Commit graph

23330 commits

Author SHA1 Message Date
Richard Levitte
cd272eeee2 Configure: stop forcing use of DEFINE macros in headers
There are times when one might want to use something like
DEFINE_STACK_OF in a .c file, because it defines a stack for a type
defined in that .c file.  Unfortunately, when configuring with
`--strict-warnings`, clang aggressively warn about unused functions in
such cases, which forces the use of such DEFINE macros to header
files.

We therefore disable this warning from the `--strict-warnings`
definition for clang.

(note for the curious: `-Wunused-function` is enabled via `-Wall`)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8234)

(cherry picked from commit f11ffa505f)
2019-02-14 09:47:17 +01:00
Michael Haubenwallner
7ee28a61cd Windows/Cygwin dlls need the executable bit set
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8226)

(cherry picked from commit fa63e45262)
2019-02-13 20:02:03 +01:00
Daniel DeFreez
851437094a Fix null pointer dereference in cms_RecipientInfo_kari_init
CLA: trivial

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8137)

(cherry picked from commit b754a8a159)
2019-02-13 14:30:48 +08:00
Andy Polyakov
2cf7fd698e AArch64 assembly pack: authenticate return addresses.
ARMv8.3 adds pointer authentication extension, which in this case allows
to ensure that, when offloaded to stack, return address is same at return
as at entry to the subroutine. The new instructions are nops on processors
that don't implement the extension, so that the vetification is backward
compatible.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8205)

(cherry picked from commit 9a18aae5f2)
2019-02-13 02:39:27 +01:00
Richard Levitte
af250b36eb apps/ocsp.c Use the same HAVE_FORK / NO_FORK as in speed.c
This allows the user to override our defaults if needed, and in a
consistent manner.

Partial fix for #7607

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7624)

(cherry picked from commit ca811248d8)
2019-02-11 16:46:34 +01:00
Richard Levitte
0e1b0e510d test/recipes/02-err_errstr: skip errors that may not be loaded on Windows
Fixes #8091

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8094)
2019-02-11 16:29:23 +01:00
Tomas Mraz
95f59d398c Allow the syntax of the .include directive to optionally have '='
If the old openssl versions not supporting the .include directive
load a config file with it, they will bail out with error.

This change allows using the .include = <filename> syntax which
is interpreted as variable assignment by the old openssl
config file parser.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8141)

(cherry picked from commit 9d5560331d)
2019-02-11 15:25:00 +01:00
Daniel DeFreez
a12b338f06 Fix null pointer dereference in ssl_module_init
CLA: Trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8183)

(cherry picked from commit 758229f7d2)
2019-02-11 08:33:28 +10:00
Todd Short
25ca718150 Update d2i_PrivateKey documentation
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8168)

(cherry picked from commit 1980ce45d6)
2019-02-08 10:04:13 +00:00
Todd Short
3dbec21b46 Fix d2i_PublicKey() for EC keys
o2i_ECPublicKey() requires an EC_KEY structure filled with an EC_GROUP.

o2i_ECPublicKey() is called by d2i_PublicKey(). In order to fulfill the
o2i_ECPublicKey()'s requirement, d2i_PublicKey() needs to be called with
an EVP_PKEY with an EC_KEY containing an EC_GROUP.

However, the call to EVP_PKEY_set_type() frees any existing key structure
inside the EVP_PKEY, thus freeing the EC_KEY with the EC_GROUP that
o2i_ECPublicKey() needs.

This means you can't d2i_PublicKey() for an EC key...

The fix is to check to see if the type is already set appropriately, and
if so, not call EVP_PKEY_set_type().

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8168)

(cherry picked from commit 2aa2beb06c)
2019-02-08 10:04:13 +00:00
Pauli
ee774d5d3c Address a bug in the DRBG tests where the reseeding wasn't properly
reinstantiating the DRBG.

Bug reported by Doug Gibbons.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8184)

(cherry picked from commit b1522fa5ef)
2019-02-08 16:15:01 +10:00
Richard Levitte
eaacc24750 test/drbgtest.c: call OPENSSL_thread_stop() explicitly
The manual says this in its notes:

    ... and therefore applications using static linking should also call
    OPENSSL_thread_stop() on each thread. ...

Fixes #8171

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8173)

(cherry picked from commit 03cdfe1efa)
2019-02-07 20:16:18 +01:00
Matt Caswell
e1cce612a6 Make OPENSSL_malloc_init() a no-op
Making this a no-op removes a potential infinite loop than can occur in
some situations.

Fixes #2865

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8167)

(cherry picked from commit ef45aa14c5)
2019-02-07 14:25:38 +00:00
Sam Roberts
3b09585bd6 Remove unnecessary trailing whitespace
Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.

Trailing whitespace remains in test data and external source.

Backport-of: https://github.com/openssl/openssl/pull/8092

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8134)
2019-02-05 16:29:17 +01:00
Sam Roberts
00f2bafec1 Make some simple getters take const SSL/SSL_CTX
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8145)

(cherry picked from commit 3499327bad)
2019-02-05 13:58:24 +00:00
Matthias Kraft
5dc422c7ab Fix Invalid Argument return code from IP_Factory in connect_to_server().
Fixes #7732

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8158)

(cherry picked from commit 66a6000371)
2019-02-04 21:52:20 +01:00
batist73
453eccd63a Android build: fix usage of NDK home variable ($ndk_var)
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8153)

(cherry picked from commit adc7e221f1)
2019-02-04 21:38:11 +01:00
Bernd Edlinger
63b596e38d Add an entry to the CHANGES for the d2i_X509_PUBKEY fix
The commit 5dc40a83c7 forgot
to add a short description to the CHANGES file.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8144)

(cherry picked from commit b2aea0e3d9)
2019-02-02 08:09:00 +01:00
Michael Tuexen
243ff51cc6 Fix end-point shared secret for DTLS/SCTP
When computing the end-point shared secret, don't take the
terminating NULL character into account.
Please note that this fix breaks interoperability with older
versions of OpenSSL, which are not fixed.

Fixes #7956

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7957)

(cherry picked from commit 09d62b336d)
2019-02-01 12:03:43 +00:00
Bernd Edlinger
1b66fc87da Fix a crash in reuse of i2d_X509_PUBKEY
If the second PUBKEY is malformed there is use after free.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8122)

(cherry picked from commit 5dc40a83c7)
2019-01-31 19:27:37 +01:00
Bernd Edlinger
df3b7b99a8 Fixed d2i_X509 in-place not re-hashing the ex_flags
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8116)

(cherry picked from commit 5364902250)
2019-01-31 19:20:03 +01:00
Bernd Edlinger
7193394aee Fix a memory leak with di2_X509_CRL reuse
Additionally avoid undefined behavior with
in-place memcpy in X509_CRL_digest.

Fixes #8099

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8112)

(cherry picked from commit a727627922)
2019-01-31 19:14:17 +01:00
Richard Levitte
822e6d95e0 Better phrasing around 1.1.0
Fixes #8129

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8130)

(cherry picked from commit 62b563b9df)
2019-01-31 16:49:30 +01:00
Richard Levitte
c93e7e3dc0 VMS: force 'pinshared'
VMS doesn't currently support unloading of shared object, and we need
to reflect that.  Without this, the shlibload test fails

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8131)

(cherry picked from commit d1dd5d6f4c)
2019-01-31 16:16:41 +01:00
weinholtendian
43bc3d84f8 Fix error message for s_server -psk option
Previously if -psk was given a bad key it would print "Not a hex
number 's_server'".

CLA: Trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8113)

(cherry picked from commit e57120128f)
2019-01-31 15:18:36 +08:00
Petr Vorel
db6c6c3df2 Reuse already defined macros
instead of duplicity the code.

CLA: trivial

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8127)

(cherry picked from commit c4734493d7)
2019-01-31 09:40:05 +10:00
Matt Caswell
fea9f34a2e Complain if -twopass is used incorrectly
The option -twopass to the pkcs12 app is ignored if -passin, -passout
or -password is used. We should complain if an attempt is made to use
it in combination with those options.

Fixes #8107

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8114)

(cherry picked from commit 40b64553f5)
2019-01-30 15:44:12 +00:00
Matt Caswell
a6d6d64570 Fix no-dso builds
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8111)

(cherry picked from commit 522b11e969)
2019-01-30 15:30:56 +00:00
Matt Caswell
9ed9875f05 Don't leak memory from ERR_add_error_vdata()
If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then
a mem leak can occur. This commit checks that we successfully added the
error data, and if not frees the buffer.

Fixes #8085

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8105)

(cherry picked from commit fa6b1ee111)
2019-01-29 11:12:26 +00:00
Richard Levitte
6b4f989233 Android build: use ANDROID_NDK_HOME rather than ANDROID_NDK
It apepars that ANDROID_NDK_HOME is the recommended standard
environment variable for the NDK.

We retain ANDROID_NDK as a fallback.

Fixes #8101

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8103)

(cherry picked from commit 6e826c471b)
2019-01-29 00:41:26 +01:00
Michael Richardson
2d190d646c clarify which functions are the CMS functions which must have CMS_PARTIAL set
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7960)

(cherry picked from commit 61e033308b)
2019-01-27 12:25:53 +00:00
David Asraf
eae1c647df crypto/bn: fix return value in BN_generate_prime
When the ret parameter is NULL the generated prime
is in rnd variable and not in ret.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8076)

(cherry picked from commit 3d43f9c809)
2019-01-27 12:18:50 +00:00
Shigeki Ohtsu
24020351dc s_client: fix not to send a command letter of R
Before 1.1.0, this command letter is not sent to a server.

CLA: trivial
(cherry picked from commit bc180cb4887c2e82111cb714723a94de9f6d2c35)

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8081)

(cherry picked from commit 5478e21002)
2019-01-27 12:03:34 +00:00
Tomas Mraz
b62ef4e137 Remove stray -modulus option from the ec manual page.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8082)

(cherry picked from commit d7bcbfd082)
2019-01-27 11:57:59 +00:00
Matthias Kraft
d4f4fcabec Add "weak" declarations of symbols used in safestack.h and lhash.h
Only for SunCC for now.

It turns out that some compilers to generate external variants of
unused static inline functions, and if they use other external
symbols, those need to be present as well.  If you then happen to
include one of safestack.h or lhash.h without linking with libcrypto,
the build fails.

Fixes #6912

Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8087)

(cherry picked from commit 6638b22147)
2019-01-27 10:56:26 +01:00
Dr. Matthias St. Pierre
5865bc0f83 X509_STORE: fix two misspelled compatibility macros
Fixes #8084

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8086)

(cherry picked from commit 2c75f03b39)
2019-01-25 11:21:03 +01:00
Klotz, Tobias
b6d41ff733 Cleanup vxworks support to be able to compile for VxWorks 7
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7569)

(cherry picked from commit 5c8b7b4caa)
2019-01-24 17:58:27 +01:00
Matt Caswell
8e3df4012a Revert "Keep the DTLS timer running after the end of the handshake if appropriate"
This commit erroneously kept the DTLS timer running after the end of the
handshake. This is not correct behaviour and shold be reverted.

This reverts commit f7506416b1.

Fixes #7998

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8047)

(cherry picked from commit bcc1f3e2ba)
2019-01-24 13:44:29 +00:00
Matt Caswell
f9ad0abb29 Make sure we trigger retransmits in DTLS testing
During a DTLS handshake we may need to periodically handle timeouts in the
DTLS timer to ensure retransmits due to lost packets are performed. However,
one peer will always complete a handshake before the other. The DTLS timer
stops once the handshake has finished so any handshake messages lost after
that point will not automatically get retransmitted simply by calling
DTLSv1_handle_timeout(). However attempting an SSL_read implies a
DTLSv1_handle_timeout() and additionally will process records received from
the peer. If those records are themselves retransmits then we know that the
peer has not completed its handshake yet and a retransmit of our final
flight automatically occurs.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8047)

(cherry picked from commit 80c455d5ae)
2019-01-24 13:44:27 +00:00
Matt Eaton
d0a4e858bb Update NOTES.ANDROID
Minor typo fix to `adjustment` in the line:
"In such case you have to pass matching target
 name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjustment
 becomes simpler, $ANDROID_NDK/bin:$PATH suffices."

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8054)

(cherry picked from commit 52bcd4afc8)
2019-01-22 12:26:44 +01:00
Bernd Edlinger
8c175d2d4f Make ca command silently use default if .attr file does not exist
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7286)

(cherry picked from commit ac454d8d46)
2019-01-21 15:53:32 +01:00
Bernd Edlinger
b6769a3865 PPC: Try out if mftb works before using it
If this fails try out if mfspr268 works.

Use OPENSSL_ppccap=0x20 for enabling mftb,
OPENSSL_ppccap=0x40 for enabling mfspr268,
and OPENSSL_ppccap=0 for enabling neither.

Fixes #8012

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8043)

(cherry picked from commit c8f370485c)
2019-01-21 15:45:53 +01:00
Corey Minyard
492f70645c Fix a memory leak in the mem bio
If you use a BIO and set up your own buffer that is not freed, the
memory bio will leak the BIO_BUF_MEM object it allocates.

The trouble is that the BIO_BUF_MEM is allocated and kept around,
but it is not freed if BIO_NOCLOSE is set.

The freeing of BIO_BUF_MEM was fairly confusing, simplify things
so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM
in mem_free(), where it should be done.

Alse add a test for a leak in the memory bio
Setting a memory buffer caused a leak.

Signed-off-by: Corey Minyard <minyard@acm.org>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8051)

(cherry picked from commit c6048af23c)
2019-01-21 17:50:04 +10:00
David Benjamin
781378daca Reduce inputs before the RSAZ code.
The RSAZ code requires the input be fully-reduced. To be consistent with the
other codepaths, move the BN_nnmod logic before the RSAZ check.

This fixes an oft-reported fuzzer bug.
https://github.com/google/oss-fuzz/issues/1761

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7187)

(cherry picked from commit 3afd537a3c)
2019-01-17 08:19:24 +10:00
Richard Levitte
04c71d8604 apps/verify.c: Change an old comment to clarify what the callback does
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7922)

(cherry picked from commit 9b10986d77)
2019-01-16 22:00:42 +01:00
Richard Levitte
b36b1632e2 crypto/armcap.c, crypto/ppccap.c: stricter use of getauxval()
Having a weak getauxval() and only depending on GNU C without looking
at the library we build against meant that it got picked up where not
really expected.

So we change this to check for the glibc version, and since we know it
exists from that version, there's no real need to make it weak.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8028)

(cherry picked from commit 5f40dd158c)
2019-01-16 18:04:22 +01:00
Richard Levitte
6ffcd10ade crypto/uid.c: use own macro as guard rather than AT_SECURE
It turns out that AT_SECURE may be defined through other means than
our inclusion of sys/auxv.h, so to be on the safe side, we define our
own guard and use that to determine if getauxval() should be used or
not.

Fixes #7932

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7933)

(cherry picked from commit aefb980c45)
2019-01-16 06:21:32 +01:00
Matt Caswell
0c13c8ece1 Don't get the mac type in TLSv1.3
We don't use this information so we shouldn't fetch it. As noted in the
comments in #8005.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8020)

(cherry picked from commit ea09abc808)
2019-01-15 11:50:35 +00:00
Matt Caswell
709c6be2f8 Add missing entries in ssl_mac_pkey_id
Fixes #8005

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8020)

(cherry picked from commit 7fe0ed75e3)
2019-01-15 11:50:35 +00:00
Matt Caswell
46c853e03a Check more return values in the SRP code
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8019)

(cherry picked from commit d63bde7827)
2019-01-15 11:35:08 +00:00