE variable, e.g. to load config automatically or to not
load config automatically. Unfortunately the RUN_ONCE mechanism was not
correctly giving the right return value where an alternative init function
was being used.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)

5 years agoFix shlibloadtest to properly execute the dso_ref test
Matt Caswell [Thu, 15 Nov 2018 14:50:52 +0000 (14:50 +0000)]
Fix shlibloadtest to properly execute the dso_ref test

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)

5 years agoEliminate unused buffers from ssl3_change_cipher_state
Dmitry Belyavskiy [Wed, 2 Jan 2019 12:47:07 +0000 (15:47 +0300)]
Eliminate unused buffers from ssl3_change_cipher_state

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7971)

5 years agoRemove unused variables from tls1_change_cipher_state
Dmitry Belyavskiy [Wed, 2 Jan 2019 10:28:07 +0000 (13:28 +0300)]
Remove unused variables from tls1_change_cipher_state

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7971)

5 years agomake update
Matt Caswell [Wed, 2 Jan 2019 16:43:21 +0000 (16:43 +0000)]
make update

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7972)

5 years agoFix cert with rsa instead of rsaEncryption as public key algorithm
Bernd Edlinger [Thu, 27 Dec 2018 21:18:21 +0000 (22:18 +0100)]
Fix cert with rsa instead of rsaEncryption as public key algorithm

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7962)

5 years agoFix a minor nit in the hkdflabel size
Bernd Edlinger [Sun, 16 Dec 2018 11:43:59 +0000 (12:43 +0100)]
Fix a minor nit in the hkdflabel size

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7913)

5 years agoFixed minor typo in the req.pod docs
Behrang [Thu, 20 Dec 2018 12:56:03 +0000 (23:56 +1100)]
Fixed minor typo in the req.pod docs

CLA: Trivial

Fixes #7928.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7973)

5 years agofixed grammar typo
Michael Richardson [Thu, 27 Dec 2018 18:25:07 +0000 (13:25 -0500)]
fixed grammar typo

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7959)

5 years agoMinor doc fixes for EVP_MAC.
David Makepeace [Wed, 28 Nov 2018 04:03:15 +0000 (14:03 +1000)]
Minor doc fixes for EVP_MAC.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7716)

5 years agoEVP_PKEY_size declared to take a const parameter
Shreya Bhandare [Thu, 13 Dec 2018 17:29:10 +0000 (22:59 +0530)]
EVP_PKEY_size declared to take a const parameter

CLA: trivial
Function EVP_PKEY_size has been modified to take a const parameter

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7892)

5 years agoDo not complain when /dev/crypto does not exist.
Jung-uk Kim [Thu, 13 Dec 2018 23:18:16 +0000 (18:18 -0500)]
Do not complain when /dev/crypto does not exist.

FreeBSD does not enable cryptodev(4) by default.  OpenBSD disabled support
for /dev/crypto by default from 4.9 and removed it from 5.7.  Now the engine
is properly enabled by default on BSD platforms (see #7885), it continuously
complains:

Could not open /dev/crypto: No such file or directory

Hide the nagging error message behind ENGINE_DEVCRYPTO_DEBUG.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7896)

5 years agoCoverity fix in some crypto/asn1 code
FdaSilvaYY [Sun, 30 Sep 2018 20:39:38 +0000 (22:39 +0200)]
Coverity fix in some crypto/asn1 code

Call to i2d method returns an int value.

Fix:
CID 1338183 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
CID 1371691 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
CID 1371692 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7359)

5 years agoCoverity fix in apps/oscp
FdaSilvaYY [Sun, 7 Oct 2018 19:47:31 +0000 (21:47 +0200)]
Coverity fix in apps/oscp

CID 1440002 (#1 of 1): Use after free (USE_AFTER_FREE)
Not a deadly error, because error was just before app exit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7359)

5 years agoutil/process_docs.pl: handle multiple source directories correctly
Richard Levitte [Sat, 15 Dec 2018 23:47:18 +0000 (00:47 +0100)]
util/process_docs.pl: handle multiple source directories correctly

The way this script handled multiple source directories wasn't quite
right, it ended up giving pod2html 'ARRAY(0xXXXXXXXXX)' as a source
directory.

This corrects the mistake.

Fixes #7742
Fixes #7939

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7911)

5 years agoAdmit unknown pkey types at security level 0
Ken Goldman [Fri, 14 Dec 2018 20:04:04 +0000 (15:04 -0500)]
Admit unknown pkey types at security level 0

The check_key_level() function currently fails when the public key
cannot be extracted from the certificate because its algorithm is not
supported.  However, the public key is not needed for the last
certificate in the chain.

This change moves the check for level 0 before the check for a
non-NULL public key.

For background, this is the TPM 1.2 endorsement key certificate.
I.e., this is a real application with millions of certificates issued.
The key is an RSA-2048 key.

The TCG (for a while) specified

     Public Key Algorithm: rsaesOaep

rather than the commonly used

     Public Key Algorithm: rsaEncryption

because the key is an encryption key rather than a signing key.
The X509 certificate parser fails to get the public key.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7906)

5 years agoFix function names in ct(7) documentation
Christian Heimes [Mon, 17 Dec 2018 21:56:17 +0000 (22:56 +0100)]
Fix function names in ct(7) documentation

The correct function name is SSL_CTX_enable_ct, not SSL_CTX_ct_enable.

Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7916)

5 years agoSome code-cleanup/simplification in apps
Rich Salz [Tue, 11 Dec 2018 17:31:55 +0000 (12:31 -0500)]
Some code-cleanup/simplification in apps

Remove some casts on password callback by adding a wrapper function.
Remove level of indent by doing an early-return on failure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7873)

5 years agoX509_check_issued: check that signature algo matches signing key algo
Richard Levitte [Tue, 18 Dec 2018 08:14:51 +0000 (09:14 +0100)]
X509_check_issued: check that signature algo matches signing key algo

This implements 3.5.18 "Consistent Public Key and Signature Algorithms"
from RFC 4158 "Internet X.509 Public Key Infrastructure: Certification
Path Building"

Ref: https://tools.ietf.org/html/rfc4158#section-3.5.18

Fixes #7899

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7919)

5 years agoFix s_client hang on non-compliant NNTP server test
Quantomicus [Mon, 17 Dec 2018 16:26:29 +0000 (17:26 +0100)]
Fix s_client hang on non-compliant NNTP server test

Fixes #7722

CLA: trivial

Signed-off-by: Mateja Milosevic <quantumgleam@gmail.com>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7915)

5 years agoman: harmonize the various formulations in the HISTORY sections
Dr. Matthias St. Pierre [Sun, 9 Dec 2018 00:02:36 +0000 (01:02 +0100)]
man: harmonize the various formulations in the HISTORY sections

While stereotyped repetitions are frowned upon in literature, they
serve a useful purpose in manual pages, because it is easier for
the user to find certain information if it is always presented in
the same way. For that reason, this commit harmonizes the varying
formulations in the HISTORY section about which functions, flags,
etc. were added in which OpenSSL version.

It also attempts to make the pod files more grep friendly by
avoiding to insert line breaks between the symbol names and the
corresponding version number in which they were introduced
(wherever possible). Some punctuation and typographical errors
were fixed on the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7854)

5 years agoConvert tls1_prf_P_hash to use the EVP_MAC interface
Kurt Roeckx [Fri, 2 Nov 2018 14:51:19 +0000 (15:51 +0100)]
Convert tls1_prf_P_hash to use the EVP_MAC interface

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #7554

5 years agoDeprecate TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION
Kurt Roeckx [Tue, 18 Sep 2018 20:17:14 +0000 (22:17 +0200)]
Deprecate TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION

Fixes: #7183

Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #7260

5 years agoUse (D)TLS_MAX_VERSION_INTERNAL internally
Kurt Roeckx [Sun, 9 Dec 2018 19:53:05 +0000 (20:53 +0100)]
Use (D)TLS_MAX_VERSION_INTERNAL internally

Use 0 if we don't want to set a minimum or maximum version

Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #7260

5 years agoERR: preserve system error number in a few more places
Richard Levitte [Fri, 14 Dec 2018 18:33:55 +0000 (19:33 +0100)]
ERR: preserve system error number in a few more places

It turns out that intialization may change the error number, so we
need to preserve the system error number in functions where
initialization is called for.
These are ERR_get_state() and err_shelve_state()

Fixes #7897

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7902)

5 years agoFixes #7879: AES-SIV to use EVP_MAC APIs
Todd Short [Thu, 13 Dec 2018 16:09:15 +0000 (11:09 -0500)]
Fixes #7879: AES-SIV to use EVP_MAC APIs

Convert CMAC APIs to EVP_MAC APIs

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7891)

5 years agoAdd missing OPENSSL_clear_free before using ec->key
Mansour Ahmadi [Tue, 11 Dec 2018 21:18:21 +0000 (16:18 -0500)]
Add missing OPENSSL_clear_free before using ec->key

Fixes #7657

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7877)

5 years agoadd missing check for BN_mod_inverse
Mansour Ahmadi [Tue, 11 Dec 2018 20:48:08 +0000 (15:48 -0500)]
add missing check for BN_mod_inverse

Fixes #7650

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7876)

5 years agofix inconsistent flen check in rsa_pk1 and rsa_oaep
Mansour Ahmadi [Tue, 11 Dec 2018 22:26:50 +0000 (17:26 -0500)]
fix inconsistent flen check in rsa_pk1 and rsa_oaep

Fixes #7117

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7880)

5 years agoIgnore duplicated undocumented things
Rich Salz [Wed, 17 Oct 2018 14:25:00 +0000 (10:25 -0400)]
Ignore duplicated undocumented things

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7423)

5 years agoVMS build: better treatment of .S -> .obj compilation
Richard Levitte [Wed, 12 Dec 2018 20:22:29 +0000 (21:22 +0100)]
VMS build: better treatment of .S -> .obj compilation

It turned out that .S files aren't to be treated as lightly as I
thought.  They need to go through a preprocessing step, which .s files
don't need to.

Corrects #7703

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7889)

5 years agodoc/man3: remove copy&paste leftover
Dr. Matthias St. Pierre [Wed, 12 Dec 2018 06:38:07 +0000 (07:38 +0100)]
doc/man3: remove copy&paste leftover

Fixes #7883

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7884)

5 years agoUse the correct function name
Jakub Jelen [Wed, 12 Dec 2018 10:22:00 +0000 (11:22 +0100)]
Use the correct function name

CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7887)

5 years agoFix error in processing $target{enable}
Richard Levitte [Wed, 12 Dec 2018 08:27:48 +0000 (09:27 +0100)]
Fix error in processing $target{enable}

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7885)

5 years agoFixed typo (vi leftover).
Tobias Stoeckmann [Tue, 11 Dec 2018 19:34:21 +0000 (20:34 +0100)]
Fixed typo (vi leftover).

There was a trailing :w at a line, which didn't make sense in context
of the sentence/styling. Removed it, because I think it's a leftover
vi command.

CLA: trivial
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7875)

5 years agoAdd RFC5297 AES-SIV support
Todd Short [Fri, 19 May 2017 14:27:28 +0000 (10:27 -0400)]
Add RFC5297 AES-SIV support

Based originally on github.com/dfoxfranke/libaes_siv

This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce complexity at the cost of perfomance. The
expected use is for short inputs, not TLS-sized records.

Add multiple AAD input capacity in the EVP tests.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3540)

5 years agoAdd an Ed448 malleability test
Matt Caswell [Mon, 3 Dec 2018 16:36:50 +0000 (16:36 +0000)]
Add an Ed448 malleability test

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7748)

5 years agoDisallow Ed448 signature malleability
Matt Caswell [Mon, 3 Dec 2018 17:01:07 +0000 (17:01 +0000)]
Disallow Ed448 signature malleability

Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.2.7

Fixes #7706

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7748)

5 years agotypo ANS1 -> ASN1
nxtstep [Mon, 10 Dec 2018 09:39:24 +0000 (10:39 +0100)]
typo ANS1 -> ASN1

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7857)

5 years agoutil/mkdef.pl: Remove a ';' that snuck in
Richard Levitte [Tue, 11 Dec 2018 09:31:40 +0000 (10:31 +0100)]
util/mkdef.pl: Remove a ';' that snuck in

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7868)

5 years agoConfiguration: $config{shlib_version_number} -> $config{shlib_version}
Richard Levitte [Mon, 10 Dec 2018 18:48:37 +0000 (19:48 +0100)]
Configuration: $config{shlib_version_number} -> $config{shlib_version}

This was forgotten in a few places

Fixes #7862

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7865)

5 years agoapps/tsget.in: use the full version in the user agent string
Richard Levitte [Mon, 10 Dec 2018 19:09:17 +0000 (20:09 +0100)]
apps/tsget.in: use the full version in the user agent string

Fixes #7861

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7866)

5 years agoVMS: fix library compatibility settings in util/mkdef.pl
Richard Levitte [Mon, 10 Dec 2018 10:37:19 +0000 (11:37 +0100)]
VMS: fix library compatibility settings in util/mkdef.pl

The regexp to parse the incoming version number was flawed, and since
we allow ourselves to add missing APIs in PATCH releases, the
compatibility settings still need to include the PATCH part of the
version number.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7858)

5 years agoeng_devcrypto: add command to dump driver info
Eneas U de Queiroz [Wed, 7 Nov 2018 00:54:07 +0000 (22:54 -0200)]
eng_devcrypto: add command to dump driver info

This is useful to determine the kernel driver running each algorithm.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: add configuration options
Eneas U de Queiroz [Sat, 3 Nov 2018 18:41:10 +0000 (15:41 -0300)]
eng_devcrypto: add configuration options

USE_SOFTDRIVERS: whether to use software (not accelerated) drivers
CIPHERS: list of ciphers to enable
DIGESTS: list of digests to enable

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: save ioctl if EVP_MD_..FLAG_ONESHOT
Eneas U de Queiroz [Mon, 5 Nov 2018 17:54:17 +0000 (15:54 -0200)]
eng_devcrypto: save ioctl if EVP_MD_..FLAG_ONESHOT

Since each ioctl causes a context switch, slowing things down, if
EVP_MD_CTX_FLAG_ONESHOT is set, then:
 - call the ioctl in digest_update, saving the result; and
 - just copy the result in digest_final, instead of using another ioctl.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: make sure digest can do copy
Eneas U de Queiroz [Sat, 8 Dec 2018 20:01:04 +0000 (18:01 -0200)]
eng_devcrypto: make sure digest can do copy

Digest must be able to do partial-state copy to be used.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: fix ctr mode
Eneas U de Queiroz [Wed, 28 Nov 2018 13:26:27 +0000 (11:26 -0200)]
eng_devcrypto: fix ctr mode

Make CTR mode behave like a stream cipher.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: add cipher CTX copy function
Eneas U de Queiroz [Tue, 13 Nov 2018 11:23:22 +0000 (09:23 -0200)]
eng_devcrypto: add cipher CTX copy function

The engine needs a custom cipher context copy function to open a new
/dev/crypto session.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: close session on cleanup, not final
Eneas U de Queiroz [Mon, 5 Nov 2018 17:59:44 +0000 (15:59 -0200)]
eng_devcrypto: close session on cleanup, not final

Close the session in digest_cleanup instead of digest_final.  A failure
in closing the session does not mean a previous successful digest final
has failed as well.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: fix copy of unitilialized digest
Eneas U de Queiroz [Wed, 14 Nov 2018 15:58:06 +0000 (13:58 -0200)]
eng_devcrypto: fix copy of unitilialized digest

If the source ctx has not been initialized, don't initialize the copy
either.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: expand digest failure cases
Eneas U de Queiroz [Wed, 14 Nov 2018 13:22:14 +0000 (11:22 -0200)]
eng_devcrypto: expand digest failure cases

Return failure when the digest_ctx is null in digest_update and
digest_final, and when md is null in digest_final.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: don't leak methods tables
Eneas U de Queiroz [Mon, 5 Nov 2018 19:59:42 +0000 (17:59 -0200)]
eng_devcrypto: don't leak methods tables

Call functions to prepare methods after confirming that /dev/crytpo was
sucessfully open and that the destroy function has been set.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoINSTALL: add note about devcrypto engine
Eneas U de Queiroz [Thu, 8 Nov 2018 13:16:20 +0000 (11:16 -0200)]
INSTALL: add note about devcrypto engine

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoDocument the num_tickets s_server option
Matt Caswell [Tue, 4 Dec 2018 12:31:17 +0000 (12:31 +0000)]
Document the num_tickets s_server option

Fixes #7727

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7756)

5 years agoPreserve errno on dlopen
Matt Caswell [Wed, 21 Nov 2018 11:57:04 +0000 (11:57 +0000)]
Preserve errno on dlopen

For the same reasons as in the previous commit we must preserve errno
across dlopen calls. Some implementations (e.g. solaris) do not preserve
errno even on a successful dlopen call.

Fixes #6953

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)

5 years agoMake sure build_SYS_str_reasons() preserves errno
Matt Caswell [Wed, 21 Nov 2018 11:44:42 +0000 (11:44 +0000)]
Make sure build_SYS_str_reasons() preserves errno

This function can end up being called during ERR_get_error() if we are
initialising. ERR_get_error() must preserve errno since it gets called via
SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are
supposed to inspect errno.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)

5 years agomake update
Richard Levitte [Sun, 9 Dec 2018 13:20:30 +0000 (14:20 +0100)]
make update

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)

5 years agoPrevent calling decryption in an encryption context and vice versa
Richard Levitte [Sun, 9 Dec 2018 13:18:50 +0000 (14:18 +0100)]
Prevent calling decryption in an encryption context and vice versa

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)

5 years agoCleaner disposal of ephemeral engine ids and names
Viktor Dukhovni [Sun, 9 Dec 2018 23:37:56 +0000 (18:37 -0500)]
Cleaner disposal of ephemeral engine ids and names

Engine names and ids are typically static strings.  If an application
actually dynamically allocated these, the application owns the
storage, and should dispose of it via the original handle, rather
than the "const char *" returned by the engine.

In any case, this resolves the test code issue without resort to
"unconst" macros/casts.

Reviewed-by: Richard Levitte <levitte@openssl.org>
5 years agoEliminate NOP cast
Viktor Dukhovni [Sun, 9 Dec 2018 23:37:26 +0000 (18:37 -0500)]
Eliminate NOP cast

Reviewed-by: Richard Levitte <levitte@openssl.org>
5 years agochange into hex string constants to avoid overflow warnings
Christos Zoulas [Mon, 1 Oct 2018 23:09:16 +0000 (19:09 -0400)]
change into hex string constants to avoid overflow warnings

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoAdd a format attribute to the format functions and fix the broken format
Christos Zoulas [Sun, 30 Sep 2018 21:16:07 +0000 (17:16 -0400)]
Add a format attribute to the format functions and fix the broken format
strings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoFix const issues
Christos Zoulas [Sun, 30 Sep 2018 20:59:46 +0000 (16:59 -0400)]
Fix const issues

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoAvoid const castaway warning
Christos Zoulas [Sun, 30 Sep 2018 20:57:56 +0000 (16:57 -0400)]
Avoid const castaway warning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoUse a const variable
Christos Zoulas [Sun, 30 Sep 2018 20:57:14 +0000 (16:57 -0400)]
Use a const variable

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoUse the proper fonst cast
Christos Zoulas [Sun, 30 Sep 2018 20:56:49 +0000 (16:56 -0400)]
Use the proper fonst cast

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agodon't pass const string where a modifyable string is expected
Christos Zoulas [Sun, 30 Sep 2018 20:56:14 +0000 (16:56 -0400)]
don't pass const string where a modifyable string is expected

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoadd missing "void" in prototype.
Christos Zoulas [Sun, 30 Sep 2018 20:55:05 +0000 (16:55 -0400)]
add missing "void" in prototype.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoadd missing const in cast
Christos Zoulas [Sun, 30 Sep 2018 20:54:25 +0000 (16:54 -0400)]
add missing const in cast

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoadd missing const
Christos Zoulas [Sun, 30 Sep 2018 20:53:22 +0000 (16:53 -0400)]
add missing const

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agouse the proper types to eliminate casts
Christos Zoulas [Sun, 30 Sep 2018 20:52:44 +0000 (16:52 -0400)]
use the proper types to eliminate casts

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoerr/err.c: improve err_clear_last_constant_time's portability.
Andy Polyakov [Fri, 7 Dec 2018 21:19:57 +0000 (22:19 +0100)]
err/err.c: improve err_clear_last_constant_time's portability.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7850)

5 years agoUpdate kmac.c
terry zhao [Fri, 7 Dec 2018 03:13:49 +0000 (11:13 +0800)]
Update kmac.c

fix nmake compiler error

```
crypto\kmac\kmac.c : warning treated as error - no object file generated
crypto\kmac\kmac.c : warning C4819: The file contains a character that cannot be represented in the current code page (936). Save the file in Unicode format to prevent data loss
```

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7846)

5 years agoConfigure: fix the version string in the configure output
Dr. Matthias St. Pierre [Thu, 6 Dec 2018 23:32:43 +0000 (00:32 +0100)]
Configure: fix the version string in the configure output

Since `$config{version}` and `$config{version_num}` were removed
in commit 3a63dbef15b6, the configure output displays an empty
version number string in parentheses instead of the version number.

This pull request fixes that by adding new config variables
`version` and `full_version`, analogous to `OPENSSL_VERSION_STR`
and `OPENSSL_FULL_VERSION_STR`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7841)

5 years agoRemove all NOEXIST symbols from ordinals files
Richard Levitte [Fri, 7 Dec 2018 11:17:33 +0000 (12:17 +0100)]
Remove all NOEXIST symbols from ordinals files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)