oweals/openssl.git
7 years agoFix typo.
Finn Hakansson [Thu, 15 Dec 2016 17:58:19 +0000 (12:58 -0500)]
Fix typo.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2086)
(cherry picked from commit 0b742f93ea7882a447f6523ac56a6f847d9f8e92)

7 years agotest/ssl_test: give up if both client and server wait on read
Richard Levitte [Fri, 16 Dec 2016 10:18:47 +0000 (11:18 +0100)]
test/ssl_test: give up if both client and server wait on read

In some cases, both client and server end of the test can end up in
SSL_ERROR_WANT_READ and never get out of it, making the test spin.
Detect it and give up instead of waiting endlessly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)
(cherry picked from commit ceb6d746941063eccf7655c7709ba56ca117044b)

7 years agoe_afalg: Don't warn about kernel version when pedantic
Richard Levitte [Fri, 16 Dec 2016 08:24:00 +0000 (09:24 +0100)]
e_afalg: Don't warn about kernel version when pedantic

When built with --strict-warnings and the Linux kernel headers don't
match the kernel version, the preprocessor warnings in
engines/afalg/e_afalg.c cause compilation errors.  Use the macro
PEDANTIC to avoid those warnings in that case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2095)
(cherry picked from commit 97043e46aa7083c787a1efd72ac31ca97ed41610)

7 years agoevp_test: when function and reason strings aren't available, just skip
Richard Levitte [Fri, 16 Dec 2016 03:15:02 +0000 (04:15 +0100)]
evp_test: when function and reason strings aren't available, just skip

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2093)
(cherry picked from commit cd3fe0e09c97700005ed96c8113907cbdfc45edf)

7 years agoHP-UX doesn't have hstrerror(), so make our own for that platform
Richard Levitte [Fri, 16 Dec 2016 02:50:40 +0000 (03:50 +0100)]
HP-UX doesn't have hstrerror(), so make our own for that platform

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2092)

7 years agoDon't call memcpy with NULL as source
Kurt Roeckx [Thu, 15 Dec 2016 19:23:52 +0000 (20:23 +0100)]
Don't call memcpy with NULL as source

Calling it with lenght 0 and NULL as source is undefined behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2089
(cherry picked from commit eeab356c298248108b82157ef51172ba040646f7)

7 years agoCRL critical extension bugfix
Rich Salz [Mon, 28 Nov 2016 20:33:40 +0000 (15:33 -0500)]
CRL critical extension bugfix

More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1775)
(cherry picked from commit 2b40699082d1e5d0e94811542c4f0633ab2d5989)

7 years agoAdd function and reason checking to evp_test
Dr. Stephen Henson [Sat, 10 Dec 2016 19:21:01 +0000 (19:21 +0000)]
Add function and reason checking to evp_test

Add options to check the function and reason code matches expected values.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 99f2f1dc3e5c95961f57ca41e9fbb76863e69e46)

7 years agoAdd X509_VERIFY_PARAM inheritance flag set/get
Rich Salz [Tue, 13 Dec 2016 16:52:22 +0000 (11:52 -0500)]
Add X509_VERIFY_PARAM inheritance flag set/get

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)

7 years agoFix various doc nits.
Rich Salz [Mon, 12 Dec 2016 16:14:40 +0000 (11:14 -0500)]
Fix various doc nits.

Don't use regexps for section names, just strings:  More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)
(cherry picked from commit 3dfda1a6363c0cf4efee94754a36c2d86be190c3)

7 years agoRemove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)
Azat Khuzhin [Tue, 1 Nov 2016 14:35:35 +0000 (17:35 +0300)]
Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)

Fixes: 8d00e30f96fb86b20bc992f626b188c3548fc58c ("Don't try to init
dasync internally")

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
(cherry picked from commit b9b5181dd2f52ff0560a33b116396cdae5e48048)

7 years agoTypo fixed
Dmitry Belyavskiy [Mon, 12 Dec 2016 12:35:09 +0000 (15:35 +0300)]
Typo fixed

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2075)
(cherry picked from commit 498180de5c766f68f6d2b65454357bc263773c66)

7 years agoupdated macro spacing for styling purposes
Paul Hovey [Mon, 5 Dec 2016 22:17:11 +0000 (17:17 -0500)]
updated macro spacing for styling purposes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
(cherry picked from commit 6974fca49d9d0b110c02c83a7bbe01907472ac5e)

7 years agofix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272...
Paul Hovey [Mon, 5 Dec 2016 21:57:25 +0000 (16:57 -0500)]
fix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
(cherry picked from commit 8bd62abe00b893573920a7a12769fb00bd8da234)

7 years agoRestore the ERR_FATAL_ERROR() macro
Benjamin Kaduk [Thu, 8 Dec 2016 18:01:31 +0000 (12:01 -0600)]
Restore the ERR_FATAL_ERROR() macro

Commit 0cd0a820abc6124cf8e176fa92d620a2abf9e419 removed this macro
along with many unused function and reason codes; ERR_FATAL_ERROR()
was not used in the tree, but did have external consumers.

Add it back to restore the API compatibility and avoid breaking
applications for no internal benefit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2049)
(cherry picked from commit 036ba500f7886ca2e7231549fa574ec2cdd45cef)

7 years agoFix a leak in SSL_clear()
Matt Caswell [Tue, 6 Dec 2016 10:49:01 +0000 (10:49 +0000)]
Fix a leak in SSL_clear()

SSL_clear() was resetting numwpipes to 0, but not freeing any allocated
memory for existing write buffers.

Fixes #2026

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4bf086005fe5ebcda5dc4d48ff701b41ab9b07f0)

7 years agoperlasm/x86_64-xlate.pl: refine sign extension in ea package.
Andy Polyakov [Fri, 9 Dec 2016 14:26:19 +0000 (15:26 +0100)]
perlasm/x86_64-xlate.pl: refine sign extension in ea package.

$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while,
relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But
this apparently changed in some version past minimally required 5.10,
and operation result became 0. Yet, it went unnoticed for another while,
because most perl package providers configure their packages with
-Duse64bitint option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 82e089308bd9a7794a45f0fa3973d7659420fbd8)

7 years agoAvoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)
Davide Galassi [Fri, 2 Dec 2016 16:10:37 +0000 (17:10 +0100)]
Avoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)

CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2021)
(cherry picked from commit 210fe4edee6514e4c1f0677adc9112c4459da02b)

7 years agoFix reference to SSL_set_max_proto_version.
Markus Triska [Fri, 9 Dec 2016 17:07:09 +0000 (18:07 +0100)]
Fix reference to SSL_set_max_proto_version.

CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2059)
(cherry picked from commit 2884c76a4e4c1f98d17a10e2d0f5dfc43e9cb04a)

7 years agoAdditional error tests in evp_test.c
Dr. Stephen Henson [Sat, 10 Dec 2016 13:59:29 +0000 (13:59 +0000)]
Additional error tests in evp_test.c

Support checking for errors during test initialisation and parsing.

Add errors and tests for key operation initalisation and ctrl errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cce65266299e2e89303a90c131e8171225a1bf88)

7 years agoVMS UI_OpenSSL: generate OpenSSL errors when things go wrong.
Richard Levitte [Fri, 9 Dec 2016 22:35:53 +0000 (23:35 +0100)]
VMS UI_OpenSSL: generate OpenSSL errors when things go wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
(cherry picked from commit c922ebe23247ff9ee07310fa30647623c0547cd9)

7 years agoVMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error
Richard Levitte [Fri, 9 Dec 2016 22:32:09 +0000 (23:32 +0100)]
VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error

On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero...  except on VMS, where this was
treated as an error.  Change this to behave like the other platforms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
(cherry picked from commit 18edbe6519bd5b738bf410b23f437df3005526e3)

7 years agoCheck input length to pkey_rsa_verify()
Dr. Stephen Henson [Thu, 8 Dec 2016 12:16:02 +0000 (12:16 +0000)]
Check input length to pkey_rsa_verify()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
(cherry picked from commit 71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0)

7 years agoAdd RSA PSS tests
Dr. Stephen Henson [Wed, 7 Dec 2016 23:03:47 +0000 (23:03 +0000)]
Add RSA PSS tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
(cherry picked from commit 2d7bbd6c9fb6865e0df480602c3612652189e182)

7 years agoRemove extra bang
Richard Levitte [Thu, 8 Dec 2016 19:51:21 +0000 (20:51 +0100)]
Remove extra bang

A bang (!) slipped through in the recent UI cleanup

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2051)
(cherry picked from commit 949320c567811e714216ea987fe24eea1b56da5e)

7 years agoOnly call memcpy when the length is larger than 0.
Kurt Roeckx [Thu, 8 Dec 2016 18:20:55 +0000 (19:20 +0100)]
Only call memcpy when the length is larger than 0.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2050
(cherry picked from commit a19fc66a6b5f99ad00305e152bdb41460d728640)

7 years agoUI code style cleanup
Richard Levitte [Thu, 8 Dec 2016 17:01:04 +0000 (18:01 +0100)]
UI code style cleanup

Mostly condition check changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2047)
(cherry picked from commit 120fb9e43656e1801c75a4fbb7c178ebec9bac18)

7 years agoUI_OpenSSL()'s session opener fails on MacOS X
Richard Levitte [Wed, 7 Dec 2016 19:28:43 +0000 (20:28 +0100)]
UI_OpenSSL()'s session opener fails on MacOS X

If on a non-tty stdin, TTY_get() will fail with errno == ENODEV.
We didn't catch that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2039)
(cherry picked from commit c901bccec6f747467e1af31473655c8290e32309)

7 years agoIn UI_OpenSSL's open(), generate an error on unknown errno
Richard Levitte [Thu, 8 Dec 2016 10:16:37 +0000 (11:16 +0100)]
In UI_OpenSSL's open(), generate an error on unknown errno

TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not.  This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)
(cherry picked from commit 4984448648f69ed4425df68900b1fd6f17c6c271)

7 years agoMake sure that password_callback exercises UI
Richard Levitte [Thu, 8 Dec 2016 00:27:31 +0000 (01:27 +0100)]
Make sure that password_callback exercises UI

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
(cherry picked from commit 57c0f378b8fdbdc55dba783e9b744b8ed2132819)

7 years agoAdd a test for the UI API
Richard Levitte [Wed, 7 Dec 2016 21:44:47 +0000 (22:44 +0100)]
Add a test for the UI API

The best way to test the UI interface is currently by using an openssl
command that uses password_callback.  The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
(cherry picked from commit 17ac8eaf611b588cca251ba63b187e7d9c7edb83)

7 years agoUI_process() didn't generate errors
Richard Levitte [Wed, 7 Dec 2016 15:36:44 +0000 (16:36 +0100)]
UI_process() didn't generate errors

Since there are many parts of UI_process() that can go wrong, it isn't
very helpful to only return -1 with no further explanation.  With this
change, the error message will at least show which part went wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2037)
(cherry picked from commit 0a687ab0a92d2d68289364a6e232028c229f44bb)

7 years agoRestore last-resort expired untrusted intermediate issuers
Viktor Dukhovni [Fri, 25 Nov 2016 05:38:04 +0000 (00:38 -0500)]
Restore last-resort expired untrusted intermediate issuers

Reviewed-by: Matt Caswell <matt@openssl.org>
7 years agoEnsure we are in accept state in DTLSv1_listen
Matt Caswell [Wed, 23 Nov 2016 23:03:13 +0000 (23:03 +0000)]
Ensure we are in accept state in DTLSv1_listen

Calling SSL_set_accept_state() after DTLSv1_listen() clears the state, so
SSL_accept() no longer works. In 1.0.2 calling DTLSv1_listen() would set
the accept state automatically. We should still do that.

Fixes #1989

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 5bdcd362d24cbbcf18c5eb9df655fe9f7bcf5850)

7 years agoFix ctrl operation for SHA1/MD5SHA1.
Dr. Stephen Henson [Tue, 22 Nov 2016 21:59:21 +0000 (21:59 +0000)]
Fix ctrl operation for SHA1/MD5SHA1.

This makes S/MIME and CMS signing in MIME format for SHA1 work again.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a5abd438f85737ffa56320b67c5ef5525fc495c3)

7 years agoadd CMS SHA1 signing test
Dr. Stephen Henson [Tue, 22 Nov 2016 22:07:16 +0000 (22:07 +0000)]
add CMS SHA1 signing test

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c6d67f09f34d8203c5bad7171ed45ec8771c9764)

7 years agoINSTALL: clarify 386 and no-sse2 options.
Andy Polyakov [Sun, 20 Nov 2016 20:52:41 +0000 (21:52 +0100)]
INSTALL: clarify 386 and no-sse2 options.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 5ae5dc96610f0a598dac9d2f267b5c0ddd77b2e4)

7 years agomodes/ctr128.c: fix false carry in counter increment procedure.
Andy Polyakov [Sun, 20 Nov 2016 22:38:12 +0000 (23:38 +0100)]
modes/ctr128.c: fix false carry in counter increment procedure.

GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 76f572ed0469a277d92378848250b7a9705d3071)

7 years agotest/evptests.txt: add regression test for false carry in ctr128.c.
Andy Polyakov [Sun, 20 Nov 2016 22:32:24 +0000 (23:32 +0100)]
test/evptests.txt: add regression test for false carry in ctr128.c.

GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b47f116b1e02d20b1f8a7488be5a04f7cf5bc712)

8 years agoFix a missing function prototype in AFALG engine
Matt Caswell [Wed, 23 Nov 2016 22:55:13 +0000 (22:55 +0000)]
Fix a missing function prototype in AFALG engine

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a1fd1fb241069cc987d0d2cf13880bd16cada3c9)

8 years agoFix missing NULL checks in CKE processing
Matt Caswell [Wed, 23 Nov 2016 22:12:40 +0000 (22:12 +0000)]
Fix missing NULL checks in CKE processing

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoClarify what X509_NAME_online does with the given buffer and size
Richard Levitte [Tue, 22 Nov 2016 10:22:16 +0000 (11:22 +0100)]
Clarify what X509_NAME_online does with the given buffer and size

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1980)
(cherry picked from commit 19cb71ef6e414759d737918bab10be2cc1d8bd99)

8 years agoAdd missing -zdelete for some linux arches
Kurt Roeckx [Mon, 21 Nov 2016 21:15:11 +0000 (22:15 +0100)]
Add missing -zdelete for some linux arches

b6d5ba1a9f004d637acac18ae3519fe063b6b5e1 forgot to update some linux arches.

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1977
(cherry picked from commit 55ab86e4c202e202a2b9200291d038878a727815)

8 years agoMake SSL_read and SSL_write return the old behaviour and document it.
Kurt Roeckx [Tue, 15 Nov 2016 17:58:52 +0000 (18:58 +0100)]
Make SSL_read and SSL_write return the old behaviour and document it.

Backport of beacb0f0c1ae7b0542fe053b95307f515b578eb7, revert of
122580ef71e4e5f355a1a104c9bfb36feee43759

Fixes: #1903

Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #1966

8 years agoMake async_read and async_write return -1 on failure.
Kurt Roeckx [Sun, 20 Nov 2016 22:22:14 +0000 (23:22 +0100)]
Make async_read and async_write return -1 on failure.

Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #1966

8 years agoSkipping tests in evp_test leaks memory
Todd Short [Thu, 17 Nov 2016 16:56:47 +0000 (11:56 -0500)]
Skipping tests in evp_test leaks memory

When configured with "no-mdc2 enable-crypto-mdebug" the evp_test
will leak memory due to skipped tests, and error out.

Also fix a skip condition

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1946)

8 years agoUse consistent variable names
Beat Bolli [Fri, 18 Nov 2016 08:53:48 +0000 (09:53 +0100)]
Use consistent variable names

In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called
"loc", but the one used in the for loop is called "lastpos". Make the names match.

CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1949)

8 years agoSupport MSBLOB format if RC4 is disabled
Dr. Stephen Henson [Thu, 17 Nov 2016 13:17:28 +0000 (13:17 +0000)]
Support MSBLOB format if RC4 is disabled

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b6c6898234a12b9c6cdaa8f16fb9156097649ad7)

8 years agoFix MSBLOB format with RSA.
Dr. Stephen Henson [Wed, 16 Nov 2016 23:03:43 +0000 (23:03 +0000)]
Fix MSBLOB format with RSA.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 159f6e7ecfde9e98194d6111c85587b85b6a8fc5)

8 years agoMake MSBLOB format work with dsa utility.
Dr. Stephen Henson [Wed, 16 Nov 2016 23:14:30 +0000 (23:14 +0000)]
Make MSBLOB format work with dsa utility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b3795987477f1d478fd8bd20efb812e71b190e8b)

8 years agoAdd conversion test for MSBLOB format.
Dr. Stephen Henson [Wed, 16 Nov 2016 23:04:14 +0000 (23:04 +0000)]
Add conversion test for MSBLOB format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d922634d0c63cee01c89869d79306cd2df628855)

8 years agoRaise an error on memory alloc failure.
FdaSilvaYY [Wed, 9 Nov 2016 23:54:03 +0000 (00:54 +0100)]
Raise an error on memory alloc failure.

Both strdup or malloc failure should raise an err.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)
(cherry picked from commit bad6b116a2d3c005330e618c726f172fd0fefc2a)

8 years agoMissing free item on push failure
FdaSilvaYY [Fri, 11 Nov 2016 09:58:34 +0000 (10:58 +0100)]
Missing free item on push failure

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)
(cherry picked from commit 2d13250fd695eba777fe7e2af4beb1b7d356bd8f)

8 years agoMove SCT_LIST_free definition into a more logical place
Rob Percival [Wed, 19 Oct 2016 14:42:05 +0000 (15:42 +0100)]
Move SCT_LIST_free definition into a more logical place

This reflects its position in include/openssl/ct.h.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
(cherry picked from commit e1940e9f7a73bf3a560fbe3550a9b69a612118ec)

8 years agoMake sure things get deleted when test setup fails in ct_test.c
Rob Percival [Wed, 19 Oct 2016 14:40:46 +0000 (15:40 +0100)]
Make sure things get deleted when test setup fails in ct_test.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
(cherry picked from commit 765731a88899771989a53c72259cacd1c658bb3f)

8 years agoUse valid signature in test_decode_tls_sct()
Rob Percival [Wed, 19 Oct 2016 14:39:13 +0000 (15:39 +0100)]
Use valid signature in test_decode_tls_sct()

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
(cherry picked from commit e2635c49f35c615820b1c6d92d180e31e28adeb2)

8 years agoPass a temporary pointer to o2i_SCT_signature from SCT_new_from_base64
Rob Percival [Wed, 19 Oct 2016 14:38:20 +0000 (15:38 +0100)]
Pass a temporary pointer to o2i_SCT_signature from SCT_new_from_base64

Otherwise, |dec| gets moved past the end of the signature by
o2i_SCT_signature and then can't be correctly freed afterwards.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
(cherry picked from commit 73ccf3ca01085d143aecb7fcfb0aac18caa678d2)

8 years agoSubtract padding from outlen in ct_base64_decode
Rob Percival [Wed, 19 Oct 2016 14:11:04 +0000 (15:11 +0100)]
Subtract padding from outlen in ct_base64_decode

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
(cherry picked from commit 70a06fc1a8b098e9934f837896159bfc6caf0228)

8 years agoConstruct SCT from base64 in ct_test
Rob Percival [Wed, 7 Sep 2016 16:47:56 +0000 (17:47 +0100)]
Construct SCT from base64 in ct_test

This gives better code coverage and is more representative of how a
user would likely construct an SCT (using the base64 returned by a CT log).

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
(cherry picked from commit f7a39a5a3f7f91e0d1ba0030323eef26bc8ccddf)

8 years agoOn x86 machines where the compiler supports -m32, use 'linux-x86'
Richard Levitte [Tue, 15 Nov 2016 08:56:20 +0000 (09:56 +0100)]
On x86 machines where the compiler supports -m32, use 'linux-x86'

The rationale is that the linux-x86 is the most likely config target
to evolve and should therefore be chosen when possible, while
linux-elf is mostly reserved for older Linux machines.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1924)
(cherry picked from commit 27a451e3739d8331b9c180b0373b88ab6c382409)

8 years agoAdd a modern linux-x86 config target
Richard Levitte [Tue, 15 Nov 2016 08:53:01 +0000 (09:53 +0100)]
Add a modern linux-x86 config target

'linux-x86' is similar to 'linux-x86_64' but uses -m32 rather than -m64.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1924)
(cherry picked from commit 7fbc0bfdd7a3c46bc7e36b191d11ab3853555a25)

8 years agoRemove a hack from ssl_test_old
Matt Caswell [Tue, 15 Nov 2016 16:31:26 +0000 (16:31 +0000)]
Remove a hack from ssl_test_old

ssl_test_old was reaching inside the SSL structure and changing the internal
BIO values. This is completely unneccessary, and was causing an abort in the
test when enabling TLSv1.3.

I also removed the need for ssl_test_old to include ssl_locl.h. This
required the addition of some missing accessors for SSL_COMP name and id
fields.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e304d3e20f45243f9e643607edfe4db49c329596)

8 years agoCheck return value of some BN functions.
Rich Salz [Tue, 15 Nov 2016 23:54:28 +0000 (18:54 -0500)]
Check return value of some BN functions.

Factorise multiple bn_get_top(group->field) calls
Add missing checks on some conditional BN_copy return value
Add missing checks on some BN_copy return value
Add missing checks on a few bn_wexpand return value

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1626)

(cherry picked from commit 78e09b53a40729f5e99829ccc733b592bd22fea1)

8 years agoCherry-pick doc updates from PR 1554
Rich Salz [Tue, 15 Nov 2016 21:34:18 +0000 (16:34 -0500)]
Cherry-pick doc updates from PR 1554

Also fix version in libcrypto.num, from backporting new
functions.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit ebcb536858a271e8812fb9bbafbc0b825e5ece24)

8 years agoAdd test for CT_POLICY_EVAL_CTX default time
Rob Percival [Tue, 15 Nov 2016 10:42:57 +0000 (10:42 +0000)]
Add test for CT_POLICY_EVAL_CTX default time

Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized
to approximately the current time (as returned by time()) by default. This
prevents the addition of this field, and its verification during SCT
validation, from breaking existing code that calls SCT_validate directly.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit ebcb536858a271e8812fb9bbafbc0b825e5ece24)

8 years agoConvert C++ comments to C-style comments
Rob Percival [Wed, 14 Sep 2016 19:26:23 +0000 (20:26 +0100)]
Convert C++ comments to C-style comments

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit 08e588b7d5cefbfd107c88416900165a28a5b59e)

8 years agoCast time_t to uint64_t before converting to milliseconds in ct_policy.c
Rob Percival [Wed, 14 Sep 2016 19:25:01 +0000 (20:25 +0100)]
Cast time_t to uint64_t before converting to milliseconds in ct_policy.c

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit 5e08606619c0b0e065f1ffa12ce6411f321ed174)

8 years agoBy default, allow SCT timestamps to be up to 5 minutes in the future
Rob Percival [Mon, 12 Sep 2016 16:02:58 +0000 (17:02 +0100)]
By default, allow SCT timestamps to be up to 5 minutes in the future

As requested in
https://github.com/openssl/openssl/pull/1554#issuecomment-246371575.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit c22aa33e29ce162c672c9b2f0df591db977d4e9b)

8 years agoDon't check for time() failing in CT_POLICY_EVAL_CTX_new
Rob Percival [Mon, 12 Sep 2016 15:58:29 +0000 (16:58 +0100)]
Don't check for time() failing in CT_POLICY_EVAL_CTX_new

See https://github.com/openssl/openssl/pull/1554#issuecomment-246354677.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit f0f535e92b096db4a308ecc49ba7f0fd3f0f7945)

8 years agoDefault CT_POLICY_EVAL_CTX.epoch_time_in_ms to time()
Rob Percival [Mon, 12 Sep 2016 15:57:38 +0000 (16:57 +0100)]
Default CT_POLICY_EVAL_CTX.epoch_time_in_ms to time()

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit e25233d99c30885bdf97bfb6df657e13ca2bf1da)

8 years agoReword documentation for {SCT_CTX/CT_POLICY_EVAL_CTX}_set_time
Rob Percival [Mon, 12 Sep 2016 09:28:21 +0000 (10:28 +0100)]
Reword documentation for {SCT_CTX/CT_POLICY_EVAL_CTX}_set_time

Do not call the time "current", as a different time can be provided.
For example, a time slightly in the future, to provide tolerance for
CT logs with a clock that is running fast.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit 1871a5aa8a538c2b8ac3d302c1e9e72867f5ee0f)

8 years agoRemove obsolete error constant CT_F_CTLOG_NEW_NULL
Rob Percival [Thu, 8 Sep 2016 15:03:26 +0000 (16:03 +0100)]
Remove obsolete error constant CT_F_CTLOG_NEW_NULL

ctlog_new_null() no longer exists.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit 333c2e43729a92cf37d4bd12d6a3531b4bd7e1da)

8 years agoCheck that SCT timestamps are not in the future
Rob Percival [Thu, 8 Sep 2016 15:02:46 +0000 (16:02 +0100)]
Check that SCT timestamps are not in the future

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit 1fa9ffd934429f140edcfbaf76d2f32cc21e449b)

8 years agoOnly build the body of e_padlock when there are lower level routines
Richard Levitte [Mon, 29 Aug 2016 14:58:31 +0000 (16:58 +0200)]
Only build the body of e_padlock when there are lower level routines

engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the
lower level routines will be present.  However, that's not always
true, for example for solaris-x86-cc, and that leads to build errors.

The better solution is to have configure detect if the lower level
padlock routines are being built, and define the macro PADLOCK_ASM if
they are, and use that macro in our C code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1510)
(cherry picked from commit 7b176a549ea374fc9b64c3fa7f0812239528b696)

8 years agoAdd a warning stipulating how things should be coded in ossl_init_base
Richard Levitte [Mon, 14 Nov 2016 23:58:51 +0000 (00:58 +0100)]
Add a warning stipulating how things should be coded in ossl_init_base

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
(cherry picked from commit 8aa9cf7e655ae1e41f283fbf16dcc810970058a0)

8 years agoStop init loops
Richard Levitte [Mon, 14 Nov 2016 22:53:45 +0000 (23:53 +0100)]
Stop init loops

Under certain circumstances, the libcrypto init code would loop,
causing a deadlock.  This would typically happen if something in
ossl_init_base() caused an OpenSSL error, and the error stack routines
would recurse into the init code before the flag that ossl_init_base()
had been run was checked.

This change makes sure ossl_init_base isn't run once more of the base
is initiated.

Thanks to Dmitry Kostjuchenko for the idea.

Fixes Github issue #1899

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
(cherry picked from commit b7a7f39afeb4748b4c25dbccb8951711b8b70eaf)

8 years agoConfigurations/10-main.conf: document GCC for Solaris config constraint.
Andy Polyakov [Sat, 12 Nov 2016 15:01:47 +0000 (16:01 +0100)]
Configurations/10-main.conf: document GCC for Solaris config constraint.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit fe9e5b9ccce175d296c904486a29218c879adb73)

8 years agodsa/dsa_gen: add error message for seed_len < 0
Sebastian Andrzej Siewior [Mon, 3 Oct 2016 15:54:06 +0000 (17:54 +0200)]
dsa/dsa_gen: add error message for seed_len < 0

prio openssl 1.1.0 seed_len < q was accepted and the seed argument was
then ignored. Now DSA_generate_parameters_ex() returns an error in such
a case but no error string.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1657)
(cherry picked from commit af5474126546b558b0e6f8be4bec4b70977e24b7)

8 years agoRevert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows"
Matt Caswell [Mon, 14 Nov 2016 12:00:45 +0000 (12:00 +0000)]
Revert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows"

This reverts commit edc18749bd5dfb7e12513d3978f78f9b56104fd6.

The proposed fix is incorrect. It marks the "run_once" code as having
finished before it has. The intended semantics of run_once is that no
threads should proceed until the code has run exactly once. With this
change the "second" thread will think the run_once code has already been
run and will continue, even though it is still in progress. This could
result in a crash or other incorrect behaviour.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoFixed deadlock in CRYPTO_THREAD_run_once for Windows
DK [Sun, 13 Nov 2016 12:48:15 +0000 (14:48 +0200)]
Fixed deadlock in CRYPTO_THREAD_run_once for Windows

Fixed deadlock in CRYPTO_THREAD_run_once() if call to init() is causing
a recursive call to CRYPTO_THREAD_run_once() again that is causing a hot
deadloop inside do { } while (result == ONCE_ININIT); section.

CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1913)

(cherry picked from commit 349d1cfddcfa33d352240582a3803f2eba39d9a0)

8 years agoSolution proposal for issue #1647.
Matthias Kraft [Fri, 30 Sep 2016 08:50:17 +0000 (10:50 +0200)]
Solution proposal for issue #1647.

Avoid a memory alignment issue.

Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com>
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1650)

(cherry picked from commit af5883fec95eb8c79c379b09885440a0d88b2d38)

8 years agoUpdate s_client and s_server documentation about some missing arguments
EasySec [Sat, 12 Nov 2016 20:08:32 +0000 (21:08 +0100)]
Update s_client and s_server documentation about some missing arguments

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1837)
(cherry picked from commit a22f9c84b468eed83c651cb5f2c68c7ad4103ffd)

8 years agoReplace the 'SSL' broken link with SSL_CTX_set_security_level which seems not being...
EasySec [Thu, 10 Nov 2016 23:51:04 +0000 (00:51 +0100)]
Replace the 'SSL' broken link with SSL_CTX_set_security_level which seems not being referenced from elsewhere

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1898)
(cherry picked from commit e330f55d008ab99ee6c99b383061337fc4e7359d)

8 years agoEVP docs: chacha20, chacha20-poly1305
enkore [Sat, 12 Nov 2016 10:38:20 +0000 (11:38 +0100)]
EVP docs: chacha20, chacha20-poly1305

CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1909)
(cherry picked from commit 625b9d6b2a400e6b09f1e0278031f8417c363355)

8 years agoCast to an unsigned type before negating
Kurt Roeckx [Fri, 11 Nov 2016 20:41:50 +0000 (21:41 +0100)]
Cast to an unsigned type before negating

llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in
type 'int64_t' (aka 'long'); cast to an unsigned type to negate this
value to itself

Found using libfuzzer

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1908
(cherry picked from commit e80f3b6af295133107ac709329eee16ccf9af61c)

8 years agochacha/asm/chacha-x86.pl: improve [backward] portability.
Andy Polyakov [Tue, 8 Nov 2016 10:11:58 +0000 (11:11 +0100)]
chacha/asm/chacha-x86.pl: improve [backward] portability.

In order to minimize dependency on assembler version a number of
post-SSE2 instructions are encoded manually. But in order to simplify
the procedure only register operands are considered. Non-register
operands are passed down to assembler. Module in question uses pshufb
with memory operands, and old [GNU] assembler can't handle it.
Fortunately in this case it's possible skip just the problematic
segment without skipping SSSE3 support altogether.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d89773d659129368a341df746476da445d47ad31)

8 years agoPPC assembler pack: add some PPC970/G5 performance data.
Andy Polyakov [Tue, 8 Nov 2016 20:48:34 +0000 (21:48 +0100)]
PPC assembler pack: add some PPC970/G5 performance data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cebb186989067b39fca6ebc378e4957408f6e701)

8 years agoFix the effect of no-dso in crypto/init.c
Richard Levitte [Fri, 11 Nov 2016 09:23:26 +0000 (10:23 +0100)]
Fix the effect of no-dso in crypto/init.c

When configured no-dso, there are no DSO_{whatever} macros defined.
Therefore, before checking those, you have to check if OPENSSL_NO_DSO
is defined.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1902)
(cherry picked from commit 6e290a25c2cbdc26119c0866c20d9292f9e64dd8)

8 years agoSmall fixup of util/process_docs.pl
Richard Levitte [Thu, 10 Nov 2016 21:07:28 +0000 (22:07 +0100)]
Small fixup of util/process_docs.pl

Apparently, pod2html doesn't add ".html" at the end of links, making
them useless, so we need to fix that

With thanks for the report to Michel <michel.sales@free.fr>

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1897)

8 years agoPrepare for 1.1.0d-dev
Matt Caswell [Thu, 10 Nov 2016 14:04:49 +0000 (14:04 +0000)]
Prepare for 1.1.0d-dev

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoPrepare for 1.1.0c release OpenSSL_1_1_0c
Matt Caswell [Thu, 10 Nov 2016 14:03:42 +0000 (14:03 +0000)]
Prepare for 1.1.0c release

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoUpdate CHANGES and NEWS
Matt Caswell [Thu, 10 Nov 2016 11:49:06 +0000 (11:49 +0000)]
Update CHANGES and NEWS

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix the no-tls option
Matt Caswell [Thu, 10 Nov 2016 11:27:07 +0000 (11:27 +0000)]
Fix the no-tls option

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix no-cms (CVE-2016-7053)
Richard Levitte [Thu, 10 Nov 2016 00:49:47 +0000 (01:49 +0100)]
Fix no-cms (CVE-2016-7053)

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agotest/evptests.txt: add negative tests for AEAD ciphers.
Andy Polyakov [Tue, 1 Nov 2016 21:06:42 +0000 (22:06 +0100)]
test/evptests.txt: add negative tests for AEAD ciphers.

This is done by taking one vector, "corrupting" last bit of the
tag value and verifying that decrypt fails.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agotest: add TLS application data corruption test.
Andy Polyakov [Mon, 31 Oct 2016 20:50:26 +0000 (21:50 +0100)]
test: add TLS application data corruption test.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoadd test for CVE-2016-7053
Dr. Stephen Henson [Fri, 14 Oct 2016 11:02:12 +0000 (12:02 +0100)]
add test for CVE-2016-7053

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoDon't set choice selector on parse failure.
Dr. Stephen Henson [Fri, 14 Oct 2016 10:51:43 +0000 (11:51 +0100)]
Don't set choice selector on parse failure.

Don't set choice selector on parse failure: this can pass unexpected
values to the choice callback. Instead free up partial structure
directly.

CVE-2016-7053

Thanks to Tyler Nighswander of ForAllSecure for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agochacha20/poly1305: make sure to clear the buffer at correct position
Richard Levitte [Fri, 4 Nov 2016 13:21:46 +0000 (14:21 +0100)]
chacha20/poly1305: make sure to clear the buffer at correct position

The offset to the memory to clear was incorrect, causing a heap buffer
overflow.

CVE-2016-7054

Thanks to Robert Święcki for reporting this

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b8e4011fb26364e44230946b87ab38cc1c719aae)

8 years agoaes/asm/aesp8-ppc.pl: improve [backward] portability.
Andy Polyakov [Tue, 8 Nov 2016 19:25:09 +0000 (20:25 +0100)]
aes/asm/aesp8-ppc.pl: improve [backward] portability.

Some of stone-age assembler can't cope with r0 in address. It's actually
sensible thing to do, because r0 is shunted to 0 in address arithmetic
and by refusing r0 assembler effectively makes you understand that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a54aba531327285f64cf13a909bc129e9f9d5970)