oweals/openssl.git
7 years agoSet EVP_PKEY_CTX in SignerInfo
Dr. Stephen Henson [Tue, 6 Dec 2016 14:19:41 +0000 (14:19 +0000)]
Set EVP_PKEY_CTX in SignerInfo

If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoOnly allow PSS padding for PSS keys.
Dr. Stephen Henson [Tue, 6 Dec 2016 14:17:21 +0000 (14:17 +0000)]
Only allow PSS padding for PSS keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoDecode parameters properly.
Dr. Stephen Henson [Tue, 6 Dec 2016 14:01:05 +0000 (14:01 +0000)]
Decode parameters properly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoReturn errors PKCS#7/CMS enveloped data ctrls and PSS
Dr. Stephen Henson [Tue, 6 Dec 2016 00:54:19 +0000 (00:54 +0000)]
Return errors PKCS#7/CMS enveloped data ctrls and PSS

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoAdd PSS parameter restrictions.
Dr. Stephen Henson [Mon, 5 Dec 2016 14:55:23 +0000 (14:55 +0000)]
Add PSS parameter restrictions.

If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.

If the key parameters are invalid then verification or signing
initialisation returns an error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoInitial parameter restrictions.
Dr. Stephen Henson [Mon, 5 Dec 2016 14:41:32 +0000 (14:41 +0000)]
Initial parameter restrictions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoAdd rsa_pss_get_param.
Dr. Stephen Henson [Mon, 5 Dec 2016 14:00:48 +0000 (14:00 +0000)]
Add rsa_pss_get_param.

New function rsa_pss_get_param to extract and sanity check PSS parameters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoDon't allow PKCS#7/CMS encrypt with PSS.
Dr. Stephen Henson [Thu, 1 Dec 2016 21:53:58 +0000 (21:53 +0000)]
Don't allow PKCS#7/CMS encrypt with PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoAdd macros to determine if key or ctx is PSS.
Dr. Stephen Henson [Thu, 1 Dec 2016 21:46:31 +0000 (21:46 +0000)]
Add macros to determine if key or ctx is PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoSupport pad mode get/set for PSS keys.
Dr. Stephen Henson [Wed, 30 Nov 2016 18:26:10 +0000 (18:26 +0000)]
Support pad mode get/set for PSS keys.

Pad mode setting returns an error if the mode is anything other then PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoKey gen param support.
Dr. Stephen Henson [Wed, 30 Nov 2016 16:55:30 +0000 (16:55 +0000)]
Key gen param support.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoSet PSS padding mode for PSS keys.
Dr. Stephen Henson [Wed, 30 Nov 2016 16:23:18 +0000 (16:23 +0000)]
Set PSS padding mode for PSS keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoDigest string helper function.
Dr. Stephen Henson [Wed, 30 Nov 2016 16:21:01 +0000 (16:21 +0000)]
Digest string helper function.

New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoSupport RSA operations in PSS.
Dr. Stephen Henson [Mon, 21 Nov 2016 00:44:01 +0000 (00:44 +0000)]
Support RSA operations in PSS.

Add support for common operations in PSS by adding a new function
RSA_pkey_ctx_ctrl() which calls EVP_PKEY_CTX_ctrl if the key type
is RSA or PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoPSS EVP_PKEY method
Dr. Stephen Henson [Thu, 24 Nov 2016 21:44:50 +0000 (21:44 +0000)]
PSS EVP_PKEY method

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoRSA-PSS key printing.
Dr. Stephen Henson [Thu, 24 Nov 2016 14:22:22 +0000 (14:22 +0000)]
RSA-PSS key printing.

Print out RSA-PSS key parameters if present.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoPSS parameter encode and decode.
Dr. Stephen Henson [Thu, 24 Nov 2016 00:58:33 +0000 (00:58 +0000)]
PSS parameter encode and decode.

For RSA PSS keys encode and decode parameters when handling public
and private keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoSplit PSS parameter creation.
Dr. Stephen Henson [Mon, 21 Nov 2016 01:35:30 +0000 (01:35 +0000)]
Split PSS parameter creation.

Split PSS parameter creation. This adds a new function rsa_pss_params_create
which creates PSS parameters from digest and salt values. This will be
used for PSS key generation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoUse method key type instead of EVP_PKEY_RSA
Dr. Stephen Henson [Sun, 20 Nov 2016 04:17:30 +0000 (04:17 +0000)]
Use method key type instead of EVP_PKEY_RSA

Make RSA method more flexible by using the key type from the
method instead of hard coding EVP_PKEY_RSA: by doing this the
same code supports both RSA and RSA-PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoPSS ASN.1 method
Dr. Stephen Henson [Thu, 24 Nov 2016 21:42:49 +0000 (21:42 +0000)]
PSS ASN.1 method

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoadd EVP_PKEY_RSA_PSS
Dr. Stephen Henson [Thu, 24 Nov 2016 21:50:26 +0000 (21:50 +0000)]
add EVP_PKEY_RSA_PSS

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoAdd pss field to RSA structure and free it.
Dr. Stephen Henson [Mon, 21 Nov 2016 01:34:56 +0000 (01:34 +0000)]
Add pss field to RSA structure and free it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoCache maskHash parameter
Dr. Stephen Henson [Thu, 24 Nov 2016 18:51:54 +0000 (18:51 +0000)]
Cache maskHash parameter

Store hash algorithm used for MGF1 masks in PSS and OAEP modes in PSS and
OAEP parameter structure: this avoids the need to decode part of the ASN.1
structure every time it is used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoUpdate fuzz corpora
Kurt Roeckx [Thu, 5 Jan 2017 20:55:40 +0000 (21:55 +0100)]
Update fuzz corpora

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

7 years agoMake client and server fuzzer reproducible
Kurt Roeckx [Thu, 5 Jan 2017 19:18:29 +0000 (20:18 +0100)]
Make client and server fuzzer reproducible

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

7 years agoMake the bignum fuzzer reproducible
Kurt Roeckx [Thu, 5 Jan 2017 19:13:10 +0000 (20:13 +0100)]
Make the bignum fuzzer reproducible

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

7 years agoUpdate fuzz documentation
Kurt Roeckx [Thu, 5 Jan 2017 19:12:05 +0000 (20:12 +0100)]
Update fuzz documentation

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

7 years agoMake rand_add predictable when fuzzing
Kurt Roeckx [Thu, 5 Jan 2017 18:59:14 +0000 (19:59 +0100)]
Make rand_add predictable when fuzzing

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

7 years agoserver fuzzer: add support for DSA and ECDSA
Kurt Roeckx [Thu, 5 Jan 2017 19:20:14 +0000 (20:20 +0100)]
server fuzzer: add support for DSA and ECDSA

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

7 years agoFix various style issues following feedback
Matt Caswell [Fri, 6 Jan 2017 11:01:14 +0000 (11:01 +0000)]
Fix various style issues following feedback

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

7 years agoRename the chain variable to chainidx
Matt Caswell [Thu, 5 Jan 2017 16:12:56 +0000 (16:12 +0000)]
Rename the chain variable to chainidx

This variable represents the index of the cert within the chain, so give it
a name that better represents that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

7 years agoFix a double blank line style issue
Matt Caswell [Thu, 5 Jan 2017 15:05:20 +0000 (15:05 +0000)]
Fix a double blank line style issue

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

7 years agoInitialise the al variable
Matt Caswell [Mon, 2 Jan 2017 11:16:37 +0000 (11:16 +0000)]
Initialise the al variable

al can be used uninitialised in an error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

7 years agoUpdate SSL_trace to understand TLSv1.3 Certificates
Matt Caswell [Fri, 2 Dec 2016 17:14:59 +0000 (17:14 +0000)]
Update SSL_trace to understand TLSv1.3 Certificates

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

7 years agoImplement TLSv1.3 style CertificateStatus
Matt Caswell [Fri, 2 Dec 2016 14:46:54 +0000 (14:46 +0000)]
Implement TLSv1.3 style CertificateStatus

We remove the separate CertificateStatus message for TLSv1.3, and instead
send back the response in the appropriate Certificate message extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

7 years agoCreate Certificate messages in TLS1.3 format
Matt Caswell [Fri, 2 Dec 2016 09:14:15 +0000 (09:14 +0000)]
Create Certificate messages in TLS1.3 format

Also updates TLSProxy to be able to understand the format and parse the
contained extensions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

7 years agoExtends extension parsing to take the Certificate
Matt Caswell [Thu, 1 Dec 2016 15:21:08 +0000 (15:21 +0000)]
Extends extension parsing to take the Certificate

Continuing from the previous commit we also need to extend the extensions
framework to supply the Certificate we just read during parsing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

7 years agoExtend tls_construct_extensions() to enable passing of a certificate
Matt Caswell [Thu, 1 Dec 2016 15:00:37 +0000 (15:00 +0000)]
Extend tls_construct_extensions() to enable passing of a certificate

The Certificate message in TLS1.3 has an extensions block for each
Certificate. Therefore we need to extend tls_construct_extensions() to pass
in the certificate we are working on. We also pass in the position in the
chain (with 0 being the first certificate).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

7 years agoRemove BIO_seek/BIO_tell from evp_test.c
Dr. Stephen Henson [Thu, 5 Jan 2017 19:27:41 +0000 (19:27 +0000)]
Remove BIO_seek/BIO_tell from evp_test.c

BIO_seek and BIO_tell can cause problems with evp_test.c on some platforms.
Avoid them by using a temporary memory BIO to store key PEM data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2183)

7 years agoDon't run MSBLOB conversion tests when RSA or DSA are disabled
Richard Levitte [Wed, 4 Jan 2017 08:34:42 +0000 (09:34 +0100)]
Don't run MSBLOB conversion tests when RSA or DSA are disabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2174)

7 years agoDon't run OCSP tests when OCSP is disabled
Richard Levitte [Wed, 4 Jan 2017 08:16:29 +0000 (09:16 +0100)]
Don't run OCSP tests when OCSP is disabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)

7 years agoDon't build OCSP stuff when OCSP is disabled
Richard Levitte [Wed, 4 Jan 2017 08:16:07 +0000 (09:16 +0100)]
Don't build OCSP stuff when OCSP is disabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)

7 years agoDon't test SRP when it's disabled
Richard Levitte [Wed, 4 Jan 2017 07:47:05 +0000 (08:47 +0100)]
Don't test SRP when it's disabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2172)

7 years agoDon't run NPN tests when NPN is disabled
Richard Levitte [Wed, 4 Jan 2017 07:28:43 +0000 (08:28 +0100)]
Don't run NPN tests when NPN is disabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2171)

7 years agoAdd RSA decrypt and OAEP tests.
Dr. Stephen Henson [Sun, 1 Jan 2017 19:23:46 +0000 (19:23 +0000)]
Add RSA decrypt and OAEP tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoevptests.txt is not a shell script
Dr. Stephen Henson [Sun, 1 Jan 2017 19:23:28 +0000 (19:23 +0000)]
evptests.txt is not a shell script

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoDon't run the sigalgs tests over a TLSv1.3 connection
Matt Caswell [Fri, 30 Dec 2016 17:20:14 +0000 (17:20 +0000)]
Don't run the sigalgs tests over a TLSv1.3 connection

We need a new API for TLSv1.3 sig algs

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)

7 years agoProvide some tests for the sig algs API
Matt Caswell [Fri, 30 Dec 2016 17:12:11 +0000 (17:12 +0000)]
Provide some tests for the sig algs API

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)

7 years agoFix the SSL_set1_sigalgs() macro
Matt Caswell [Fri, 30 Dec 2016 17:11:09 +0000 (17:11 +0000)]
Fix the SSL_set1_sigalgs() macro

This macro has a typo in it which makes it unusable. This issue was already
fixed in 1.0.2 in commit 75fdee04827, but the same fix was not applied to
other branches.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)

7 years ago70-test_sslvertol.t: skip test 1 and 2 if too few protocols are enabled
Richard Levitte [Thu, 29 Dec 2016 12:15:13 +0000 (13:15 +0100)]
70-test_sslvertol.t: skip test 1 and 2 if too few protocols are enabled

These tests depend on there being at least one protocol version below
TLSv1.3 enabled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)

7 years ago80-test_ssl_new.t: Make 19-mac-then-encrypt.conf work without TLSv1.2
Richard Levitte [Sun, 25 Dec 2016 16:57:32 +0000 (17:57 +0100)]
80-test_ssl_new.t: Make 19-mac-then-encrypt.conf work without TLSv1.2

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)

7 years ago70-test_sslvertol.t: Make sure to check a max TLS version that matches configuration
Richard Levitte [Sun, 25 Dec 2016 16:56:52 +0000 (17:56 +0100)]
70-test_sslvertol.t: Make sure to check a max TLS version that matches configuration

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)

7 years ago70-test_sslmessages.t: Don't check EXT_SIG_ALGS if TLS 1.2 is disabled
Richard Levitte [Sun, 25 Dec 2016 16:55:57 +0000 (17:55 +0100)]
70-test_sslmessages.t: Don't check EXT_SIG_ALGS if TLS 1.2 is disabled

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)

7 years agoFix CT test_sslmessages hangs
Matt Caswell [Thu, 29 Dec 2016 10:42:15 +0000 (10:42 +0000)]
Fix CT test_sslmessages hangs

The CT tests in test_sslmessages require EC to be available, therefore
we must skip these if no-ec

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

7 years agoFix compilation with no-ec
Matt Caswell [Wed, 28 Dec 2016 15:32:39 +0000 (15:32 +0000)]
Fix compilation with no-ec

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

7 years agoFix extension for various no- options
Matt Caswell [Wed, 28 Dec 2016 17:30:51 +0000 (17:30 +0000)]
Fix extension for various no- options

Previously we were omitting the extension information from ext_defs if
the association no- option was defined. This doesn't work because the
indexes into the table are no longer valid.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

7 years agoAdd a test to check the EC point formats extension appears when we expect
Matt Caswell [Wed, 28 Dec 2016 15:01:57 +0000 (15:01 +0000)]
Add a test to check the EC point formats extension appears when we expect

The previous commit fixed a bug where the EC point formats extensions did
not appear in the ServerHello. This should have been caught by
70-test_sslmessages but that test never tries an EC ciphersuite. This
updates the test to do that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

7 years agoFix the EC point formats extension
Matt Caswell [Wed, 28 Dec 2016 12:10:28 +0000 (12:10 +0000)]
Fix the EC point formats extension

This should be sent in the ServerHello if a EC based ciphersuite is
negotiated. The relevant flag to do this was missed off in the recent
extensions refactor.

Fixes GitHub Issue #2133

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

7 years agoreplace "will lookup up" by "will look up"
Markus Triska [Sun, 25 Dec 2016 18:58:38 +0000 (19:58 +0100)]
replace "will lookup up" by "will look up"

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2145)

7 years agochacha/asm/chacha-x86_64.pl: add AVX512 path optimized for shorter inputs.
Andy Polyakov [Mon, 19 Dec 2016 15:26:35 +0000 (16:26 +0100)]
chacha/asm/chacha-x86_64.pl: add AVX512 path optimized for shorter inputs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoFix EVP_MD_meth_get_flags
Todd Short [Thu, 22 Dec 2016 14:06:59 +0000 (09:06 -0500)]
Fix EVP_MD_meth_get_flags

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2134)

7 years agoTravis: The TLS 1.3 code isn't interoperable yet, move it to its own build
Richard Levitte [Tue, 20 Dec 2016 18:58:43 +0000 (19:58 +0100)]
Travis: The TLS 1.3 code isn't interoperable yet, move it to its own build

We should move it back to the BORINGTEST build when we are approaching
interoperability.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2123)

7 years agoReformat M_check_autoarg to match our coding style
Richard Levitte [Tue, 20 Dec 2016 18:21:00 +0000 (19:21 +0100)]
Reformat M_check_autoarg to match our coding style

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2121)

7 years agoM_check_autoarg: sanity check the key
Richard Levitte [Tue, 20 Dec 2016 11:56:14 +0000 (12:56 +0100)]
M_check_autoarg: sanity check the key

For now, checking that the size is non-zero will suffice.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)

7 years agoAdd bwrite_conv and bread_conv values to methods_dgramp_sctp
Richard Levitte [Mon, 19 Dec 2016 13:08:18 +0000 (14:08 +0100)]
Add bwrite_conv and bread_conv values to methods_dgramp_sctp

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2116)

7 years agoFix erroneous goto lable
Richard Levitte [Mon, 19 Dec 2016 13:07:52 +0000 (14:07 +0100)]
Fix erroneous goto lable

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2116)

7 years agox86 assembly pack: update performance results.
Andy Polyakov [Sat, 17 Dec 2016 18:10:00 +0000 (19:10 +0100)]
x86 assembly pack: update performance results.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoUpdate fuzz corpora
Kurt Roeckx [Thu, 15 Dec 2016 19:21:33 +0000 (20:21 +0100)]
Update fuzz corpora

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2090

7 years agoFix memory leak in tls_parse_stoc_key_share
Kurt Roeckx [Sun, 18 Dec 2016 11:48:49 +0000 (12:48 +0100)]
Fix memory leak in tls_parse_stoc_key_share

Found by oss-fuzz

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2102

7 years agoFix typo.
Finn Hakansson [Thu, 15 Dec 2016 17:58:19 +0000 (12:58 -0500)]
Fix typo.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2086)

7 years agotest/ssl_test: give up if both client and server wait on read
Richard Levitte [Fri, 16 Dec 2016 10:18:47 +0000 (11:18 +0100)]
test/ssl_test: give up if both client and server wait on read

In some cases, both client and server end of the test can end up in
SSL_ERROR_WANT_READ and never get out of it, making the test spin.
Detect it and give up instead of waiting endlessly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)

7 years agoFix no-ct, skip tests recipes that try to test CT
Richard Levitte [Fri, 16 Dec 2016 09:29:43 +0000 (10:29 +0100)]
Fix no-ct, skip tests recipes that try to test CT

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)

7 years agoe_afalg: Don't warn about kernel version when pedantic
Richard Levitte [Fri, 16 Dec 2016 08:24:00 +0000 (09:24 +0100)]
e_afalg: Don't warn about kernel version when pedantic

When built with --strict-warnings and the Linux kernel headers don't
match the kernel version, the preprocessor warnings in
engines/afalg/e_afalg.c cause compilation errors.  Use the macro
PEDANTIC to avoid those warnings in that case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2095)

7 years agoevp_test: when function and reason strings aren't available, just skip
Richard Levitte [Fri, 16 Dec 2016 03:15:02 +0000 (04:15 +0100)]
evp_test: when function and reason strings aren't available, just skip

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2093)

7 years agoHP-UX doesn't have hstrerror(), so make our own for that platform
Richard Levitte [Fri, 16 Dec 2016 02:50:40 +0000 (03:50 +0100)]
HP-UX doesn't have hstrerror(), so make our own for that platform

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2092)
(cherry picked from commit 46766d003666da5f90346da7e6d09e109355f5c6)

7 years agoMake client and server fuzzer support all ciphers
Kurt Roeckx [Thu, 15 Dec 2016 19:11:18 +0000 (20:11 +0100)]
Make client and server fuzzer support all ciphers

Also send a SNI extension in the client so the fuzzer can react to it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088

7 years agoDocument the recommended parameters for fuzzing
Kurt Roeckx [Thu, 15 Dec 2016 19:06:51 +0000 (20:06 +0100)]
Document the recommended parameters for fuzzing

We use those parameters for calculating the coverage.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088

7 years agoEnable TLS1.3 and PEDANTIC in the coverage target
Kurt Roeckx [Thu, 15 Dec 2016 19:03:15 +0000 (20:03 +0100)]
Enable TLS1.3 and PEDANTIC in the coverage target

This make sure that the coverage is the same for the fuzzers and this
coverage target

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088

7 years agoDon't call memcpy with NULL as source
Kurt Roeckx [Thu, 15 Dec 2016 19:23:52 +0000 (20:23 +0100)]
Don't call memcpy with NULL as source

Calling it with lenght 0 and NULL as source is undefined behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2089

7 years agopoly1305/asm/poly1305-x86_64.pl: allow nasm to assemble AVX512 code.
Andy Polyakov [Wed, 14 Dec 2016 12:38:04 +0000 (13:38 +0100)]
poly1305/asm/poly1305-x86_64.pl: allow nasm to assemble AVX512 code.
chacha/asm/chacha-x86_64.pl: refine nasm version detection logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoperlasm/x86_64-xlate.pl: add support for AVX512 OPMASK-ing.
Andy Polyakov [Wed, 14 Dec 2016 12:34:47 +0000 (13:34 +0100)]
perlasm/x86_64-xlate.pl: add support for AVX512 OPMASK-ing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoman3/OPENSSL_ia32cap.pod: clarify AVX512 support in clang context.
Andy Polyakov [Wed, 14 Dec 2016 12:33:40 +0000 (13:33 +0100)]
man3/OPENSSL_ia32cap.pod: clarify AVX512 support in clang context.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoCRL critical extension bugfix
Rich Salz [Mon, 28 Nov 2016 20:33:40 +0000 (15:33 -0500)]
CRL critical extension bugfix

More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1775)

7 years agoAdd function and reason checking to evp_test
Dr. Stephen Henson [Sat, 10 Dec 2016 19:21:01 +0000 (19:21 +0000)]
Add function and reason checking to evp_test

Add options to check the function and reason code matches expected values.

Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd X509_VERIFY_PARAM inheritance flag set/get
Rich Salz [Tue, 13 Dec 2016 16:52:22 +0000 (11:52 -0500)]
Add X509_VERIFY_PARAM inheritance flag set/get

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)

7 years agoFix various doc nits.
Rich Salz [Mon, 12 Dec 2016 16:14:40 +0000 (11:14 -0500)]
Fix various doc nits.

find-doc-nits warns if you don't give a "what to do flag"
Don't use regexps for section names, just strings:  More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)

7 years agoRemove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)
Azat Khuzhin [Tue, 1 Nov 2016 14:35:35 +0000 (17:35 +0300)]
Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)

Fixes: 8d00e30f96fb86b20bc992f626b188c3548fc58c ("Don't try to init
dasync internally")

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial

7 years agoTypo fixed
Dmitry Belyavskiy [Mon, 12 Dec 2016 12:35:09 +0000 (15:35 +0300)]
Typo fixed

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2075)

7 years agoupdated macro spacing for styling purposes
Paul Hovey [Mon, 5 Dec 2016 22:17:11 +0000 (17:17 -0500)]
updated macro spacing for styling purposes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial

7 years agofix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272...
Paul Hovey [Mon, 5 Dec 2016 21:57:25 +0000 (16:57 -0500)]
fix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial

7 years agoRestore the ERR_FATAL_ERROR() macro
Benjamin Kaduk [Thu, 8 Dec 2016 18:01:31 +0000 (12:01 -0600)]
Restore the ERR_FATAL_ERROR() macro

Commit 0cd0a820abc6124cf8e176fa92d620a2abf9e419 removed this macro
along with many unused function and reason codes; ERR_FATAL_ERROR()
was not used in the tree, but did have external consumers.

Add it back to restore the API compatibility and avoid breaking
applications for no internal benefit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2049)

7 years agoFix a leak in SSL_clear()
Matt Caswell [Tue, 6 Dec 2016 10:49:01 +0000 (10:49 +0000)]
Fix a leak in SSL_clear()

SSL_clear() was resetting numwpipes to 0, but not freeing any allocated
memory for existing write buffers.

Fixes #2026

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoperlasm/x86_64-xlate.pl: refine sign extension in ea package.
Andy Polyakov [Fri, 9 Dec 2016 14:26:19 +0000 (15:26 +0100)]
perlasm/x86_64-xlate.pl: refine sign extension in ea package.

$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while,
relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But
this apparently changed in some version past minimally required 5.10,
and operation result became 0. Yet, it went unnoticed for another while,
because most perl package providers configure their packages with
-Duse64bitint option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agox86_64 assembly pack: add AVX512 ChaCha20 and Poly1305 code paths.
Andy Polyakov [Fri, 9 Dec 2016 14:55:17 +0000 (15:55 +0100)]
x86_64 assembly pack: add AVX512 ChaCha20 and Poly1305 code paths.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agopoly1305/poly1305_base2_44.c: add reference base 2^44 implementation.
Andy Polyakov [Fri, 9 Dec 2016 15:01:07 +0000 (16:01 +0100)]
poly1305/poly1305_base2_44.c: add reference base 2^44 implementation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoAvoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)
Davide Galassi [Fri, 2 Dec 2016 16:10:37 +0000 (17:10 +0100)]
Avoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)

CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2021)

7 years agoFix reference to SSL_set_max_proto_version.
Markus Triska [Fri, 9 Dec 2016 17:07:09 +0000 (18:07 +0100)]
Fix reference to SSL_set_max_proto_version.

CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2059)

7 years agoAdditional error tests in evp_test.c
Dr. Stephen Henson [Sat, 10 Dec 2016 13:59:29 +0000 (13:59 +0000)]
Additional error tests in evp_test.c

Support checking for errors during test initialisation and parsing.

Add errors and tests for key operation initalisation and ctrl errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoVMS UI_OpenSSL: generate OpenSSL errors when things go wrong.
Richard Levitte [Fri, 9 Dec 2016 22:35:53 +0000 (23:35 +0100)]
VMS UI_OpenSSL: generate OpenSSL errors when things go wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)

7 years agoVMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error
Richard Levitte [Fri, 9 Dec 2016 22:32:09 +0000 (23:32 +0100)]
VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error

On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero...  except on VMS, where this was
treated as an error.  Change this to behave like the other platforms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)