oweals/openssl.git
7 years agoAdd a comment on expectations in the "tar" target
Richard Levitte [Thu, 17 Aug 2017 12:08:43 +0000 (14:08 +0200)]
Add a comment on expectations in the "tar" target

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)

(cherry picked from commit 77a9c26e03ccfec8d16985bce79e95eb6dc2dd2e)

7 years agoPrepare tarball in dist directory
Richard Levitte [Thu, 17 Aug 2017 12:04:36 +0000 (14:04 +0200)]
Prepare tarball in dist directory

We changed directory to the wrong directory.
This change also separates the preparation phase from the tarball
building phase.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)

(cherry picked from commit 17c84aa763b1d69c5446542bf9b4e2f642c570f2)

7 years agoTurn on error sensitivity in the "tar" target
Richard Levitte [Thu, 17 Aug 2017 12:04:18 +0000 (14:04 +0200)]
Turn on error sensitivity in the "tar" target

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)

(cherry picked from commit 34a5b7d727204eb990acd44899d457245ac94d7c)

7 years agoerr/err.c: fix "wraparound" bug in ERR_set_error_data.
Andy Polyakov [Wed, 16 Aug 2017 21:06:57 +0000 (23:06 +0200)]
err/err.c: fix "wraparound" bug in ERR_set_error_data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d3d880ce01cfaf0091f46a2f6b5bd146d47a93e7)

7 years agoClear outputs in PKCS12_parse error handling.
Bernd Edlinger [Sat, 12 Aug 2017 08:11:09 +0000 (10:11 +0200)]
Clear outputs in PKCS12_parse error handling.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4145)

(cherry picked from commit 524fdd515569e12047ddb29ba4c7f19706aacc98)

7 years agoFix OCSP_basic_verify() cert chain construction in case bs->certs is NULL
David von Oheimb [Wed, 16 Aug 2017 18:00:05 +0000 (14:00 -0400)]
Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL

Now the certs arg is not any more neglected when building the signer cert chain.
Added case to test/recipes/80-test_ocsp.t proving fix for 3-level CA hierarchy.

See also http://rt.openssl.org/Ticket/Display.html?id=4620

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4124)

(cherry picked from commit 121738d1cbfffa704eef4073510f13b419e6f08d)

7 years agoReorder extensions to put SigAlgs last
Todd Short [Thu, 13 Jul 2017 14:47:16 +0000 (10:47 -0400)]
Reorder extensions to put SigAlgs last

WebSphere application server cannot handle having an empty
extension (e.g. EMS/EtM) as the last extension in a client hello.
This moves the SigAlgs extension last (before any padding) for TLSv1.2
to avoid this issue.

Force the padding extension to a minimum length of 1.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3927)

7 years agono-ec2m fixes
Dr. Stephen Henson [Thu, 10 Aug 2017 15:36:37 +0000 (16:36 +0100)]
no-ec2m fixes

Fix warning and don't use binary field certificate for ECDH CMS
key only test.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4134)

(cherry picked from commit ed5c7ea250657796517fef035e162b20eb8d3c7f)

7 years agoAdd alternative CMS P-256 cert
Dr. Stephen Henson [Thu, 10 Aug 2017 15:45:31 +0000 (16:45 +0100)]
Add alternative CMS P-256 cert

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4134)

(cherry picked from commit 1aee92bf0f3fe243192fb5440f7c9789d5a08c67)

7 years agoAdd missing HTML tag in www_body in s_server.c
Xiaoyin Liu [Sat, 5 Aug 2017 06:31:04 +0000 (02:31 -0400)]
Add missing HTML tag in www_body in s_server.c

In the generated HTML document, the `<pre>` tag is not closed. This patch
also has a trivial code-style improvement, unrelated to the bug fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4088)

(cherry picked from commit 1a9f5cf0d58629ab8972f50e937d8ab78bf27b6f)

7 years agoSupport CMS decrypt without a certificate for all key types
Dr. Stephen Henson [Tue, 8 Aug 2017 14:20:07 +0000 (15:20 +0100)]
Support CMS decrypt without a certificate for all key types

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4115)

(cherry picked from commit 3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db)

7 years agoAdd test for ECDH CMS key only
Dr. Stephen Henson [Tue, 8 Aug 2017 14:25:14 +0000 (15:25 +0100)]
Add test for ECDH CMS key only

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4115)

(cherry picked from commit 5d09b003c080d81ff6adfb6c54be5c018a2ba294)

7 years agoAvoid surpising password dialog in X509 file lookup.
Bernd Edlinger [Mon, 7 Aug 2017 16:02:53 +0000 (18:02 +0200)]
Avoid surpising password dialog in X509 file lookup.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4111)

(cherry picked from commit db854bb14a7010712cfc02861731399b1b587474)

7 years agoFix typo in files in crypto folder
Xiaoyin Liu [Fri, 4 Aug 2017 05:10:41 +0000 (01:10 -0400)]
Fix typo in files in crypto folder

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #4093
(cherry picked from commit c9a41d7dd631a69b73bea8af714a3a8b872b8309)

7 years agoRevert "Perl: Use File::Glob::bsd_glob rather than File::Glob::glob"
Richard Levitte [Thu, 3 Aug 2017 15:19:13 +0000 (17:19 +0200)]
Revert "Perl: Use File::Glob::bsd_glob rather than File::Glob::glob"

This needs more change that what is appropriate for the 1.1.0 branch.

This reverts commit 0401110073cd392602855f9b72af2ebec7909625.

Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years agoremove horrible pragma macro and remove __owur from SSL_CTX_add_session() declaration
Lingmo Zhu [Wed, 2 Aug 2017 12:55:40 +0000 (20:55 +0800)]
remove horrible pragma macro and remove __owur from SSL_CTX_add_session() declaration

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4014)

(cherry picked from commit 5bd05e579994c756cd994b5e0ff5f395aae6bfff)

7 years agoRemove the obsolete misleading comment and code related to it.
Lingmo Zhu [Tue, 25 Jul 2017 10:00:44 +0000 (18:00 +0800)]
Remove the obsolete misleading comment and code related to it.

The comment "The following should not return 1, otherwise, things
are very strange" is from the very first commit of OpenSSL. The
really meaning of the comment is if the identical session can be
found from internal cache after calling get_session_cb but not
found before calling get_session_cb, it is just strange.

The value 1 was originated from the old doc of SSLeay, reversed
from the actual return value of SSL_CTX_add_session().

Anyway either return value of SSL_CTX_add_session() should not
interrupt the session resumption process. So the checking of
return value of SSL_CTX_add_session() is not necessary.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4014)

(cherry picked from commit e29bb83479cc567b4bb414dc55148ec06a30a115)

7 years agoAdd EC key generation paragraph in doc/HOWTO/keys.txt
Paul Yang [Fri, 28 Jul 2017 07:11:48 +0000 (15:11 +0800)]
Add EC key generation paragraph in doc/HOWTO/keys.txt

Seems this documentation is not dead, so add this missing part

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4037)

(cherry picked from commit 003ef7ef9ad84bfb12ae1f42c41cdf08111f499f)

7 years agoRSA_get0_ functions permit NULL parameters
Ken Goldman [Mon, 31 Jul 2017 20:44:47 +0000 (16:44 -0400)]
RSA_get0_ functions permit NULL parameters

Document that the RSA_get0_ functions permit a NULL BIGNUM **. Those output parameters are ignored.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4064)

(cherry picked from commit 07c54e598ce8a15c08abcfcae939bdf8f017dae3)

7 years agoFix an information leak in the RSA padding check code.
Bernd Edlinger [Mon, 31 Jul 2017 18:52:43 +0000 (20:52 +0200)]
Fix an information leak in the RSA padding check code.
The memory blocks contain secret data and must be
cleared before returning to the system heap.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4062)

(cherry picked from commit e670db0183079b5f6325ce2abd9d785e0f966890)

7 years agoFix errors in SSL_state_string_long
Xiaoyin Liu [Mon, 31 Jul 2017 12:55:37 +0000 (08:55 -0400)]
Fix errors in SSL_state_string_long

TLS_ST_SR_NEXT_PROTO means "SSLv3/TLS read next proto"
Fix typo in the message for TLS_ST_SW_CERT_STATUS

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4054)

(cherry picked from commit f978f2b8af576ed1d9409de440b5c1f97ac0e7ab)

7 years agoapp_isdir() cleanup
Xiaoyin Liu [Sat, 22 Jul 2017 05:57:27 +0000 (01:57 -0400)]
app_isdir() cleanup

I think it's better to use `GetFileAttributes` to obtain the attributes
of a file than `FindFirstFile`. If the input name contains `*`, this
function should return failure rather than check whether the first match
happens to be a file or a directory.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3991)

(cherry picked from commit 5bd051a0dcd4f04bc9ea197f74b34612b3fcca84)

7 years agoAdd some test coverage for OPENSSL_secure_clear_free
Bernd Edlinger [Sat, 29 Jul 2017 19:19:07 +0000 (21:19 +0200)]
Add some test coverage for OPENSSL_secure_clear_free

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4048)

7 years agoImplement the CRYPTO_secure_clear_free function.
Bernd Edlinger [Sat, 29 Jul 2017 17:49:26 +0000 (19:49 +0200)]
Implement the CRYPTO_secure_clear_free function.
Use OPENSSL_secure_clear_free for secure mem BIOs
and X25519 private keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4048)

7 years agoClean password buffer on stack for PEM_read_bio_PrivateKey
Bernd Edlinger [Sat, 29 Jul 2017 10:19:29 +0000 (12:19 +0200)]
Clean password buffer on stack for PEM_read_bio_PrivateKey
and d2i_PKCS8PrivateKey_bio before it goes out of scope.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4047)

(cherry picked from commit 02fd47c8b0930dff9b188fd13bfb9da5e59444a8)

7 years agoFix rsa -check option
Paul Yang [Fri, 28 Jul 2017 16:24:27 +0000 (00:24 +0800)]
Fix rsa -check option

original problem: if a private key is invaild, nothing outputted.

the error filter in apps/rsa.c is not working any more.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4043)

(cherry picked from commit 03883e7e168b0f5ef52a516eeb86346b767e0298)

7 years agoFix a reference nit in doc
Paul Yang [Fri, 28 Jul 2017 05:31:27 +0000 (13:31 +0800)]
Fix a reference nit in doc

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4036)

(cherry picked from commit dbd007d7d2cae4891936aed55949b55b776b97ec)

7 years agoPerl: Use File::Glob::bsd_glob rather than File::Glob::glob
Richard Levitte [Fri, 28 Jul 2017 11:38:03 +0000 (13:38 +0200)]
Perl: Use File::Glob::bsd_glob rather than File::Glob::glob

File::Glob::glob is deprecated, it's use generates this kind of
message:

    File::Glob::glob() will disappear in perl 5.30. Use File::Glob::bsd_glob() instead. at ../master/Configure line 277.

So instead, use a construction that makes the caller glob() use
File::Glob::bsd_glob().

Note that we're still excluding VMS, as it's directory specs use '['
and ']', which have a different meaning with bsd_glob and would need
some extra quoting.  This might change, but later.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4040)

(cherry picked from commit 102c9e1296b656c4049c1110abc8a52b43bd0dcf)

7 years agoFix comment typo.
David Benjamin [Wed, 26 Jul 2017 16:30:27 +0000 (12:30 -0400)]
Fix comment typo.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4023)

(cherry picked from commit d67e755418b62fb451ec221c126c9935a06ea63b)

7 years agoFix async engine pause dead lock in error case.
Emeric Brun [Wed, 26 Jul 2017 13:59:21 +0000 (15:59 +0200)]
Fix async engine pause dead lock in error case.

In 'crypto/rand/ossl_rand.c', a call to
'ASYNC_unblock_pause()' is missing in an error case.

CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(cherry picked from commit e4b16013e9b3d19241d3ba0bb0875f0d70d93509)

(Merged from https://github.com/openssl/openssl/pull/4024)

7 years agoRemove resolved TODO
Emilia Kasper [Thu, 13 Jul 2017 16:30:56 +0000 (18:30 +0200)]
Remove resolved TODO

Fixed in 5b8fa431ae8eb5a18ba913494119e394230d4b70

[ci skip]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3924)

7 years agoFix potential use-after-free and memory leak
Pauli [Wed, 26 Jul 2017 00:04:05 +0000 (10:04 +1000)]
Fix potential use-after-free and memory leak

In function wait_for_async(), allocated async fds is freed if
`SSL_get_all_async_fds` fails, but later `fds` is used. Interestingly,
it is not freed when everything succeeds.

Rewrite the FD set loop to make it more readable and to not modify the allocated
pointer so it can be freed.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3992)

(cherry picked from commit 0a3452520fe4cd6871ae8b7c4199c6d5d4efe912)

7 years agox86_64 assembly pack: "optimize" for Knights Landing.
Andy Polyakov [Mon, 24 Jul 2017 19:50:52 +0000 (21:50 +0200)]
x86_64 assembly pack: "optimize" for Knights Landing.

"Optimize" is in quotes because it's rather a "salvage operation"
for now. Idea is to identify processor capability flags that
drive Knights Landing to suboptimial code paths and mask them.
Two flags were identified, XSAVE and ADCX/ADOX. Former affects
choice of AES-NI code path specific for Silvermont (Knights Landing
is of Silvermont "ancestry"). And 64-bit ADCX/ADOX instructions are
effectively mishandled at decode time. In both cases we are looking
at ~2x improvement.

Hardware used for benchmarking courtesy of Atos, experiments run by
Romain Dolbeau <romain.dolbeau@atos.net>. Kudos!

This is minimalistic backpoint of 64d92d74985ebb3d0be58a9718f9e080a14a8e7f

Thanks to David Benjamin for spotting typo in Knights Landing detection!

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4006)

7 years agoaes/asm/aesni-sha*-x86_64.pl: add SHAEXT performance results.
Andy Polyakov [Mon, 10 Jul 2017 13:21:00 +0000 (15:21 +0200)]
aes/asm/aesni-sha*-x86_64.pl: add SHAEXT performance results.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/3898)

(cherry picked from commit 1843787173da9b07029d0863e236107b1dd4fdd7)

7 years agoevp/e_aes_cbc_hmac_sha256.c: give SHAEXT right priority.
Andy Polyakov [Mon, 10 Jul 2017 13:19:45 +0000 (15:19 +0200)]
evp/e_aes_cbc_hmac_sha256.c: give SHAEXT right priority.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/3898)

(cherry picked from commit d0f6eb1d8c84165c383a677266cfae9c0b162781)

7 years agoschlock global variable needs to be volatile
Xiaoyin Liu [Mon, 24 Jul 2017 15:28:50 +0000 (11:28 -0400)]
schlock global variable needs to be volatile

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4000)

(cherry picked from commit e0de4dd5a2b0c0dc27e6a6ab01fabe374d657d23)

7 years agoFix nid assignment in ASN1_STRING_TABLE_add
lolyonok [Fri, 14 Jul 2017 15:22:12 +0000 (18:22 +0300)]
Fix nid assignment in ASN1_STRING_TABLE_add

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3934)

(cherry picked from commit 386e9169c35718436ba038dff93711d2db73fa6a)

7 years agotest/recipes/80-test_tsa.t: Don't trust 'OPENSSL_CONF'
Richard Levitte [Sat, 22 Jul 2017 21:37:06 +0000 (23:37 +0200)]
test/recipes/80-test_tsa.t: Don't trust 'OPENSSL_CONF'

There's a case when the environment variable OPENSSL_CONF is
useless...  when cross compiling for mingw and your wine environment
has an environment variable OPENSSL_CONF.  The latter will override
anything that's given when starting wine and there make the use of
that environment variable useless in our tests.

Therefore, we should not trust it, and use explicit '-config' options
instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3994)

(cherry picked from commit 83e0d090b196f70a9f25ff505d5813745585ef85)

7 years agoSimplify Makefile.shared
Richard Levitte [Fri, 21 Jul 2017 16:04:51 +0000 (18:04 +0200)]
Simplify Makefile.shared

Makefile.shared was designed to figure out static library names,
shared library names, library version compatibility, import library
names and the like on its own.  This was a design for pre-1.1.0
OpenSSL because the main Makefile didn't have all that knowledge.

With 1.1.0, the situation isn't the same, a lot more knowledge is
included in the main Makefile, and while Makefile.shared did things
right most of the time (there are some corner cases, such as the
choice of .sl or .so as DSO extension on some HPUX versions), there's
still an inherent fragility when one has to keep an eye on
Makefile.shared to make sure it produces what the main Makefile
produces.

This change simplifies Makefile.shared by removing all its
"intelligence" and have it depend entirely on the input from the main
Makefile instead.  That way, all the naming is driven from
configuration data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3983)

(cherry picked from commit d07abe13a7955296da756d3f5032a276ac3d47ee)

7 years agoFix const correctness of EC_KEY_METHOD_get_*
Johannes Bauer [Fri, 21 Jul 2017 17:58:18 +0000 (19:58 +0200)]
Fix const correctness of EC_KEY_METHOD_get_*

Changes the EC_KEY_METHOD_get_* family to not need a EC_KEY_METHOD* as
its first parameter, but a const EC_KEY_METHOD*, which is entirely
sufficient.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #3985
(cherry picked from commit 4e9b720e90ec154c9708139e96ec0ff8e2796c82)

7 years agoRemove some dead code
Matt Caswell [Mon, 17 Jul 2017 15:55:32 +0000 (16:55 +0100)]
Remove some dead code

The intention of the removed code was to check if the previous operation
carried. However this does not work. The "mask" value always ends up being
a constant and is all ones - thus it has no effect. This check is no longer
required because of the previous commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3832)

(cherry picked from commit d5475e319575a45b20f560bdfae56cbfb165cb01)

7 years agoFix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c
Matt Caswell [Wed, 28 Jun 2017 14:18:30 +0000 (15:18 +0100)]
Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c

In TLS mode of operation the padding value "pad" is obtained along with the
maximum possible padding value "maxpad". If pad > maxpad then the data is
invalid. However we must continue anyway because this is constant time code.

We calculate the payload length like this:

    inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);

However if pad is invalid then inp_len ends up -ve (actually large +ve
because it is a size_t).

Later we do this:

    /* verify HMAC */
    out += inp_len;
    len -= inp_len;

This ends up with "out" pointing before the buffer which is undefined
behaviour. Next we calculate "p" like this:

    unsigned char *p =
        out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;

Because of the "out + len" term the -ve inp_len value is cancelled out
so "p" points to valid memory (although technically the pointer arithmetic
is undefined behaviour again).

We only ever then dereference "p" and never "out" directly so there is
never an invalid read based on the bad pointer - so there is no security
issue.

This commit fixes the undefined behaviour by ensuring we use maxpad in
place of pad, if the supplied pad is invalid.

With thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3832)

(cherry picked from commit 335d0a4646981c9d96b62811bcfd69a96a1a67d9)

7 years agoRSA_padding_check_PKCS1_type_2 is not constant time.
Emilia Kasper [Tue, 18 Jul 2017 09:26:34 +0000 (11:26 +0200)]
RSA_padding_check_PKCS1_type_2 is not constant time.

This is an inherent weakness of the padding mode. We can't make the
implementation constant time (see the comments in rsa_pk1.c), so add a
warning to the docs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoFix bogus use of BIO_sock_should_retry.
Bernd Edlinger [Mon, 17 Jul 2017 09:51:19 +0000 (11:51 +0200)]
Fix bogus use of BIO_sock_should_retry.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3948)

(cherry picked from commit daaaa3cb7e506466b38de995b3e5149f4045bdff)

7 years agoFix gcc-7 warnings about missing fall thru comments.
Bernd Edlinger [Fri, 14 Jul 2017 16:35:36 +0000 (18:35 +0200)]
Fix gcc-7 warnings about missing fall thru comments.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3936)

7 years agoUpdate PR#3925
Roelof duToit [Thu, 13 Jul 2017 18:09:19 +0000 (14:09 -0400)]
Update PR#3925

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3925)

7 years agoRetry SSL_read on ERROR_WANT_READ.
Roelof duToit [Thu, 13 Jul 2017 17:07:26 +0000 (13:07 -0400)]
Retry SSL_read on ERROR_WANT_READ.
This resolves the retry issue in general, but also the specific case where a TLS 1.3 server sends a post-handshake NewSessionTicket message prior to appdata.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3925)

7 years agoFix crash in BUF_MEM_grow_clean.
Bernd Edlinger [Sun, 9 Jul 2017 19:22:26 +0000 (21:22 +0200)]
Fix crash in BUF_MEM_grow_clean.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3896)

(cherry picked from commit e1ca9e1f6db97052a0ebea6591f323b12b1e0020)

7 years agoFix cipher_compare
Richard Levitte [Sat, 8 Jul 2017 20:13:24 +0000 (22:13 +0200)]
Fix cipher_compare

Unsigned overflow.  Found by Brian Carpenter

Fixes #3889

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3890)

(cherry picked from commit a7ff57965b81ce4fd73a18266ce29abf6b909fdb)

7 years agotest/run_tests.pl: Make sure to exit with a code that's understood universally
Richard Levitte [Fri, 7 Jul 2017 09:11:33 +0000 (11:11 +0200)]
test/run_tests.pl: Make sure to exit with a code that's understood universally

TAP::Parser::Aggregator::has_errors may return any number, not just 0
and 1.  With Perl on VMS, any number from 2 and on is interpreted as a
VMS status, the 3 lower bits are the encoded severity (1 = SUCCESS,
for example), so depending on what has_errors returns, a test failure
might be interpreted as a success.  Therefore, it's better to make
sure the exit code is 0 or 1, nothing else (they are special on VMS,
and mean SUCCESS or FAILURE, to match Unix conventions).

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3880)

(cherry picked from commit 4549ed12ec3337313c14815438fa9aee88bf1359)

7 years agotest/recipes/90-test_shlibload.t: Make sure to handle library renames
Richard Levitte [Fri, 7 Jul 2017 09:10:05 +0000 (11:10 +0200)]
test/recipes/90-test_shlibload.t: Make sure to handle library renames

VMS renames our libraries to fit VMS conventions.  This must be accounted
for when we want to load them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3880)

(cherry picked from commit bfa3480f7609351563ac36dddd7c64e97aa6f446)

7 years agoVMS: When running a sub-MMS, make sure to give it the main MMS' qualifiers
Richard Levitte [Fri, 7 Jul 2017 09:09:19 +0000 (11:09 +0200)]
VMS: When running a sub-MMS, make sure to give it the main MMS' qualifiers

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3880)

(cherry picked from commit 984cf15eb5faac8e328d1ba4a623b1777eb82de1)

7 years agoAdd echo for end of each build phase
Rich Salz [Tue, 4 Jul 2017 22:06:43 +0000 (18:06 -0400)]
Add echo for end of each build phase

Ported GH #3842 to 1.1.0 branch

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3844)

7 years agoFix travis clang-3.9 builds
Matt Caswell [Fri, 23 Jun 2017 12:58:49 +0000 (13:58 +0100)]
Fix travis clang-3.9 builds

Something environmental changed in travis so that it started preferring
the ubuntu clang-3.9 version instead of the llvm.org one. This breaks the
sanitiser based builds. This change forces travis to de-prioritise the
ubuntu clang packages.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3854)

7 years agoFix small UI issues
Richard Levitte [Wed, 5 Jul 2017 08:26:25 +0000 (10:26 +0200)]
Fix small UI issues

- in EVP_read_pw_string_min(), the return value from UI_add_* wasn't
  properly checked
- in UI_process(), |state| was never made NULL, which means an error
  when closing the session wouldn't be accurately reported.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3849)

(cherry picked from commit b96dba9e5ec7afc355be1eab915f69c8c0d51741)

7 years agoAvoid possible memleak in X509_policy_check()
Richard Levitte [Wed, 5 Jul 2017 09:03:34 +0000 (11:03 +0200)]
Avoid possible memleak in X509_policy_check()

When tree_calculate_user_set() fails, a jump to error failed to
deallocate a possibly allocated |auth_nodes|.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3850)

(cherry picked from commit 67f060acefae34d820ccdb2f560d86ed10633500)

7 years agoCorrect documentation for UI_get0_result_string
Richard Levitte [Sat, 1 Jul 2017 16:28:50 +0000 (18:28 +0200)]
Correct documentation for UI_get0_result_string

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3824)

7 years agoWhen apps_startup() fails, exit with a failure code and a message
Richard Levitte [Fri, 30 Jun 2017 18:47:45 +0000 (20:47 +0200)]
When apps_startup() fails, exit with a failure code and a message

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3816)

(cherry picked from commit f2da4a4917eae1bf66290e1bd8ccd3db69d3fe63)

7 years agoutil/mkdef.pl: Make symbol version processing Linux only
Richard Levitte [Thu, 29 Jun 2017 19:11:48 +0000 (21:11 +0200)]
util/mkdef.pl: Make symbol version processing Linux only

For Windows, we care which way it is, the resulting file is just a pile
of symbols.  For VMS, we really need to care about the numeric ordering,
and getting the symbols sorted by symbol version too didn't agree with
that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)

(cherry picked from commit 0e288c2af2f24121ebd5f0c58912d9429915c02a)

7 years agoutil/mkdef.pl: Add UNIX as a platform
Richard Levitte [Thu, 29 Jun 2017 19:09:52 +0000 (21:09 +0200)]
util/mkdef.pl: Add UNIX as a platform

This allows us to guard Unix specific functions with
#ifndef / #ifdef OPENSSL_SYS_UNIX

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)

(cherry picked from commit 9c06cf04ee9aa6682e6cc635aeb453ac12e641c1)

7 years agotsget.in: remove call of WWW::Curl::Easy::global_cleanup
Richard Levitte [Sun, 25 Jun 2017 20:06:25 +0000 (22:06 +0200)]
tsget.in: remove call of WWW::Curl::Easy::global_cleanup

This function is undocumented, but similarly named functions (such as
'curl_global_cleanup') are documented as internals that should not be
called by scripts.

Fixes #3765

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3768)

(cherry picked from commit 6544a91cefe817156461e57a4538c3fe7f621075)

7 years agoFix OBJ_create() to tolerate a NULL sn and ln
Matt Caswell [Thu, 22 Jun 2017 14:25:26 +0000 (15:25 +0100)]
Fix OBJ_create() to tolerate a NULL sn and ln

In 1.0.2 and before OBJ_create() allowed the sn or ln parameter to be NULL.
Commit 52832e47 changed that so that it crashed if they were NULL.

This was causing problems with the built-in config oid module. If a long
name was provided OBJ_create() is initially called with a NULL ln and
therefore causes a crash.

Fixes #3733

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3753)

(cherry picked from commit f13615c5b828aeb8e3d9bf2545c803633d1c684f)

7 years agoFix the names of ChaCha20-Poly1305 cipher suites in t1_trce.c.
David Benjamin [Thu, 22 Jun 2017 03:36:19 +0000 (23:36 -0400)]
Fix the names of ChaCha20-Poly1305 cipher suites in t1_trce.c.

Per RFC 7905, the cipher suite names end in "_SHA256". The original
implementation targeted the -03 draft, but there was a -04 draft right
before the RFC was published to make the names consistent.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3748)

(cherry picked from commit 32bbf777d0de7b0be90170b69fe9290096065fc9)

7 years agoAdd documentation for the SSL_export_keying_material() function
Matt Caswell [Wed, 21 Jun 2017 12:55:02 +0000 (13:55 +0100)]
Add documentation for the SSL_export_keying_material() function

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3736)

7 years agoFix DTLS failure when used in a build which has SCTP enabled
Matt Caswell [Tue, 20 Jun 2017 15:36:30 +0000 (16:36 +0100)]
Fix DTLS failure when used in a build which has SCTP enabled

The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with
the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately
due to this clash, this wasn't the case. The BIO ended up going into peek
mode and was continually reading the same data over and over - throwing it
away as a replay.

Fixes #3723

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3724)

(cherry picked from commit 9924087573cfbc8d2bc97088f36d1a81ca00cda3)

7 years agoDon't fail the connection in SSLv3 if server selects ECDHE
Matt Caswell [Wed, 12 Apr 2017 16:02:42 +0000 (17:02 +0100)]
Don't fail the connection in SSLv3 if server selects ECDHE

ECDHE is not properly defined for SSLv3. Commit fe55c4a2 prevented ECDHE
from being selected in that protocol. However, historically, servers do
still select ECDHE anyway so that commit causes interoperability problems.
Clients that previously worked when talking to an SSLv3 server could now
fail.

This commit introduces an exception which enables a client to continue in
SSLv3 if the server selected ECDHE.

(cherry picked from commit 8af91fd9d08487e0dffb6ccac5f42633c964f3f0)

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3734)

7 years agoAdd parentheses around macro argument of OSSL_NELEM.
Bernd Edlinger [Sun, 26 Mar 2017 21:29:41 +0000 (23:29 +0200)]
Add parentheses around macro argument of OSSL_NELEM.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3039)

(cherry picked from commit 26dc47f3c44c7fb4488d1becaf997737486f4922)

7 years agoRemove duplicates from clang_devteam_warnings
Benjamin Kaduk [Mon, 1 May 2017 17:39:20 +0000 (12:39 -0500)]
Remove duplicates from clang_devteam_warnings

Since the clang_devteam_warnings are appended to the gcc_devteam_warnings
when strict-warnings are requested, any items present in both the gcc
and clang variables will be duplicated in the cflags used for clang builds.
Remove the extra copy from the clang-specific flags in favor of the
gcc_devteam_warnings that are used for all strict-warnings builds.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
(cherry picked from commit 96db26919d5caff2db6340354a026f56dc6f09da)

[extended tests]

7 years agoAddress some -Wold-style-declaration warnings
Benjamin Kaduk [Fri, 14 Apr 2017 16:53:04 +0000 (11:53 -0500)]
Address some -Wold-style-declaration warnings

gcc's -Wextra pulls in -Wold-style-declaration, which triggers when a
declaration has a storage-class specifier as a non-initial qualifier.
The ISO C formal grammar requires the storage-class to be the first
component of the declaration, if present.

Seeint as the register storage-class specifier does not really have any effect
anymore with modern compilers, remove it entirely while we're here, instead of
fixing up the order.

Interestingly, the gcc devteam warnings do not pull in -Wextra, though
the clang ones do.

[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
(cherry picked from commit f44903a428cc63ce88bfba26e8e4e2e9b21f058d)

7 years agoAdd -Wextra to gcc devteam warnings
Benjamin Kaduk [Tue, 18 Apr 2017 15:48:11 +0000 (10:48 -0500)]
Add -Wextra to gcc devteam warnings

clang already has it; let's flip the switch and deal with the fallout.
Exclude -Wunused-parameter, as we have many places where we keep unused
parameters to conform to a uniform vtable-like interface.
Also exclude -Wmissing-field-initializers; it's okay to rely on
the standard-mandated behavior of filling out with 0/NULL.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
(cherry picked from commit 560ad13c74fe6967991a2429d90eeeba815d1f9e)

7 years agoFix the fall-out in 04-test_bioprint.t
Bernd Edlinger [Mon, 19 Jun 2017 11:33:41 +0000 (13:33 +0200)]
Fix the fall-out in 04-test_bioprint.t

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3712)
(cherry picked from commit 3ac6d5ee5372b05aa90cc5c44efbde01bd669e9e)

7 years agoFix the error handling in ERR_get_state:
Bernd Edlinger [Mon, 19 Jun 2017 09:18:44 +0000 (11:18 +0200)]
Fix the error handling in ERR_get_state:

- Ignoring the return code of ossl_init_thread_start created a memory leak.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3712)
(cherry picked from commit af6de400b49c011600cfd557319d1142da6e5cbd)

7 years agoRemove non-accurate description in Configure script
Paul Yang [Sat, 17 Jun 2017 14:17:44 +0000 (22:17 +0800)]
Remove non-accurate description in Configure script

For DES and 3DES based ciphers are also enabled by this option.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3707)
(cherry picked from commit edcdf38bd09f77160f0ec3e5bdd9d9525daf6f25)

7 years agoRemove a pointless "#if 0" block from BN_mul.
Bernd Edlinger [Wed, 14 Jun 2017 19:54:15 +0000 (21:54 +0200)]
Remove a pointless "#if 0" block from BN_mul.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3683)

(cherry picked from commit 93a8b3ba793c769a3634e56642dac55a8d44023f)

7 years agoAdd apps/progs.h to gitignore
Todd Short [Thu, 15 Jun 2017 19:24:19 +0000 (15:24 -0400)]
Add apps/progs.h to gitignore

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3692)
(cherry picked from commit 0bb4847b67b9eaa1123abf99e077d66ad54c7616)

7 years agoBuild apps/progs.h dynamically
Richard Levitte [Thu, 15 Jun 2017 17:31:01 +0000 (19:31 +0200)]
Build apps/progs.h dynamically

Because apps/progs.h isn't configuration agnostic, it's not at all
suited for 'make update' or being versioned, so change it to be
dynamically generated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3688)

(cherry picked from commit 6a74806ed741db24df3a7155e4bc11fb4ba9bc2a)

7 years ago.travis.yml: Detect if 'make update' updated something
Richard Levitte [Thu, 15 Jun 2017 14:52:18 +0000 (16:52 +0200)]
.travis.yml: Detect if 'make update' updated something

If it did, it really is something that should be checked in, and should
therefore make a CI build fail.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3686)

(cherry picked from commit 46e5b661d435b11652b90cd9e06cbf6606d3b61a)

7 years agoFix crash in ecdh_simple_compute_key.
Bernd Edlinger [Tue, 13 Jun 2017 16:08:40 +0000 (18:08 +0200)]
Fix crash in ecdh_simple_compute_key.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3671)
(cherry picked from commit abea494cf75061650deecf584adc2cd293ce322d)

7 years agoFix a possible crash in dsa_builtin_paramgen2.
Bernd Edlinger [Tue, 13 Jun 2017 19:22:45 +0000 (21:22 +0200)]
Fix a possible crash in dsa_builtin_paramgen2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
(cherry picked from commit fb0a64126b8c11a6961dfa1323c3602b591af7df)

7 years agoFix another possible crash in rsa_ossl_mod_exp.
Bernd Edlinger [Tue, 13 Jun 2017 20:08:03 +0000 (22:08 +0200)]
Fix another possible crash in rsa_ossl_mod_exp.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
(cherry picked from commit 5625567f9c7daaa2e2689647e10e4c5d7370718f)

7 years agoFix possible crash in X931 code.
Bernd Edlinger [Tue, 13 Jun 2017 20:34:30 +0000 (22:34 +0200)]
Fix possible crash in X931 code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
(cherry picked from commit 5419dadd4bd1f7abbfa23326ca766d2c143f257c)

7 years agoFix ex_data and session_dup issues
Todd Short [Wed, 26 Apr 2017 18:05:49 +0000 (14:05 -0400)]
Fix ex_data and session_dup issues

Code was added in commit b3c31a65 that overwrote the last ex_data value
using CRYPTO_dup_ex_data() causing a memory leak, and potentially
confusing the ex_data dup() callback.

In ssl_session_dup(), fix error handling (properly reference and up-ref
shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data();
all other structures that dup ex_data have the destination ex_data new'd
before the dup.

Fix up some of the ex_data documentation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3625)

7 years agoFix a possible crash in the error handling.
Bernd Edlinger [Tue, 13 Jun 2017 17:00:35 +0000 (19:00 +0200)]
Fix a possible crash in the error handling.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3672)

(cherry picked from commit 4fc426b78964b3d234cb7b1b6112c9b80e16a13a)

7 years agoFix a memleak in ec_copy_parameters.
Bernd Edlinger [Tue, 13 Jun 2017 05:22:50 +0000 (07:22 +0200)]
Fix a memleak in ec_copy_parameters.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3666)
(cherry picked from commit 188a9bd950837c70661aa6849894e4e02d129031)

7 years agoFix memleak in EVP_DigestSignFinal/VerifyFinal.
Bernd Edlinger [Mon, 12 Jun 2017 16:05:19 +0000 (18:05 +0200)]
Fix memleak in EVP_DigestSignFinal/VerifyFinal.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3658)
(cherry picked from commit 19546246cf44d30043fb17d1899b2c325924ac8b)

7 years agoRemove needless type casting.
Rich Salz [Sat, 10 Jun 2017 19:25:56 +0000 (15:25 -0400)]
Remove needless type casting.

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3627)

(cherry picked from commit a020f54c25985fc83e809daa15a3920731d39612)

7 years agoFix possible usage of NULL pointers in apps/spkac.c
Paul Yang [Fri, 9 Jun 2017 18:22:22 +0000 (02:22 +0800)]
Fix possible usage of NULL pointers in apps/spkac.c

Check return value of NETSCAPE_SPKI_new() and
NETSCAPE_SPKI_b64_encode(), and also clean up coding style incidentally.

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3647)
(cherry picked from commit f2582f08d5167ee84b7b313fd1435fe91ee44880)

7 years agoFix speed command for alternation of ciphers and digests.
Jonathan Protzenko [Wed, 17 May 2017 16:09:01 +0000 (09:09 -0700)]
Fix speed command for alternation of ciphers and digests.

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3487)

(cherry picked from commit 9ae4e664da0692f27bfe0d1a34db29ed815203c8)

7 years agofix broken implementations of GOST ciphersuites
Rich Salz [Fri, 9 Jun 2017 16:26:30 +0000 (12:26 -0400)]
fix broken implementations of GOST ciphersuites

removed the unnecessary upper bracket
add !SSL_USE_SIGALGS to check for broken implementations of GOST
client signature (signature without length field)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3588)

7 years agoRemove stale note from s_server.pod
Benjamin Kaduk [Thu, 8 Jun 2017 20:55:30 +0000 (15:55 -0500)]
Remove stale note from s_server.pod

Modern browsers are now, well, pretty modern.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3644)
(cherry picked from commit 36c438514db71eba3e8062fef7869b9211630a19)

7 years agoIgnore -named_curve auto value to improve backwards compatibility
Tomas Mraz [Mon, 22 May 2017 14:20:21 +0000 (16:20 +0200)]
Ignore -named_curve auto value to improve backwards compatibility

Fixes #3490

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3518)
(cherry picked from commit 1c7aa0dbf16c3389bbedd13391bb653e7a189603)

7 years agoFix a read off the end of the input buffer
Rich Salz [Thu, 8 Jun 2017 20:05:52 +0000 (16:05 -0400)]
Fix a read off the end of the input buffer

when building with OPENSSL_SMALL_FOOTPRINT defined.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3533)

(cherry picked from commit 0b20ad127ce86b05a854f31d51d91312c86ccc74)

7 years agoUse memset to clear SRP_CTX instead of NULL and zero assignments
Diego Santa Cruz [Tue, 16 May 2017 08:35:49 +0000 (10:35 +0200)]
Use memset to clear SRP_CTX instead of NULL and zero assignments

This uses memset() to clear all of the SRP_CTX when free'ing or
initializing it as well as in error paths instead of having a series
of NULL and zero assignments as it is safer.

It also changes SSL_SRP_CTX_init() to reset all the SRP_CTX to zero
in case or error, previously it could retain pointers to freed
memory, potentially leading to a double free.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3467)

(cherry picked from commit 135976b3dd24e674c202c20b5746fc04ebb1fc1a)

7 years agoMake SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login.
Diego Santa Cruz [Mon, 15 May 2017 08:35:45 +0000 (10:35 +0200)]
Make SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login.

Ownership and lifetime rules of SRP_CTX.info are confusing and different
from those of SRP_CTX.login, making it difficult to use correctly.
This makes the ownership and lifetime be the same as those of SRP_CTX.login,
thet is a copy is made when setting it and is freed when SRP_CTX is freed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3467)
(cherry picked from commit e655f5494100d93307726b23f4718ead0cadc0c3)

7 years agoWindows: rearrange programs cleanup
Richard Levitte [Thu, 8 Jun 2017 06:02:26 +0000 (08:02 +0200)]
Windows: rearrange programs cleanup

The list of programs hit nmake's maximum line length, so we split up the
line in smaller chunks.

Fixes #3634

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3636)
(cherry picked from commit edef840f23b31066df4333995f544ae0f32d3e09)

7 years agoAdd a lock around the OBJ_NAME table
Rich Salz [Wed, 7 Jun 2017 15:23:37 +0000 (11:23 -0400)]
Add a lock around the OBJ_NAME table

Various initialization functions modify this table, which can cause heap
corruption in the absence of external synchronization.

Some stats are modified from OPENSSL_LH_retrieve, where callers aren't
expecting to have to take out an exclusive lock. Switch to using atomic
operations for those stats.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3525)
(cherry picked from commit be606c013d31847718ceb5d97c567988a771c2e5)

7 years agoDocument default client -psk_identity
Rich Salz [Fri, 2 Jun 2017 20:05:37 +0000 (16:05 -0400)]
Document default client -psk_identity

Document that -psk is required to use PSK cipher

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3607)
(cherry picked from commit 9d772829c9e4f202460acb43f9e073841a7cb9db)

7 years agoec/asm/ecp_nistz256-x86_64.pl: minor sqr_montx cleanup.
Andy Polyakov [Sat, 3 Jun 2017 19:08:57 +0000 (21:08 +0200)]
ec/asm/ecp_nistz256-x86_64.pl: minor sqr_montx cleanup.

Drop some redundant instructions in reduction in ecp_nistz256_sqr_montx.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 8fc063dcc9668589fd95533d25932396d60987f9)

7 years agoOnly release thread-local key if we created it.
Rich Salz [Wed, 31 May 2017 16:14:55 +0000 (12:14 -0400)]
Only release thread-local key if we created it.

Thanks to Jan Alexander Steffens for finding the bug and confirming the
fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3592)
(cherry picked from commit 73bc53708c386c1ea85941d345721e23dc61c05c)

7 years agoAdd text pointing to full change list.
Rich Salz [Fri, 2 Jun 2017 14:30:44 +0000 (10:30 -0400)]
Add text pointing to full change list.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3606)
(cherry picked from commit 01dfaa08b1960049f91485f2e5eec6c6bd03db39)