Commit graph

8015 commits

Author SHA1 Message Date
Matt Caswell
c521edc3a1 Some platforms provide getcontext() but it does not work
Some platforms claim to be POSIX but their getcontext() implementation
does not work. Therefore we update the ASYNC_is_capable() function to test
for this.

RT#4366

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-16 18:12:56 +01:00
Andy Polyakov
2460c7f133 poly1305/asm/poly1305-x86_64.pl: make it work with linux-x32.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-15 23:58:31 +01:00
Emilia Kasper
0a86f66821 On Windows, page walking is known as __chkstk.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-15 23:56:23 +01:00
Emilia Kasper
1bf80d9302 Explain *cough*-dows
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-15 23:56:17 +01:00
Emilia Kasper
3ddd1d0458 Fix CRYPTO_THREAD_run_once return value checks
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-15 17:59:09 +01:00
Richard Levitte
a4d8bcf1f2 Small typo
OPENSSL_INIT_ONCE and OPENSSL_INIT_ONCE_STATIC_INIT are really
CRYPTO_ONCE and CRYPTO_ONCE_STATIC_INIT.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-15 14:06:34 +01:00
Andy Polyakov
8d51db86f7 s390x assembly pack: 32-bit fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 13:52:34 +01:00
Andy Polyakov
6bfb7db35a build.info/Makefile.in: Itanium fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 13:50:43 +01:00
Matt Caswell
58a8fc25d7 Fix the init cleanup order
There are internal dependencies between the various cleanup functions.
This re-orders things to try and get that right.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 10:54:37 +00:00
Matt Caswell
b10cdcce00 Add some missing cleanup calls to de-init
OBJ_cleanup() doesn't always get called from EVP_cleanup() so needs to be
explicitly called in de-init. Also BIO_sock_cleanup() also needs to be
called.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 10:54:37 +00:00
Richard Levitte
e7c8cafab8 Change an function macro for ERR match the function it's used in.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-13 14:54:51 +01:00
Richard Levitte
6d505f2842 Complete incomplete makefile variable referenses
A couple of '$(PERLASM_SCHEM' had sneaked in.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-13 11:07:12 +01:00
Richard Levitte
f425f9dcff Add $(LIB_CFLAGS) for any build.info generator that uses $(CFLAGS)
The reason to do so is that some of the generators detect PIC flags
like -fPIC and -KPIC, and those are normally delivered in LD_CFLAGS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-13 00:02:55 +01:00
Emilia Kasper
8cab4e9bc7 Fix memory leak in library deinit
ENGINE_cleanup calls CRYPTO_free_ex_data and therefore,
CRYPTO_cleanup_all_ex_data - which cleans up the method pointers - must
run after ENGINE_cleanup.

Additionally, don't needlessly initialize the EX_CALLBACKS stack during
e.g. CRYPTO_free_ex_data. The only time this is actually needed is when
reserving the first ex data index. Specifically, since sk_num returns -1
on NULL input, the rest of the code already handles a NULL method stack
correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-12 21:47:01 +01:00
Emilia Kasper
e4ad0763e8 Fix no-comp build
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-12 16:21:33 +01:00
Matt Caswell
c3caf76035 Remove some dead code from 1999
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 21:32:13 +00:00
Matt Caswell
81161070f8 Don't clobber the last error
On Windows we call WSAGetLastError() to find out the last error that
happened on a socket operation. We use this to find out whether we can
retry the operation or not. You are supposed to call this immediately
however in a couple of places we logged an error first. This can end up
making other Windows system calls to get the thread local error state.
Sometimes that can clobber the error code, so if you call WSAGetLastError()
later on you get a spurious response and the socket operation looks like
a fatal error.

Really we shouldn't be logging an error anyway if its a retryable issue.
Otherwise we could end up with stale errors on the error queue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 21:32:13 +00:00
Dr. Stephen Henson
a6eb1ce6a9 Make X509_SIG opaque.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 17:40:47 +00:00
Kurt Roeckx
53a5167458 Use unsigned int instead of just unsigned.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Kurt Roeckx
a57410899a Save leaf_node and node_offset as character array
They are not numbers in the machine byte order.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Kurt Roeckx
208527a75d Review comments
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Bill Cox
2d0b441267 Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Dr. Stephen Henson
40f43f8a2e move DSA_SIG definition into C source file
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 14:53:50 +00:00
Andy Polyakov
ee619197db crypto/*/build.info: make it work on ARM platforms.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:30:57 +01:00
Andy Polyakov
12940f08f4 crypto/*/build.info: SPARC-specific fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:29:55 +01:00
Rob Percival
680ddc996b constify CT_POLICY_EVAL_CTX getters
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 09:06:04 -05:00
Matt Caswell
773fd0bad4 Call CONF_modules_free() before ENGINE_cleanup() in auto-deinit
During auto de-init we were calling ENGINE_cleanup(), and then later
CONF_modules_free(). However the latter function can end up calling
engine code, which can lead to a use of the global_engine_lock after it
has already been freed. Therefore we should swap the calling order of
these two functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 13:36:57 +00:00
Richard Levitte
a5aa63a456 Fix some assembler generating scripts for better unification
Some of these scripts would recognise an output parameter if it looks
like a file path.  That works both in both the classic and new build
schemes.  Some fo these scripts would only recognise it if it's a
basename (i.e. no directory component).  Those need to be corrected,
as the output parameter in the new build scheme is more likely to
contain a directory component than not.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-11 00:54:31 +01:00
Richard Levitte
603358de57 Add include directory options for assembler files that include from crypto/
A few were missed in the previous commit.

Closes RT#4412

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 22:00:27 +01:00
Rob Percival
49e5db0b31 check reviewer --reviewer=emilia
Pass entire CTLOG_STORE to SCT_print, rather than just the SCT's CTLOG

SCT_print now looks up the correct CT log for you.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 14:53:04 -05:00
Rob Percival
8359b57f27 check reviewer --reviewer=emilia
Remove 'log' field from SCT and related accessors

In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.

Improved documentation for some CT functions in openssl/ssl.h.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 14:53:04 -05:00
Richard Levitte
f0667b1430 Add include directory options for assembler files that include from crypto/
Closes RT#4406

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 20:30:47 +01:00
Richard Levitte
03f880e4fc The typedef ECPARAMETERS is already defined, don't define it anew
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-10 11:29:08 +01:00
Matt Caswell
6a7de8e094 Remove a missed item from the old thread API
A line from cryptlib.h was missed during the old Thread API removal. This
breaks no-deprecated builds.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 09:29:42 +00:00
Matt Caswell
1e45206fb9 Mark SRP_VBASE_get_by_user() as deprecated
The function SRP_VBASE_get_by_user() is declared as deprecated but the
implementation was not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 09:29:42 +00:00
Rich Salz
599eccfcbf RT3676 add: Export ASN.1 DHparams
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 20:58:08 -05:00
Benjamin Kaduk
a1673e1536 Avoid negative array index in BIO_debug_callback()
BIO_snprintf() can return -1 on truncation (and overflow as of commit
9cb177301f).  Though neither can
realistically occur while printing a pointer and short fixed string into
a buffer of length 256, the analysis to confirm that this the case goes
somewhat far up the call chain, and not all static analyzers can
successfully follow the chain of logic.

It's easy enough to clamp the returned length to be nonnegative before
continuing, which appeases the static analyzer and does not harm the
subsequent code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 20:52:19 -05:00
Benjamin Kaduk
80e8fdbe79 CT: check some GeneralizedTime return values
Some of the ASN.1 routines for the GeneralizedTime type can return
errors; check for these and do not continue past failure, so as
to appease coverity.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 20:52:19 -05:00
Jim Basney
dca7158c95 Avoid double-free in calleres to OCSP_parse_url
set pointers to NULL after OPENSSL_free before returning to caller to
avoid possible double-free in caller

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 20:44:52 -05:00
Mat
642565106e Fix return type for CRYPTO_THREAD_run_once
return type should be int and not void

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 20:42:30 -05:00
Viktor Dukhovni
dd60efea95 Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 20:41:28 -05:00
Rich Salz
60b350a3ef RT3676: Expose ECgroup i2d functions
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 12:25:21 -05:00
Rob Percival
eac84e8127 Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
14db9bbd71 Removes SCT_LIST_set_source and SCT_LIST_set0_logs
Both of these functions can easily be implemented by callers instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
21b908a8f9 Makes SCT_get0_log return const CTLOG*
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
12d2d28185 Makes CTLOG_STORE_get0_log_by_id return const CTLOG*
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
98af731064 Improved documentation of SCT_CTX_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
e5a7ac446b Updates ct_err.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
6d7fd9c142 Reset SCT validation_status if the SCT is modified
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
70279a81a7 Fixes "usuable" typo in ct_locl.h
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
70073f3e3a Treat boolean functions as booleans
Use "!x" instead of "x <= 0", as these functions never return a negative
value.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
8c92c4eac0 Make parameters of CTLOG_get* const
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
5da65ef23c Extensive application of __owur to CT functions that return a boolean
Also improves some documentation of those functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
8fbb93d0e2 Makes SCT_LIST_set_source return the number of successes
No longer terminates on first error, but instead tries to set the source
of every SCT regardless of whether an error occurs with some.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Matt Caswell
651edc0d19 Fix classic build
The Thread API changes broke classic build. This fixes it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 14:58:42 +00:00
Matt Caswell
2e52e7df51 Remove the old threading API
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 12:41:39 +00:00
Matt Caswell
4fc4faa7a7 Remove use of the old CRYPTO_LOCK_X5O9_STORE
The locking here is a bit strange and unclear. Rather than refactor
anything and possibly break stuff I have just moved to using the new
thread API following as closely as possible what was there previously.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 12:41:39 +00:00
Richard Levitte
9749a07a1d Don't call ENGINE_cleanup when configured "no-engine"
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 12:52:50 +01:00
Richard Levitte
5b14d5b5a0 Make sure the effect of "pic" / "no-pic" is used with assembler compilations
Before the 'Introduce the "pic" / "no-pic" config option' commit, the
shared_cflag value for the chosen config would be part of the make
variable CFLAG, which got replicated into CFLAGS and ASFLAGS.

Since said commit, the shared_cflag value has become a make variable
of its own, SHARED_CFLAG (which is left empty in a "no-pic" build).

However, ASFLAGS was forgotten.  That's what's corrected with this
change.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:33:23 +01:00
Richard Levitte
dca5c70121 Add extra include directory for includers of ppc_arch.h
crypto/evp/e_aes.c and crypto/modes/gcm128.c include ppc_arch.h, which
is located in crypto/, so add that as extra include directory for them.

Issue reported by Jeffrey Walton <noloader@gmail.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:07:15 +01:00
Andy Polyakov
1a66190888 ec/asm/ecp_nistz256-sparcv9.pl: get corner logic right.
RT#4284

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:21:11 +01:00
Richard Levitte
81e61d7cb5 Unified - adapt the generation of whirlpool assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/whrlpool/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
e87e380a17 Unified - adapt the generation of sha assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/sha/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
3c9d51ce8b Unified - adapt the generation of rc4 assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/rc4/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
ac9888e5a9 Unified - adapt the generation of rc5 assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/rc5/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
fe7f8263af Unified - adapt the generation of ripemd assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/ripemd/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
57c83b3c3a Unified - adapt the generation of md5 assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/md5/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
4f0d5f1849 Unified - adapt the generation of modes assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/modes/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
3aa3af68a5 Unified - adapt the generation of poly1305 assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/poly1305/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
6d33da3487 Unified - adapt the generation of des assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/des/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
73d2fb66ef Unified - adapt the generation of ec assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/ec/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
5384d1e4eb Unified - adapt the generation of camellia assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/camellia/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
db1983980b Unified - adapt the generation of cast assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/cast/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
df0cb57ca3 Unified - adapt the generation of chacha assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/chacha/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
0a4edb931b Unified - adapt the generation of cpuid, uplink and buildinf to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
184bc45f68 Unified - adapt the generation of aes assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/aes/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
10eab320a5 Unified - adapt the generation of blowfish assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/bf/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Matt Caswell
ae6412f3be Always call ENGINE_cleanup() in de-init
Even if we haven't loaded an engine, we might have set up the
global_engine_lock, so we should still clean up.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 11:04:21 +01:00
Matt Caswell
40e068d506 Move engine library over to using the new thread API
Remove usage of CRYPTO_LOCK_ENGINE

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 11:04:01 +01:00
Richard Levitte
660e7588ed err_lcl.h is gone, don't pretend it's there
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-09 08:58:43 +01:00
Alessandro Ghedini
a060574458 Move variable declaration to the start of the function
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 01:20:53 +00:00
Matt Caswell
8eed7e873b Convert rand code to new threading API
Replace the CRYPTO_LOCK_RAND and CRYPTO_LOCK_RAND2 locks with new thread
API style locks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 01:14:57 +00:00
Richard Levitte
52c14c5454 Fix a typo in dynamic_load()
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 01:41:11 +01:00
Alessandro Ghedini
0b1a07c8a7 Convert RSA blinding to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 23:52:48 +00:00
Richard Levitte
be1251f73d Remove the transfer of lock hooks from bind_engine
With the new threads API, this is no longer needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 00:33:38 +01:00
Richard Levitte
6d5667110a Engine API repair - memory management hooks
The Engine API lost the setting of memory management hooks in
bind_engine.  Here's putting that back.

EX_DATA and ERR functions need the same treatment.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 00:33:38 +01:00
Matt Caswell
9471f7760d Convert mem_dbg and mem_sec to the new Thread API
Use new Thread API style locks, and thread local storage for mem_dbg

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 21:06:04 +00:00
Rich Salz
040d43b3ff OpenSSLDie --> OPENSSL_die
Also removed a bunch of unused define's from e_os.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08 14:46:17 -05:00
Richard Levitte
e519ecd8d4 Include e_os.h from ec_lcl.h
The EC code recently started using REF_PRINT_COUNT and REF_ASSERT_ISNT.
Those are defined in e_os.h.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 19:55:40 +01:00
Dmitry-Me
1caaea1338 Reuse strndup(), simplify code
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08 12:36:34 -05:00
Dr. Stephen Henson
706a13f112 Make DSA_SIG opaque.
This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 17:02:16 +00:00
Alessandro Ghedini
c001ce3313 Convert CRYPTO_LOCK_X509_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
41cfbccc99 Convert CRYPTO_LOCK_UI to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
9b398ef297 Convert CRYPTO_LOCK_EC_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
03273d61e7 Convert CRYPTO_LOCK_EVP_PKEY to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
fb46be0348 Convert CRYPTO_LOCK_BIO to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Andy Polyakov
eb77e8886d SPARCv9 assembly pack: unify build rules and argument handling.
Make all scripts produce .S, make interpretation of $(CFLAGS)
pre-processor's responsibility, start accepting $(PERLASM_SCHEME).
[$(PERLASM_SCHEME) is redundant in this case, because there are
no deviataions between Solaris and Linux assemblers. This is
purely to unify .pl->.S handling across all targets.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08 15:51:06 +01:00
Todd Short
3ec13237f0 Add cipher query functions
Add functions to determine authentication, key-exchange, FIPS and AEAD.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:19:15 -05:00
Alessandro Ghedini
7b8e12d24e Convert ERR_STRING_DATA to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 14:11:59 +00:00
Alessandro Ghedini
8509dcc9f3 Convert ERR_STATE to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 14:11:09 +00:00
Alessandro Ghedini
f75200115d Convert CRYPTO_LOCK_EX_DATA to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Alessandro Ghedini
c74471d293 Convert CRYPTO_LOCK_DSO to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Alessandro Ghedini
d188a53617 Convert CRYPTO_LOCK_{DH,DSA,RSA} to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Alessandro Ghedini
f989cd8c0b Convert CRYPTO_LOCK_GET*BYNAME to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Dr. Stephen Henson
e1d9f1ab39 Remove kinv/r fields from DSA structure.
The kinv/r fields in the DSA structure are not used by OpenSSL internally
and should not be used in general.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 22:15:04 +00:00
Matt Caswell
44ab2dfdf9 Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
98ee75439d Update the dasync engine to add a pipeline cipher
Implement aes128-cbc as a pipeline capable cipher in the dasync engine.
As dasync is just a dummy engine, it actually just performs the parallel
encrypts/decrypts in serial.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:26:04 +00:00
David Woodhouse
691064c47f Elide OPENSSL_INIT_set_config_filename() for no-stdio build
Strictly speaking, it isn't stdio and file access which offend me here;
it's the fact that UEFI doesn't provide a strdup() function. But the
fact that it's pointless without file access is a good enough excuse for
compiling it out.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 14:51:08 -05:00
David Woodhouse
b9bd7b06cc Elide DES_read_password() for no-ui build
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 14:51:08 -05:00
Rich Salz
8731a4fcd2 ISSUE 43: Add BIO_sock_shutdown
This replaces SHUTDOWN/SHUTDOWN2 with BIO_closesocket.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 14:47:54 -05:00
Rob Percival
147e54a77e Fixes memory leaks in CT code
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 14:44:04 -05:00
David Woodhouse
db922318b3 Elide EVP_read_pw_string() and friends for no-ui
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-07 12:52:56 -05:00
Richard Levitte
6bd7a4d96c Unified - adapt the generation of bignum assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/bn/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 18:25:56 +01:00
Matt Caswell
667867cced Add a function to detect if we have async or not
Add the ASYNC_is_capable() function and use it in speed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:23:42 +00:00
Matt Caswell
c292b105b1 Remove use of CRYPTO_LOCK_INIT in init code
Swap the use of CRYPTO_LOCK_INIT in the init code to use the new threading
API mechanism for locking.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
Matt Caswell
a072ed0c88 Swap the init code to use the new Thread API thread locals
The init code was using its own thread local code. Now we have a central
API for it we should use that instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
Matt Caswell
b1f1e7aeba Swap the init code to use CRYPTO_ONCE
The init code was using its own "once" implementation. Now that we have
the new thread API we should use that instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
Dr. Stephen Henson
54dbf42398 Make PKCS8_PRIV_KEY_INFO opaque.
Make PKCS8_PRIV_KEY_INFO opaque. Several accessor functions already exist
for this structure. Two new ones were added to handle attributes.

The old handling of broken formats has been removed and the corresponding
structures simplified.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:11:21 +00:00
Andy Polyakov
adc4f1fc25 bn/asm/x86[_64]-mont*.pl: complement alloca with page-walking.
Some OSes, *cough*-dows, insist on stack being "wired" to
physical memory in strictly sequential manner, i.e. if stack
allocation spans two pages, then reference to farmost one can
be punishable by SEGV. But page walking can do good even on
other OSes, because it guarantees that villain thread hits
the guard page before it can make damage to innocent one...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 14:58:14 +01:00
Andy Polyakov
6e42e3ff9c perlasm/x86_64-xlate.pl: handle binary constants early.
Not all assemblers of "gas" flavour handle binary constants, e.g.
seasoned MacOS Xcode doesn't, so give them a hand.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-07 14:51:26 +01:00
Matt Caswell
15457b6203 Fix OPENSSL_INIT flags to avoid a clash.
The 0x00010000L OPENSSL_INIT flag appeared twice.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
6cba4a6661 Rework based on feedback:
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
   future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
Rich Salz
a4cb3bc8f2 GH616: Remove dead code
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-05 13:45:40 -05:00
Emilia Kasper
5b7af0dd6c Curve25519: fix const-initialization
Clang is permissive of this, but gcc fails.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 18:13:05 +01:00
Dr. Stephen Henson
5b70372d5d Add ASN.1 ADB callback.
Add support for application supplied any defined by callback. An
application can change the selector value if it wishes. This is
mainly intended for values which are only known at runtime, for
example dynamically created OIDs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 17:06:13 +00:00
Dmitry-Me
fbff671659 GH784: Better variable name
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-04 11:49:22 -05:00
Rob Percival
2508c047eb Handle empty log name in "enable_logs" line of the CT log file
e.g. "enabled_logs = foo,,bar"

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:10 -05:00
Rob Percival
0c6ea56568 Handle missing "enabled_logs" line in CT log file
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:10 -05:00
Rob Percival
a930afb698 If a CT log entry in CTLOG_FILE is invalid, skip it and continue loading
Previously, the remaining CT log entries would not be loaded.
Also, CTLOG_STORE_load_file would return 1 even if a log entry was
invalid, resulting in no errors being shown.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:10 -05:00
Rob Percival
98d8ddd254 Change default CT log list filename to "ct_log_list.cnf"
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:10 -05:00
Emilia Kasper
b95779846d Curve25519: avoid undefined behaviour
Appease the sanitizer: avoid left shifts of negative values.

This could've been done entirely with casts to uint and back,
but using masks seemed slightly more readable.

There are also implementation-defined signed right shifts in this
code. Those remain.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 12:28:01 +01:00
Andy Polyakov
a66ec57c6e chacha/asm/chacha-ppc.pl: fix typo.
RT#4365

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 11:55:35 +01:00
Dr. Stephen Henson
5f57abe2b1 Sanity check PVK file fields.
PVK files with abnormally large length or salt fields can cause an
integer overflow which can result in an OOB read and heap corruption.
However this is an rarely used format and private key files do not
normally come from untrusted sources the security implications not
significant.

Fix by limiting PVK length field to 100K and salt to 10K: these should be
more than enough to cover any files encountered in practice.

Issue reported by Guido Vranken.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 01:20:04 +00:00
FdaSilvaYY
0b2fc9286f GH773: Possible leak on CRYPTO_THREAD_lock_new failure
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-03 19:47:01 -05:00
Dmitry-Me
5e04cfdef3 GH769: Reuse strndup()
Reviewed-by: Matt Caswell <matt@openssl.org>
Signed-off-by: Rich Salz <rsalz@akamai.com>
2016-03-03 19:44:10 -05:00
Alessandro Ghedini
aacfb134be GH355: Implement HKDF
This patch implements the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) as defined in RFC 5869.

It is required to implement the QUIC and TLS 1.3 protocols (among others).

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-03 18:21:20 -05:00
Emilia Kasper
8185e649f8 Clean up curve25519 build
- Remove OPENSSL_X25519_X86_64 which never worked, because we don't have
  the assembly.
- Also remove OPENSSL_SMALL (which should have been
  OPENSSL_SMALL_FOOTPRINT) which isn't a priority at the moment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-03 16:53:19 +01:00
Dr. Stephen Henson
3e30fa0a6d Add KDF error codes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 21:30:56 +00:00
Dr. Stephen Henson
4e8cb45c09 Add string ctrl operations to TLS1 PRF, update documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:57:32 +00:00
Dr. Stephen Henson
cd8e4decf7 Use utility functions for HMAC and CMAC.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:57:32 +00:00
Dr. Stephen Henson
99119000ad EVP_PKEY_CTX utility functions.
Utility functions to pass a string or hex string to EVP_PKEY_CTX_ctrl().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:57:32 +00:00
Dr. Stephen Henson
e9b1c42f75 make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:48:12 +00:00
Dr. Stephen Henson
e2285d878d Handle KDF internally.
Handle KDF in ECDH_compute_key instead of requiring each implementation
support it. This modifies the compute_key method: now it allocates and
populates a buffer containing the shared secret.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:48:12 +00:00
Matt Caswell
ed49f43a03 Ensure Async is deinited properly
The global thread local keys were not being deinited properly in async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 17:23:42 +00:00
Matt Caswell
224905f8aa Convert ASYNC code to use new Thread API
The async code uses thread local variables. We should convert to using
the new Thread API for doing this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 17:23:42 +00:00
Emilia Kasper
fdfb8c8486 curve25519: add missing const-qualifier
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-02 17:23:36 +01:00
Richard Levitte
b756967d28 Make uplink auxiliary source separate from cpuid source
There are cases, for example when configuring no-asm, that the added
uplink source files got in the way of the cpuid ones.  The best way to
solve this is to separate the two.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 14:45:02 +01:00
Kurt Roeckx
dc22d6b37e Make k25519Precomp const
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

MR: #2184
2016-03-02 13:39:25 +01:00
Andy Polyakov
1ea8ae5090 poly1305/asm/poly1305-*.pl: flip horizontal add and reduction.
Formally only 32-bit AVX2 code path needs this, but I choose to
harmonize all vector code paths.

RT#4346
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-02 13:11:38 +01:00
David Benjamin
bdbd3aea59 Consistently use arm_arch.h constants in armcap assembly code.
Most of the assembly uses constants from arm_arch.h, but a few references to
ARMV7_NEON don't. Consistently use the macros everywhere.

Signed-off-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 12:57:28 +01:00
Dr. Stephen Henson
359aa38fbe remove old unused oneline name field
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 22:25:40 +00:00
Dr. Stephen Henson
83f0e802ab make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 22:04:25 +00:00
Dr. Stephen Henson
9ff9bccc41 Add default operations to EC_METHOD
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 22:04:25 +00:00
Dr. Stephen Henson
77470e989c Replace overrides.
Instead of overriding a default operation move default operation to a
separate function which is then explicitly included in any EC_METHOD
that uses it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 22:04:25 +00:00
Rob Percival
7d054e5ab2 CT policy validation
Specifies a callback that will, in the future, be used by the SSL code to
decide whether to abort a connection on Certificate Transparency grounds.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 20:03:25 +00:00
David Woodhouse
09977dd095 RT4347: Fix GCC unused-value warnings with HOST_c2l()
The HOST_c2l() macro assigns the value to the specified variable, but also
evaluates to the same value. Which we ignore, triggering a warning.

To fix this, just cast it to void like we did in commit 08e553644
("Fix some clang warnings.") for a bunch of other instances.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-01 12:10:18 -05:00
Rob Percival
0f97a12112 Move macros for reading/writing integers into ct_locl.h
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 11:59:28 -05:00
Rob Percival
0dfd6cf901 Addresses review comments from richsalz
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 11:59:28 -05:00
Rob Percival
e9fd74ac96 Fixes potential double free and memory leak in ct_b64.c
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 11:59:28 -05:00
Rob Percival
8c6afbc55c Verify SCT signatures
Tests included in future commit, which adds CT policy validation.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 11:59:28 -05:00
Andy Polyakov
317be63875 bn/asm/x86_64-mont5.pl: unify gather procedure in hardly used path
and reorganize/harmonize post-conditions.

Additional hardening following on from CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Andy Polyakov
8fc8f486f7 crypto/bn/x86_64-mont5.pl: constant-time gather procedure.
At the same time remove miniscule bias in final subtraction.
Performance penalty varies from platform to platform, and even with
key length. For rsa2048 sign it was observed to be 4% for Sandy
Bridge and 7% on Broadwell.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Andy Polyakov
d6d422e1ec bn/asm/rsaz-avx2.pl: constant-time gather procedure.
Performance penalty is 2%.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Andy Polyakov
5ea08bd2fe bn/asm/rsax-x86_64.pl: constant-time gather procedure.
Performance penalty is 2% on Linux and 5% on Windows.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Andy Polyakov
d6482a82bc bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.
Performance penalty varies from platform to platform, and even
key length. For rsa2048 sign it was observed to reach almost 10%.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 13:34:22 +00:00
Dmitry-Me
edae9834b6 GH762: Reuse strdup()
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-29 17:33:44 -05:00
Matt Caswell
99ba9fd02f Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption
In the BN_hex2bn function the number of hex digits is calculated using
an int value |i|. Later |bn_expand| is called with a value of |i * 4|.
For large values of |i| this can result in |bn_expand| not allocating any
memory because |i * 4| is negative. This leaves ret->d as NULL leading
to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this
case memory is allocated to ret->d, but it is insufficiently sized
leading to heap corruption. A similar issue exists in BN_dec2bn.

This could have security consequences if BN_hex2bn/BN_dec2bn is ever
called by user applications with very large untrusted hex/dec data. This is
anticipated to be a rare occurrence.

All OpenSSL internal usage of this function uses data that is not expected
to be untrusted, e.g. config file data or application command line
arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be a rare.

Issue reported by Guido Vranken.

CVE-2016-0797

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-29 16:32:18 +00:00
Dr. Stephen Henson
15e58273da remove unused variables
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-29 15:13:31 +00:00
Matt Caswell
83856523c1 Clarify ASYNC_WAIT_CTX_clear_fd() docs
Clarify that the "cleanup" routing does not get called if you invoke
ASYNC_WAIT_CTX_clear_fd() directly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-29 12:58:44 +00:00
Matt Caswell
ff75a25749 Refactor the async wait fd logic
Implementation experience has shown that the original plan for async wait
fds was too simplistic. Originally the async logic created a pipe internally
and user/engine code could then get access to it via API calls. It is more
flexible if the engine is able to create its own fd and provide it to the
async code.

Another issue is that there can be a lot of churn in the fd value within
the context of (say) a single SSL connection leading to continually adding
and removing fds from (say) epoll. It is better if we can provide some
stability of the fd value across a whole SSL connection. This is
problematic because an engine has no concept of an SSL connection.

This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a
proxy for an SSL connection down at the engine layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-29 12:58:44 +00:00
Dr. Stephen Henson
5697291f2d Remove unused code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
0780daa030 Change BORINGSSL defines to OPENSSL
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
244e5f5de6 Initial adaptations for Curve25519 code.
Fix "mixed declarations and code" warnings.
Use OpenSSL headers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Emilia Kasper
df3bde6791 Place under OpenSSL license.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
a90def6b53 Add X25519 code from BoringSSL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
1db3107ada TLS support for X25519
Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
af4f2ad9dd Add X25519 curve to list
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
4b0555ec9d Add no signing flag.
Add a flag to EC_METHOD for curves which do not support signing.
New function EC_KEY_can_sign() returns 1 is key can be used for signing.
Return an explicit error is an attempt is made to sign with
no signing curves.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
8dcfdbf510 Add new EC_METHOD for X25519.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
e5b2ea0ac3 Add group_order_bits to EC_METHOD.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
3e8ee4753c Add custom_data field for EC_POINT, EC_KEY.
In some cases the EC_POINT and EC_KEY BIGNUM components are suboptimal
or inappropriate. Add an "custom_data" field which curves can populate with
a custom structure to suit their needs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
6ea04154dc Extract compression form in EC_KEY_oct2key().
Extract compression form in EC_KEY_oct2key() instead of manually in the
ASN.1 code. For custom curves do not assume the initial octet is the
compression form: it isn't for X25519 et al.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
6903e2e7e9 Extended EC_METHOD customisation support.
Add support for optional overrides of various private key operations
in EC_METHOD.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
474d84ec81 EC_METHOD customisation operations.
Extend EC_METHOD to permit additional customisation of private key and
ECDH operations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
899cf48f17 Rename OIDs.
Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they
wont be used and EdDSA may use a different format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
FdaSilvaYY
17fa4e8eda GH715: Missed some null-check-removals. follow commits 412bafdcf5, and 7c96dbcdab
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-28 17:40:08 -05:00
Rich Salz
412bafdcf5 GH715: Missed some null-check-removals.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-28 09:41:23 -05:00
Andy Polyakov
d3cdab1736 modes/asm/ghash-x86_64.pl: refine GNU assembler version detection.
Even though AVX support was added in GAS 2.19 vpclmulqdq was apparently
added in 2.20.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-27 21:14:18 +01:00
Andy Polyakov
f218822871 chacha/asm/chacha-*.pl: fix typos in tail processing.
RT#4323

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-27 21:09:02 +01:00
FdaSilvaYY
b6453a68bb GH753: More spelling fix
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-27 10:58:16 -05:00
Rob Percival
2882e96a5f Fix for potential deferencing of null pointer in o2i_SCT_signature
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 14:57:29 -05:00
Rob Percival
0cea8832df Public API for Certificate Transparency
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 14:57:29 -05:00
Rich Salz
afcee950b4 Revert "EC_KEY_priv2buf (): check parameter sanity"
This reverts commit acae59bb29.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-26 14:51:25 -05:00
Matt Caswell
b6e785842a Fix master compile error
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 16:50:59 +00:00
Dmitry-Me
d3c02d844a GH680: Reuse strnlen() in strndup()
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-26 11:26:56 -05:00
J Mohan Rao Arisankala
acae59bb29 EC_KEY_priv2buf (): check parameter sanity
In EC_KEY_priv2buf(), check for pbuf sanity.
If invoked with NULL, gracefully returns the key length.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-26 11:18:18 -05:00
J Mohan Rao Arisankala
219f3ca61c check with NULL
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 11:16:33 -05:00
J Mohan Rao Arisankala
4f25aecd75 explicit check for NULL
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 11:16:33 -05:00
J Mohan Rao Arisankala
2c91b3f5bf Check method before access and release ctx in error paths
- In error paths, EVP_MD_CTX allocated by the callee is not released.
- Checking method before accessing

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 11:16:33 -05:00
David Woodhouse
2d51c28ff7 RT4335: Fix UEFI build of OBJ_NAME_new_index()
We are using strcmp() as the cmp_func, where in the EDK2 environment
strcmp actually ends up being the external AsciiStrCmp() function —
an EFI library function defined with the Microsoft ABI.

This means that we can't just assign function pointers to it, since
in GCC-hosted builds the ABI of any function *not* explicitly marked
EFIAPI is the native SysV ABI.

Arguably this stupidity ought to be resolved on the UEFI side, but in
the general case that would mean that we need to provide ABI-compatible
wrappers for *all* the "standard" functions, just in case they're used
like this.

And in fact we already have a workaround here for DEC C. So instead of
playing games with casting function pointers, it's nicer just to use a
simple function to wrap the strcmp() call. That cleans up the DEC C
workaround, *and* it works around the UEFI bogosity at the same time.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-26 11:03:28 -05:00
Alessandro Ghedini
71a04cfca0 Implement new multi-threading API
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-26 10:00:36 +00:00
Matt Caswell
9cb177301f Fix memory issues in BIO_*printf functions
The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.

Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.

These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.

These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.

Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.

CVE-2016-0799

Issue reported by Guido Vranken.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 22:45:58 +00:00
Rich Salz
7c96dbcdab GH715: ENGINE_finish can take NULL
Simplifies calling code.  Also fixed up any !ptr tests that were
nearby, turning them into NULL tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-25 15:19:42 -05:00
Rich Salz
07b3ce8f80 Fix unified build after CT reorg
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-25 14:19:57 -05:00
Adam Eijdenberg
5ad29c5408 Add more CT utility routines to be used as part of larger patch.
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-25 13:59:11 -05:00
Rich Salz
6a99fde46b Build fix: remove cleanse_ctr
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 10:19:50 -05:00
Rich Salz
104ce8a9f0 RT4116: Change cleanse to just memset
See also the discussion in https://github.com/openssl/openssl/pull/455

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 10:04:00 -05:00
Emilia Kasper
380f18ed5f CVE-2016-0798: avoid memory leak in SRP
The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.

Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.

Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.

In Apache, the seed directive is known as SSLSRPUnknownUserSeed.

To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.

Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-25 15:42:48 +01:00
Flavio Medeiros
b5292f7b40 GH480: Don't break statements with CPP stuff.
This is also RT 4137

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-24 16:11:39 -05:00
Andy Polyakov
143ee099e9 ec/asm/ecp_nistz256-*.pl: get corner case logic right.
RT#4284

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-23 21:22:30 +01:00
Andy Polyakov
d93753412b ec/asm/ecp_nistz256-x86_64.pl: get corner case logic right.
RT#4284

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-23 21:22:01 +01:00
Andy Polyakov
1457731221 poly1305/asm/poly1305-armv4.pl: replace ambiguous instruction.
Different assembler versions disagree on how to interpret #-1 as
argument to vmov.i64, as 0xffffffffffffffff or 0x00000000ffffffff.
So replace it with something they can't disagree on.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-23 21:14:25 +01:00
David Woodhouse
78c830785c RT4339: Fix handling of <internal/bn_conf.h>
The entire contents of <internal/bn_conf.h> are unwanted in the UEFI
build because we have to do it differently there. To support building
for both 32-bit and 64-bit platforms without re-running the OpenSSL
Configure script, the EDK2 environment defines THIRTY_TWO_BIT or
SIXTY_FOUR_BIT for itself according to the target platform.

The current setup is broken, though. It checks for OPENSSL_SYS_UEFI but
before it's actually defined, since opensslconf.h hasn't yet been
included.

Let's fix that by including opensslconf.h. And also let's move the
bn_conf.h doesn't even need to *exist* in the UEFI build environment.

This is also GH PR736.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-23 13:18:23 -05:00
Rich Salz
6b2ebe4332 Add PKCS7_NO_DUAL_CONTENT flag
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-23 08:42:03 -05:00
Rich Salz
a773b52a61 Remove unused parameters from internal functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 13:39:44 -05:00
FdaSilvaYY
a2d0baa2d9 GH678: Add a few more zalloc
Remove some duplicated NULL/zero init.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-22 12:13:37 -05:00
Rich Salz
985c314696 RT4320/GH705: Fix PEM parsing bug.
Also removing confusing pointer-alias variable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 11:27:02 -05:00
Richard Levitte
45502bfe19 Always build library object files with shared library cflags
This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Richard Levitte
011b967508 Make crypto/buildinf.h depend on configdata.pm rather than Makefile
Depending on Makefile meant that a new attempt to rebuild the Makefile
with "new" dependency data was done all the time, uncontrolled.  Better
to depend on configdata.pm, which truly only changes with reconfiguration.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-20 16:50:20 +01:00
Dr. Stephen Henson
dfb10af92e Remove DSA negative integer workaround code.
Remove DSA private key code which tolerates broken implementations which
use negative integers.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-19 18:54:50 +00:00
Dr. Stephen Henson
ab4a81f69e Remove broken DSA private key workarounds.
Remove old code that handled various invalid DSA formats in ancient
software.

This also fixes a double free bug when parsing malformed DSA private keys.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

CVE-2016-0705

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-19 18:54:50 +00:00
Emilia Kasper
f0496ad71f getaddrinfo: zero the hints structure
This silences the memory sanitizer. All fields were already correctly
initialized but the struct padding wasn't, causing an uninitialized read
warning.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-19 16:44:28 +01:00
Richard Levitte
9ee0ed3de6 Big rename fest of engine DSO names, from libFOO.so to FOO.so
The engine DSOs were named as if they were shared libraries, and could
end up having all sorts of fancy names:

  Cygwin: cygFOO.dll
  Mingw:  FOOeay32.dll
  Unix:   libFOO.so / libFOO.sl / libFOO.dylib / ...

This may be confusing, since they look like libraries one should link
with at link time, when they're just DSOs.

It's therefore time to rename them, and do it consistently on all
platforms:

  Cygwin & Mingw: FOO.dll
  Unix:           FOO.{so,sl,dylib,...}

Interestingly enough, the MSVC and VMS builds always did it this way.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:52:15 +01:00
Richard Levitte
e987f9f271 Let Configure figure out the diverse shared library and DSO extensions
Then it can pass around the information where it belongs.  The
Makefile templates pick it up along with other target data, the
DSO module gets to pick up the information through
crypto/include/internal/dso_conf.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:51:23 +01:00
Richard Levitte
3a55c92bba Rethink the uplink / applink story
Adding uplink and applink to some builds was done by "magic", the
configuration for "mingw" only had a macro definition, the Configure
would react to its presence by adding the uplink source files to
cpuid_asm_src, and crypto/build.info inherited dance to get it
compiled, and Makefile.shared made sure applink.o would be
appropriately linked in.  That was a lot under the hood.

To replace this, we create a few template configurations in
Configurations/00-base-templates.conf, inherit one of them in the
"mingw" configuration, the rest is just about refering to the
$target{apps_aux_src} / $target{apps_obj} in the right places.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:06:54 +01:00
Richard Levitte
ce192ebed0 Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:43:09 +01:00
Rich Salz
d63a5e5e7d Remove outdated DEBUG flags.
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:14:50 -05:00
Matt Caswell
6bc7bad011 Fix windows thread stop code
The windows thread stop code was erroneously not just deleting the thread
local variable on thread stop, but also deleting the thread local *key*
(thus removing thread local data for *all* threads in one go!).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 15:27:16 +00:00
Roumen Petrov
4015adf0a3 Fix OPENSSL_config with NULL parameter
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 10:25:23 -05:00
Dr. Stephen Henson
f6fb7f1856 typo
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 13:59:18 +00:00
Rich Salz
e4ef2e25f1 Remove "experimental" in code and comments, too.
Thanks to Viktor for additional review.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-17 21:12:30 -05:00
Richard Levitte
4418e0302f In the unified scheme, there is no $(TOP), use $(SRCDIR) instead
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 00:38:26 +01:00
David Woodhouse
3ba84717a0 Finish 02f7114a7f
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 17:04:47 -05:00
Rich Salz
1288f26fb9 RT4310: Fix varous no-XXX builds
When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing.
This prevents md_rand.c from failing to build. Probably better to do it
this way than to wrap every instance in an explicit #ifdef.

A bunch of new socket code got added to a new file crypto/bio/b_addr.c.
Make it all go away if OPENSSL_NO_SOCK is defined.

Allow configuration with no-ripemd, no-ts, no-ui
We use these for the UEFI build.

Also remove the 'Really???' comment from no-err and no-locking. We use
those too.

We need to drop the crypto/engine directory from the build too, and also
set OPENSSL_NO_ENGINE

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 13:33:51 -05:00
David Woodhouse
c7b7938e75 RT4315: Fix UEFI build in crypto/init.c
We don't have atexit() in the EDK2 environment. Firmware never exits.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 10:07:30 -05:00
Rich Salz
dba3177745 Remove JPAKE
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-17 09:46:10 -05:00
David Woodhouse
6a78ae2821 RT4313: Fix build for !IMPLEMENTED code path in CRYPTO_secure_free()
Commit 05c7b1631 ("Implement the use of heap manipulator implementions")
added 'file' and 'line' arguments to CRYPTO_free() and friends, but neglected
to fix up the !IMPLEMENTED case within CRYPTO_secure_free(). Add the missing
arguments there too.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 09:16:01 -05:00
Dmitry-Me
9eaa5f9a32 Fix mismatched curly brace
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-17 11:06:47 +01:00
Richard Levitte
05c7b1631b Implement the use of heap manipulator implementions
- Make use of the functions given through CRYPTO_set_mem_functions().
- CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_secure_free() now receive
  __FILE__ and __LINE__.
- The API for CRYPTO_set_mem_functions() and CRYPTO_get_mem_functions()
  is slightly changed, the implementation for free() now takes a couple
  of extra arguments, taking __FILE__ and __LINE__.
- The CRYPTO_ memory functions will *always* receive __FILE__ and __LINE__
  from the corresponding OPENSSL_ macros, regardless of if crypto-mdebug
  has been enabled or not.  The reason is that if someone swaps out the
  malloc(), realloc() and free() implementations, we can't know if they
  will use them or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17 10:12:49 +01:00
Viktor Szakats
e159fd1543 md_rand: FAQ URL to use https and follow a redirect
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 16:51:13 -05:00
Richard Levitte
29620124ff On solaris, the variable name sun clashes, use s_un instead
For orthogonality, we change sin -> s_in and sin6 -> s_in6 as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 17:16:32 +01:00
Rich Salz
d9d8e7a9c1 Make the BIO_ADDR param optional.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-14 17:36:10 -05:00
Viktor Dukhovni
31305cdf9f Fixes to make no-deprecated work again
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-14 16:16:08 -05:00
Andy Polyakov
622a531c18 chacha/asm/chacha*: ensure that zero length is handled (without crash).
RT#4305

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-14 21:22:42 +01:00
Andy Polyakov
29880e9710 chacha/asm/chacha-x86[_64].pl: fix typos and logical errors.
Thanks to: David Benjamin of Chromuim.

RT#4305

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-14 21:03:10 +01:00
Richard Levitte
ef8ca6bd54 Make the use of mdebug backtrace a separate option
To force it on anyone using --strict-warnings was the wrong move, as
this is an option best left to those who know what they're doing.

Use with care!

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-14 17:22:42 +01:00
Richard Levitte
dda71111b8 Declare DllMain internally
DllMain is a symbol that needs to be global, but no one needs to know.
However, some compilers will warn if there isn't a declaration before
the function is defined.  Just add a declaration before the function
definition.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-14 14:13:53 +01:00
Richard Levitte
59d9bb591c Make sure a socklen_t can compare with a sizeof() result
Most of the times, it seems that socklen_t is unsigned.
Unfortunately, this isn't always the case, and it doesn't compare with
a size_t without warning.

A cast resolves the issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-14 11:16:37 +01:00
Andy Polyakov
c8d1c9b067 crypto/poly1305: add floating-point reference implementation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-13 21:59:02 +01:00
Richard Levitte
de72be2e57 Pass $(CC) to perlasm scripts via the environment
It seems that on some platforms, the perlasm scripts call the C
compiler for certain checks.  These scripts need the environment
variable CC to have the C compiler command.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-13 19:21:36 +01:00
Andy Polyakov
b3214008e4 Configurations: engage PPC ChaCha20 and Poly1305 modules.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 17:22:20 +01:00
Andy Polyakov
9e58d1192d PPC assembly pack: add ChaCha20 and Poly1305 modules.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 17:21:47 +01:00
Viktor Szakats
1b3cddff2b async_win.c: remove unused variable
Silencing this:
    crypto/async/arch/async_win.c: In function 'async_fibre_init_dispatcher':
    crypto/async/arch/async_win.c:112:12: warning: unused variable 'dispatcher' [-Wunused-variable]
         LPVOID dispatcher;
                ^

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 09:36:59 -05:00
Dmitry-Me
33a6d5a0e5 GH643: Cleanup header analysis
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-13 08:21:09 -05:00
Andy Polyakov
f4e175e4af C64x+ assembly pack: add ChaCha20 and Poly1305 modules.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 12:34:29 +01:00
Andy Polyakov
1fdcef75b0 ARM assembly pack: add ChaCha20 and Poly1305 modules.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 12:07:45 +01:00
Rob Percival
e634b448c3 Defines OSSL_SSIZE_MAX
Removes SSIZE_MAX definition from bss_bio.c and changes that file to use
OSSL_SSIZE_MAX.

No need to account for OPENSSL_SYS_VXWORKS, since that never actually
gets defined anywhere. It must be a historical artifact.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-13 10:22:54 +00:00
Viktor Dukhovni
ce3d25d3e5 Fix some issues near recent chomp changes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 02:54:48 -05:00
Andy Polyakov
7687f52550 evp/e_des[3].c: address compiler warnings, fix formatting.
RT#4210

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-12 22:09:04 +01:00
Andy Polyakov
5e4bbeb49f modes/ctr128.c: pay attention to ecount_buf alignment in CRYPTO_ctr128_encrypt.
It's never problem if CRYPTO_ctr128_encrypt is called from EVP, because
buffer in question is always aligned within EVP_CIPHER_CTX structure.

RT#4218

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-12 21:57:43 +01:00
Richard Levitte
3c65577f1a Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefix
INSTALL_PREFIX is a confusing name, as there's also --prefix.
Instead, tag along with the rest of the open source world and adopt
the Makefile variable DESTDIR to designate the desired staging
directory.

The Configure option --install_prefix is removed, the only way to
designate a staging directory is with the Makefile variable (this is
also implemented for VMS' descrip.mms et al).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-12 21:54:07 +01:00
Andy Polyakov
577583519b ec/asm/ecp_nistz256-armv8.pl: fix test_ssl spurious errors.
RT#4237

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-12 21:41:21 +01:00
Richard Levitte
6faffd0ad2 Better workaround for VMS getnameinfo() bug
The actual bug with current getnameinfo() on VMS is not that it puts
gibberish in the service buffer, but that it doesn't touch it at all.
The gibberish we dealt with before was simply stuff that happened to
be on the stack.

It's better to initialise the service buffer properly (with the empty
string) and check if it's still an empty string after the
getnameinfo() call, and fill it with the direct numerical translation
of the raw port if that's the case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-12 19:50:46 +01:00
Dr. Stephen Henson
b3ca51559b Typo: only return error if unrecognise bag type.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-11 23:27:30 +00:00
Richard Levitte
9ba96fbb25 Perl's chop / chomp considered bad, use a regexp instead
Once upon a time, there was chop, which somply chopped off the last
character of $_ or a given variable, and it was used to take off the
EOL character (\n) of strings.

... but then, you had to check for the presence of such character.

So came chomp, the better chop which checks for \n before chopping it
off.  And this worked well, as long as Perl made internally sure that
all EOLs were converted to \n.

These days, though, there seems to be a mixture of perls, so lines
from files in the "wrong" environment might have \r\n as EOL, or just
\r (Mac OS, unless I'm misinformed).

So it's time we went for the more generic variant and use s|\R$||, the
better chomp which recognises all kinds of known EOLs and chops them
off.

A few chops were left alone, as they are use as surgical tools to
remove one last slash or one last comma.

NOTE: \R came with perl 5.10.0.  It means that from now on, our
scripts will fail with any older version.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 22:11:48 +01:00
Andy Polyakov
fd7dc201d3 perlasm/x86_64-xlate.pl: pass pure constants verbatim.
RT#3885

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 21:07:44 +01:00
Andy Polyakov
4ef29667ab poly1305/asm/poly1305-x86_64.pl: MacOS X portability fix.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-11 20:47:33 +01:00
Andy Polyakov
a85dbf115c poly1305/asm/poly1305-x86_64.pl: fix mingw64 build.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-11 20:47:01 +01:00
Rich Salz
f3f1cf8444 Move to REF_DEBUG, for consistency.
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:40:32 -05:00
Rich Salz
84c15091ec Fix GH 327.
Valgrind complains about using unitialized memory.  So call
OPENSSL_zalloc, not malloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:13:18 -05:00
Rich Salz
27f172d9a3 GH620: second diff from rt-2275, adds error code
clean up and apply patches from RT-2275

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 09:33:51 -05:00
Rich Salz
143e5e50f2 Check malloc
Noticed by Claus Assmann <ca+ssl-dev@esmtp.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 09:21:35 -05:00
Rich Salz
3577398360 Missing header include.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 08:47:57 -05:00
Rich Salz
7253fd550c Hide OPENSSL_INIT_SETTINGS.
Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 08:43:46 -05:00
Richard Levitte
5caef3b502 Add inclusion directory crypto/include for BN compilations
Some files in crypto/bn depend on internal/bn_conf.h, and so does
test/bntest.  Therefore, we add another inclusion directory.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 14:39:57 +01:00
Richard Levitte
c72fb77ff2 Rework BIO_ADDRINFO_protocol() to return correct values
As noted already, some platforms don't fill in ai_protocol as
expected.  To circumvent that, we have BIO_ADDRINFO_protocol() to
compute a sensible answer in that case.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-11 14:13:01 +01:00
Dr. Stephen Henson
b1a99374ae use consistent error messages
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 00:59:48 +00:00
Dr. Stephen Henson
2ab7af7b08 Print out bad content octets.
If asn1parse doesn't like a structure print out the content octets
for diagnostic purposes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 00:59:48 +00:00
Richard Levitte
e3e6a72ec8 After auto init, check that the deprecated functions exist before using
The functions that have been deprecated by the auto init changes are
now guarded with deprecation checks, so it's fairly easy to see if
they can be used.

In test/dtlsv1listentest, we simply remove all init and cleanup code,
as they are call automatically when needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 23:56:50 +01:00
Rich Salz
a4625290c3 After renaming init, update errors.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 15:52:32 -05:00
Rich Salz
330fad61af BIO_PAIR_DEBUG did nothing; remove it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10 15:28:18 -05:00
Dmitry-Me
cc9c568946 Ensure allocation size fits into size_t
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #630
2016-02-10 20:13:26 +01:00
Richard Levitte
076e596ffb Quote the CFLAG in Unixly Makefiles, for buildinf.h
Because the command line definitions of OPENSSLDIR and ENGINESDIR
contain quotes, we need a variant of CFLAG where backslashes and
quotes are escaped when we produce buildinf.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 19:36:48 +01:00
Richard Levitte
e09621ff57 Make it possible to get ENGINESDIR info from OpenSSL_versions
Have apps/openssl display the result along with OPENSSLDIR

As part of this, add ENGINESDIR in util/mk1mf.pl

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 19:36:48 +01:00
Matt Caswell
302f75887e Attempt to log an error if init failed
If init failed we'd like to set an error code to indicate that. But if
init failed then when the error system tries to load its strings its going
to fail again. We could get into an infinite loop. Therefore we just set
a single error the first time around. After that no error is set.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Matt Caswell
0fc32b0718 The new init functions can now fail so shouldn't be void
The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return value.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Matt Caswell
8bd8221be8 Variable was declared static when it shouldn't be
The local variable tmp was declared static when it shouldn't be. This
is in the no-threads implementation, and it was immediately initialised
to something else on every invokation of the function so it doesn't break
anything...but still shouldn't be there.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-10 17:37:11 +00:00
Viktor Dukhovni
d33def6624 Deprecate the -issuer_checks debugging option
This was a developer debugging feature and was never a useful public
interface.

Added all missing X509 error codes to the verify(1) manpage, but
many still need a description beyond the associated text string.

Sorted the errors in x509_txt.c by error number.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-10 12:34:06 -05:00
Rich Salz
f69e29e2c2 Update unified build after store removal
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-10 10:42:08 -05:00
Rich Salz
f672aee494 Rename INIT funtions, deprecate old ones.
Man, there were a lot of renamings :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10 09:37:03 -05:00
Rich Salz
ea7736a093 No dynamic-init fix; merge goof.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 08:45:22 -05:00
Richard Levitte
0f53f939a1 clean away old VMS cruft
The old building scripts get removed, they are hopelessly gone in bit
rot by now.

Also remove the old symbol hacks.  They were needed needed to shorten
some names to 31 characters, and to resolve other symbol clashes.
Because we now compile with /NAMES=(AS_IS,SHORTENED), this is no
longer required.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:32 +01:00
Richard Levitte
e84193e43d unified build scheme: add a "unified" template for VMS descrip.mms
As part of this, change util/mkdef.pl to stop adding libraries to
depend on in its output.  mkdef.pl should ONLY output a symbol
vector.

Because symbol names can't be longer than 31 characters, we use the
compiler to shorten those that are longer down to 23 characters plus
an 8 character CRC.  To make sure users of our header files will pick
up on that automatically, add the DEC C supported extra headers files
__decc_include_prologue.h and __decc_include_epilogue.h.

Furthermore, we add a config.com, so VMS people can configure just as
comfortably as any Unix folks, thusly:

    @config

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:32 +01:00
Richard Levitte
567a9e6fe0 unified build scheme: add a "unified" template for Unix Makefile
This also adds all the raw sections needed for some files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:04 +01:00
Richard Levitte
5482dac9f4 Configure et al: move the installation directory logic to Makefiles
The logic to figure out the combinations of --prefix and --openssldir
has stayed in Configure so far, with Unix paths as defaults.

However, since we're making Configure increasingly platform agnostic,
these defaults need to change and adapt to the platform, along with
the logic to combine them.

The easiest to provide for this is to move the logic and the defaults
away from Configure and into the build files.

This also means that the definition of the macros ENGINESDIR and
OPENSSLDIR move away from include/openssl/opensslconf.h and into the
build files.

Makefile.in is adapted accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:34:06 +01:00
Rich Salz
dd27f16e9a Can't re-init after stop.
Remoce DYANMIC once-init stuff.
After the library is stopped, you can't restart it.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 08:27:06 -05:00
Rich Salz
7984f082d5 Remove store.
Rebased and merged by me, with Ben's approval.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-10 07:56:26 -05:00
Matt Caswell
deca5df2fb If we've not been inited don't deinit
If you call an explicit deinit when we've not been inited then a seg
fault can occur. We should check that we've been inited before attempting
to deinit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 12:03:07 +00:00
Andy Polyakov
b44a964175 chacha/asm/chacha-x86.pl: fix nasm compilation.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 11:29:12 +01:00
Andy Polyakov
e87c056745 poly1305/poly1305.c: work around -Wshadow warnings with POLY1305_ASM.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 10:31:18 +01:00