Commit graph

23185 commits

Author SHA1 Message Date
Billy Brumley
39df51522b Remove superfluous NULL checks. Add Andy's BN_FLG comment.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6009)
2018-04-23 19:14:25 +01:00
Nicola Tuveri
736b31e5ea Move up check for EC_R_INCOMPATIBLE_OBJECTS and for the point at infinity case
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6009)
2018-04-23 19:14:25 +01:00
Nicola Tuveri
f467537927 Pass through
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6009)
2018-04-23 19:14:25 +01:00
Billy Brumley
a067a8705a ladder description: why it works
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6009)
2018-04-23 19:14:25 +01:00
Nicola Tuveri
36bed230b5 Address code style comments
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6009)
2018-04-23 19:14:25 +01:00
Billy Brumley
40e48e5458 Elliptic curve scalar multiplication with timing attack defenses
Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com>
Co-authored-by: Cesar Pereida Garcia <cesar.pereidagarcia@tut.fi>
Co-authored-by: Sohaib ul Hassan <soh.19.hassan@gmail.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6009)
2018-04-23 19:14:25 +01:00
Kurt Roeckx
5b820d785d Fix usage of ossl_assert()
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #6044
2018-04-23 18:45:53 +02:00
Andy Polyakov
198a2ed791 ARM assembly pack: make it work with older assembler.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6043)
2018-04-23 17:29:59 +02:00
Andy Polyakov
40ab6b8567 00-base-templates.conf: wire keccak1600-armv4 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6042)
2018-04-23 17:27:58 +02:00
Andy Polyakov
e9afe7a143 sha/asm/keccak1600-armv4.pl: adapt for multi-platform.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6042)
2018-04-23 17:27:53 +02:00
Andy Polyakov
3571069526 00-base-templates.conf: wire keccak1600-ppc64 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6042)
2018-04-23 17:27:49 +02:00
Andy Polyakov
fe46035dbe 00-base-templates.conf: wire keccak1600-s390x module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6042)
2018-04-23 17:27:45 +02:00
Andy Polyakov
eefc485bda 00-base-templates.conf: wire keccak1600-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6042)
2018-04-23 17:27:40 +02:00
Andy Polyakov
1018a7251e 00-base-templates.conf: wire keccak1600-x86_64 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6042)
2018-04-23 17:27:36 +02:00
Andy Polyakov
0fe72aaaa9 sha/asm/keccak1600-x86_64.pl: make it work on Windows.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6042)
2018-04-23 17:27:31 +02:00
Andy Polyakov
e4739e31ee Configure: add $target{keccak1600_asm_src}.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6042)
2018-04-23 17:26:54 +02:00
Andy Polyakov
dd2d7b19f8 sha/asm/keccak1600-armv8.pl: halve the size of hw-assisted subroutine.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-04-23 17:19:57 +02:00
Andy Polyakov
46cc9f35ae .travis.yml: switch to newer osx image.
Default osx image runs Mac OS X 10.12, which apparently suffers from
infrequent socket failures affecting some tests. Later image runs
10.13...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5986)
2018-04-23 17:16:27 +02:00
Richard Levitte
25642ad29e Fix openssl ca, to correctly make output file binary when using -spkac
On Unix, this doesn't matter, but on other platforms, it may.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6050)
2018-04-23 11:07:46 +02:00
Richard Levitte
10b37541dc Fix late opening of output file
For 'openssl dhparams', the output file was opened after calculations
were made, which is a waste of cycles and time if the output file
turns out not to be writable.

Fixes #3404

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6051)
2018-04-23 10:51:36 +02:00
Kurt Roeckx
148796291e Add support for getrandom() or equivalent system calls and use them by default
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5910
2018-04-22 20:16:02 +02:00
Bernd Edlinger
0e0f8116e2 Fix building linux-armv4 with --strict-warnings
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6026)
2018-04-20 15:49:33 +02:00
Bernd Edlinger
eb2b989206 Ensure the thread keys are always allocated in the same order
Fixes: #5899

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5911)
2018-04-20 15:45:06 +02:00
Dr. Matthias St. Pierre
e1c0348cc7 openssl/err.h: remove duplicate OSSL_STOREerr()
Two definitions in lines 127 and 136, introduced in 71a5516dcc.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6029)
2018-04-20 13:05:22 +02:00
Dr. Matthias St. Pierre
9d978ac3f3 openssl/ssl.h: restore some renamed public SSL_CTRL defines
Fixes #6022

In commit de4d764e32, the following SSL_CTRL #define's where renamed

    SSL_CTRL_GET_CURVES        ->  SSL_CTRL_GET_GROUPS
    SSL_CTRL_SET_CURVES        ->  SSL_CTRL_SET_GROUPS
    SSL_CTRL_SET_CURVES_LIST   ->  SSL_CTRL_SET_GROUPS_LIST
    SSL_CTRL_GET_SHARED_CURVE  ->  SSL_CTRL_GET_SHARED_GROUP

The corresponding function-like macros (e.g, SSL_get1_curves(ctx, s)) were
renamed, too, and compatibility #define's were added. This was overlooked for
the above constants. Since the constants are part of the public interface,
they must not be removed for a minor release.

As a consequence the Qt5 configure check (and the build) fails.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6023)
2018-04-20 13:01:21 +02:00
Matt Caswell
4a432af895 Add a test for SSL_pending()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6020)
2018-04-20 11:51:57 +01:00
Matt Caswell
5b79813b23 Fix SSL_pending() for DTLS
DTLS was not correctly returning the number of pending bytes left in
a call to SSL_pending(). This makes the detection of truncated packets
almost impossible.

Fixes #5478

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6020)
2018-04-20 11:51:57 +01:00
Matt Caswell
033c181ba6 Test the state of SSL_in_init() from the info_callback
Check that in a handshake done event SSL_in_init() is 0 (see #4574)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6019)
2018-04-20 11:46:12 +01:00
Matt Caswell
4ce787b97a Make sure SSL_in_init() returns 0 at SSL_CB_HANDSHAKE_DONE
In 1.1.0 and before calling SSL_in_init() from the info_callback
at SSL_CB_HANDSHAKE_DONE would return 0. This commit fixes it so
that it does again for 1.1.1. This broke Node.

Fixes #4574

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6019)
2018-04-20 11:46:12 +01:00
Kurt Roeckx
4b7c6385f7 Document supported digest functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6024)
2018-04-19 21:05:01 +02:00
Richard Levitte
bd982b48dc Enable all implemented digests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6025)
2018-04-19 21:03:53 +02:00
Bernd Edlinger
c9c56ee501 Clear buffer in PEM_write_bio
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5814)
2018-04-19 15:47:43 +02:00
Alois Mahdal
c190506cd8 Reflect special DEFAULT behavior in ciphers(1)
Actual behavior of DEFAULT is different than currently described.
Rather than actinf as cipher string, DEFAULT cannot be combined using
logical operators, etc.

Fixes #5420.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5428)
2018-04-19 15:34:49 +02:00
Richard Levitte
918388b5a0 Don't distribute team internal config targets
Configurations/90-team.conf isn't for public consumption, so we rename
it to 90-team.norelease.conf and make sure 'make dist' and 'make tar'
don't include it in the tarball.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5836)
2018-04-19 15:02:19 +02:00
A. Schulze
aa3b328541 correct spelling errors detected by Debian lintian
CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5801)
2018-04-19 11:10:17 +02:00
Matt Caswell
7f6dfa19df Add a test for a NULL X509_STORE in X509_STORE_CTX_init
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6001)
2018-04-19 08:53:40 +01:00
Matt Caswell
1c705121af Don't crash if there are no trusted certs
The X509_STORE_CTX_init() docs explicitly allow a NULL parameter for the
X509_STORE. Therefore we shouldn't crash if we subsequently call
X509_verify_cert() and no X509_STORE has been set.

Fixes #2462

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6001)
2018-04-19 08:53:40 +01:00
Matt Caswell
c324ecfb2d Fix ocsp app exit code
If we run the ocsp command line app and the responder returns a
non-successful status code then the app should exit with a failure code.

Based on an original patch by Tatsuhiro Tsujikawa.

Fixes #2387

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5998)
2018-04-19 08:39:42 +01:00
Matt Caswell
6e07834ca0 Fix no-ec
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5997)
2018-04-19 08:36:45 +01:00
Matt Caswell
c637891310 Correct an ommission in the EVP_DigestSignInit docs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5996)
2018-04-19 08:35:47 +01:00
Viktor Dukhovni
a4107d73d5 Add missing index_index() when reloading OCSP responder
Also, future-proof index_index() return codes by requiring success
to return a positive value.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-04-18 22:29:35 -04:00
Beat Bolli
cb1b2cafe1 Clarify the configuration module in config.pod
Similar to 0652e8a7 ("Clarify default section in config.pod",
2018-04-12), reword a sentence to make it easier to parse.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5794)
2018-04-18 16:42:11 -04:00
Andy Polyakov
b3199e54d6 apps/s_socket.c: fix memory sanitizer problem in ACCEPT printout.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5994)
2018-04-18 20:08:05 +02:00
Andy Polyakov
f3d3b36255 TLSProxy/Proxy.pm: preclude output intermix.
s_server -rev emits info output on stderr, i.e. unbufferred, which
risks intermixing with output from TLSProxy itself on non-line
boundaries, which in turn is confusing to TAP parser.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5975)
2018-04-18 19:58:15 +02:00
Andy Polyakov
c4220c0f9a recipes/70-test_ssl{cbcpadding,extension,records}: make it work w/fragmentation.
This fixes only those tests that were failing when network data was
fragmented. Remaining ones might succeed for "wrong reasons". Bunch
of tests have to fail to be considered successful and when data is
fragmented they might fail for reasons other than originally intended.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5975)
2018-04-18 19:57:54 +02:00
Andy Polyakov
3f1f62b97b TLSProxy/Record.pm: add is_fatal_alert method.
(resolve uninitialized variable warning and harmonize output).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5975)
2018-04-18 19:57:14 +02:00
Andy Polyakov
17cde9c2e4 TLSProxy/Proxy.pm: refine NewSessionTicket detection.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5975)
2018-04-18 19:56:53 +02:00
Andy Polyakov
3f473b936a TLSProxy/Message.pm: refine end-of-conversation detection logic.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5975)
2018-04-18 19:56:12 +02:00
Rahul Chaudhry
5bb1cd2292 poly1305/asm/poly1305-armv4.pl: remove unintentional relocation.
Branch to global symbol results in reference to PLT, and when compiling
for THUMB-2 - in a R_ARM_THM_JUMP19 relocation. Some linkers don't
support this relocation (ld.gold), while others can end up truncating
the relocation to fit (ld.bfd).

Convert this branch through PLT into a direct branch that the assembler
can resolve locally.

See https://github.com/android-ndk/ndk/issues/337 for background.

The current workaround is to disable poly1305 optimization assembly,
which is not optimal and can be reverted after this patch:
beab607d2b

CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5949)
2018-04-18 19:47:53 +02:00
FdaSilvaYY
2f8271ebca Style: ssl.h
fix some indents, and restrict to 80 cols some lines.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4466)
2018-04-18 09:04:55 +01:00