Commit graph

20866 commits

Author SHA1 Message Date
Dr. Stephen Henson
3f8b368a27 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4503)
2017-10-12 00:03:32 +01:00
Dr. Stephen Henson
d19b01ad79 Add EVP_PKEY_set1_engine() function.
Add an ENGINE to EVP_PKEY structure which can be used for cryptographic
operations: this will typically be used by an HSM key to redirect calls
to a custom EVP_PKEY_METHOD.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4503)
2017-10-12 00:03:32 +01:00
Dr. Stephen Henson
918a27facd Fix memory leak on lookup failure
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4503)
2017-10-12 00:03:32 +01:00
Dr. Stephen Henson
c2976edf4b Don't ignore passed ENGINE.
If we are passed an ENGINE to use in int_ctx_new e.g. via EVP_PKEY_CTX_new()
use it instead of the default.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4503)
2017-10-12 00:03:32 +01:00
Matt Caswell
e913d11f44 Ensure we test all parameters for BN_FLG_CONSTTIME
RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls
BN_mod_exp() as follows:

BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)

ret->mod will have BN_FLG_CONSTTIME set, but ret->e does not. In
BN_mod_exp() we only test the third param for the existence of this flag.
We should test all the inputs.

Thanks to Samuel Weiser (samuel.weiser@iaik.tugraz.at) for reporting this
issue.

This typically only happens once at key load, so this is unlikely to be
exploitable in any real scenario.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4477)
2017-10-11 15:55:43 +01:00
Matt Caswell
be9b311b01 Remove an unused file
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4468)
2017-10-11 15:32:23 +01:00
Benjamin Kaduk
165cc51f4e Appease -Werror=maybe-uninitialized
test/bad_dtls_test.c: In function 'validate_client_hello':
test/bad_dtls_test.c:128:33: error: 'u' may be used uninitialized in this function [-Werror=maybe-uninitialized]
     if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_HANDSHAKE)
                                 ^
Apparently -O1 does not perform sufficient optimization to ascertain
that PACKET_get_1 will always initialize u if it returns true.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4518)
2017-10-11 08:27:07 -05:00
Benjamin Kaduk
f9df0a7775 Move supportedgroup ext-block fields out of NO_EC
Now that we are moving to support named FFDH groups, these fields are not
ec-specific, so we need them to always be available.

This fixes the no-ec --strict-warnings build, since gcc
5.4.0-6ubuntu1~16.04.4 appears to always try to compile the static inline
functions from ssl_locl.h, even when they are not used in the current
compilation unit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4518)
2017-10-11 08:25:40 -05:00
Pauli
f49452c297 Return a value from atomic read on Windows.
Use a read lock when reading using pthreads.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4517)
2017-10-11 09:47:54 +10:00
Keshav Kini
19f05ebc3f Fix typos
CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4513)
2017-10-10 12:06:01 -07:00
Andy Polyakov
32f3b98d13 crypto/x509v3/v3_utl.c, ssl/ssl_cert.c: fix Coverity problems.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4492)
2017-10-10 20:00:35 +02:00
Patrick Steuer
65e6b9a423 apps/speed.c: add 'rand' algo to enable DRBG performance measurements.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4481)
2017-10-10 09:24:52 -04:00
Tatsuhiro Tsujikawa
751b26b132 Don't change client random in Client Hello in its second flight
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4490)
2017-10-10 09:51:53 +01:00
Pauli
30ff41beab Add atomic write call
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4414)
2017-10-10 08:45:53 +10:00
Pauli
94683b7acb Add a CRYPTO_atomic_read call which allows an int variable to be read
in an atomic fashion.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4414)
2017-10-10 08:45:52 +10:00
Patrick Steuer
338ead0ff9 EVP_EncryptInit.pod: EVP_CIPHER_mode and EVP_CIPHER_CTX_mode update
Mention CTR, GCM, CCM, OCB, WRAP and XTS modes.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4498)
2017-10-10 07:57:59 +10:00
Patrick Steuer
fe4f66d262 apps/speed.c: fix ccm performance measurements.
CCM does not support streaming: An additional call to (EVP_...)Update must
precede each call to Update to pass the total message length. The generic
Update_loop calls Update one time such that in case of CCM only the total
message length is passed. No encryption/decryption measured.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4480)
2017-10-10 07:56:07 +10:00
EasySec
d5961b22fb set_hex() behaviour change
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4488)
2017-10-10 07:53:21 +10:00
Richard Levitte
d2068e34d1 Reduce the things we ignore in test/
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4507)
2017-10-09 17:58:50 +02:00
Richard Levitte
41f571e10c Use the possibility to have test results in a different directory
RESULT_D can be used to provide a separate directory for test results.
Let's use that to separate them from other files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4507)
2017-10-09 17:57:13 +02:00
Richard Levitte
9b9a8a712d Fix util/perl/OpenSSL/Test.pm input variable overwrite
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4507)
2017-10-09 17:56:17 +02:00
Richard Levitte
0ed78e7800 Fix util/find-doc-nits to correctly parse function signature typedefs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4499)
2017-10-09 14:31:59 +02:00
Richard Levitte
5bf6d41803 Correct some typedef documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4499)
2017-10-09 14:31:59 +02:00
KaoruToda
208fb891e3 Since return is inconsistent, I removed unnecessary parentheses and
unified them.
- return (0); -> return 0;
- return (1); -> return 1;
- return (-1); -> return -1;

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4500)
2017-10-09 13:17:09 +01:00
Pauli
2e8b5d75af Document that lhash isn't thread safe under any circumstances and
indicate the level of locking required for various operations.

Remove the lock and atomics from the lhash code.  These we're not complete
or adequate.

Refer to #4418 and #4427 for details.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4429)
2017-10-09 07:50:18 +10:00
Rich Salz
24b0be11b0 Fix doc for i2d/d2i private/public key
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4491)
2017-10-08 12:29:18 -04:00
Rich Salz
32cd473392 Anchor the regexp match
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4483)
2017-10-07 14:59:18 -04:00
Rich Salz
fa4dd546c5 Rewrite some code
Rewrite the -req-nodes flag from CA.pl (idea from Andy)
Rewrite ERR_string_error_n

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4478)
2017-10-07 11:26:35 -04:00
Dr. Stephen Henson
6447e8184c Merge tls1_check_curve into tls1_check_group_id
The function tls_check_curve is only called on clients and contains
almost identical functionaity to tls1_check_group_id when called from
a client. Merge the two.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4475)
2017-10-06 19:09:51 +01:00
Dr. Stephen Henson
f48d826e33 Change curves to groups where relevant
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4475)
2017-10-06 13:23:45 +01:00
Dr. Stephen Henson
ff6d20a67b Use separate functions for supported and peer groups lists
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4475)
2017-10-06 13:23:45 +01:00
Richard Levitte
f0b843c1f4 doc/man1/openssl.pod: Add missing commands and links
Fixes #4471 and more

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4472)
2017-10-06 10:44:35 +02:00
Andrew Siplas
36cf10cf9f Fixes #4459 "issuserAltName" documentation typo.
See crypto/objects/objects.txt:767 -- field is "issuerAltName"
CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4460)
2017-10-05 21:30:59 +02:00
Andy Polyakov
fbb7b33b28 stack/stack.c: various cleanups.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4455)
2017-10-05 21:23:23 +02:00
Matt Caswell
c8b749c37b Remove some commented out code
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4462)
2017-10-05 10:13:25 +01:00
Matt Caswell
786b4df402 Remove an incorrect comment
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4456)
2017-10-04 15:56:56 +01:00
Richard Levitte
dc6a62d5d5 Configurations/windows-makefile.tmpl: canonicalise configured paths
This avoids issues that can come with an ending backslash, among other.

Fixes #4458

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4461)
2017-10-04 15:20:04 +02:00
Todd Short
a84e5c9aa8 Session resume broken switching contexts
When an SSL's context is swtiched from a ticket-enabled context to
a ticket-disabled context in the servername callback, no session-id
is generated, so the session can't be resumed.

If a servername callback changes the SSL_OP_NO_TICKET option, check
to see if it's changed to disable, and whether a session ticket is
expected (i.e. the client indicated ticket support and the SSL had
tickets enabled at the time), and whether we already have a previous
session (i.e. s->hit is set).

In this case, clear the ticket-expected flag, remove any ticket data
and generate a session-id in the session.

If the SSL hit (resumed) and switched to a ticket-disabled context,
assume that the resumption was via session-id, and don't bother to
update the session.

Before this fix, the updated unit-tests in 06-sni-ticket.conf would
fail test #4 (server1 = SNI, server2 = no SNI).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1529)
2017-10-04 10:21:08 +10:00
FdaSilvaYY
270a4bba49 Use more pre-allocation
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4379)
2017-10-03 12:52:19 +02:00
FdaSilvaYY
8e8e507ed7 Postpone allocation of STACK internal storage ... until a first push(),
insert() or an explicit call to OPENSSL_sk_reserve

Factorise STACK item deletion code

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4379)
2017-10-03 12:50:06 +02:00
Adam Langley
2dbfa8444b nistp521: add a comment to the P+P exceptional case in point_add.
This change adds a comment to the exceptional case in point_add that
handles the case of a doubling, which explains when this case may occur
during normal processing.

Thanks go to Antonio Sanso for noting this.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4424)
2017-10-02 11:30:30 -04:00
Bernd Edlinger
c55b786a89 Fix the return type of felem_is_zero_int which should be int.
Change argument type of xxxelem_is_zero_int to const void*
to avoid the need of type casts.

Fixes #4413

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4450)
2017-10-02 17:24:17 +02:00
Samuel Weiser
6364475a99 Added const-time flag to DSA key decoding to avoid potential leak of privkey
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4440)
2017-09-29 13:06:25 -04:00
Hubert Kario
681acb311b doc: note that the BN_new() initialises the BIGNUM
BN_new() and BN_secure_new() not only allocate memory, but also
initialise it to deterministic value - 0.

Document that behaviour to make it explicit

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4438)
2017-09-29 13:10:34 +02:00
Pauli
af3e5e1bda Put back the #include <openssl/safestack.h> lines in public headers.
the latter includes the former.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4437)
2017-09-29 07:56:35 +10:00
Pauli
f32b0abe26 Remove unnecessary #include <openssl/lhash.h> directives.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4431)
2017-09-29 07:38:56 +10:00
Pauli
1f5e0f9280 Use safestack.h exclusively internally.
Remove all stack headers from some includes that don't use them.

Avoid a genearic untyped stack use.

Update stack POD file to include the OPENSSL_sk_ API functions in the notes
section.  They were mentioned in the name section but not defined anywhere.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4430)
2017-09-28 13:14:33 +10:00
Pauli
e431363f8c Add stack space reservations.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4386)
2017-09-28 06:53:40 +10:00
Pauli
1b3e2bbf64 Add a reserve call to the stack data structure.
This allows the caller to guarantee that there is sufficient space for a
number of insertions without reallocation.

The expansion ratio when reallocating the array is reduced to 1.5 rather than 2.

Change bounds testing to use a single size rather than both INT_MAX and
SIZE_MAX.  This simplifies some of the tests.

Switch the stack pointers to data from char * to void *

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4386)
2017-09-28 06:53:40 +10:00
Samuel Weiser
9f9442918a BN_copy now propagates BN_FLG_CONSTTIME
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4377)
2017-09-27 10:03:37 +01:00