Commit graph

23139 commits

Author SHA1 Message Date
Richard Levitte
2044d38232 Following the license change, modify the boilerplates in crypto/conf/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7785)
2018-12-06 14:43:29 +01:00
Richard Levitte
48f66f8115 Following the license change, modify the boilerplates in crypto/comp/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7784)
2018-12-06 14:42:18 +01:00
Richard Levitte
08ddd30230 Following the license change, modify the boilerplates in crypto/cms/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7783)
2018-12-06 14:40:53 +01:00
Richard Levitte
8de396f875 Following the license change, modify the boilerplates in crypto/cmac/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7782)
2018-12-06 14:39:25 +01:00
Richard Levitte
03d770d935 Following the license change, modify the boilerplates in crypto/chacha/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7781)
2018-12-06 14:37:22 +01:00
Richard Levitte
a5024e0609 Following the license change, modify the boilerplates in crypto/cast/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7780)
2018-12-06 14:36:10 +01:00
Richard Levitte
5593d9c952 Following the license change, modify the boilerplates in crypto/camellia/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7779)
2018-12-06 14:34:55 +01:00
Richard Levitte
0c4fa1f10d Following the license change, modify the boilerplates in crypto/buffer/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7778)
2018-12-06 14:32:34 +01:00
Richard Levitte
367ace6870 Following the license change, modify the boilerplates in crypto/bn/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7777)
2018-12-06 14:31:21 +01:00
Richard Levitte
04e388ce4c Following the license change, modify the boilerplates in crypto/blake2/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7776)
2018-12-06 14:30:07 +01:00
Richard Levitte
09abbca13f Following the license change, modify the boilerplates in crypto/bio/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7775)
2018-12-06 14:28:52 +01:00
Richard Levitte
8b00b7b8b3 Following the license change, modify the boilerplates in crypto/bf/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7774)
2018-12-06 14:27:41 +01:00
Richard Levitte
f3a9534949 Following the license change, modify the boilerplates in crypto/async/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7773)
2018-12-06 14:25:47 +01:00
Richard Levitte
365a2d9991 Following the license change, modify the boilerplates in crypto/asn1/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7772)
2018-12-06 14:24:40 +01:00
Richard Levitte
c918d8e283 Following the license change, modify the boilerplates in crypto/aes/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7771)
2018-12-06 14:23:25 +01:00
Richard Levitte
c7fcbc0981 Following the license change, modify the boilerplates in ms/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7769)
2018-12-06 14:22:20 +01:00
Richard Levitte
2c18d164f5 Following the license change, modify the boilerplates in ssl/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7768)
2018-12-06 14:20:59 +01:00
Richard Levitte
909f1a2e51 Following the license change, modify the boilerplates in test/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)
2018-12-06 14:19:22 +01:00
Richard Levitte
9059ab425a Following the license change, modify the boilerplates in util/, tools/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7766)
2018-12-06 14:17:23 +01:00
Richard Levitte
dffa752023 Following the license change, modify the boilerplates in apps/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7765)
2018-12-06 14:15:27 +01:00
Richard Levitte
151333164e Change license to the Apache License v2.0
This applies to the 'master' git branch and OpenSSL version 3.0.0 and
up.  Pre-3.0.0 versions retain the previous license.

The boilerplate will change in increments after this change.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7764)
2018-12-06 13:27:18 +01:00
Richard Levitte
389c09fa09 License: change any non-boilerplate comment referring to "OpenSSL license"
Make it just say "the License", which refers back to the standard
boilerplate.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7764)
2018-12-06 13:26:28 +01:00
Richard Levitte
fcd2d5a612 Refactor the computation of API version limits
Previously, the API version limit was indicated with a numeric version
number.  This was "natural" in the pre-3.0.0 because the version was
this simple number.

With 3.0.0, the version is divided into three separate numbers, and
it's only the major number that counts, but we still need to be able
to support pre-3.0.0 version limits.

Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0
style numeric version number or with a simple major number, i.e. can
be defined like this for any application:

    -D OPENSSL_API_COMPAT=0x10100000L
    -D OPENSSL_API_COMPAT=3

Since the pre-3.0.0 numerical version numbers are high, it's easy to
distinguish between a simple major number and a pre-3.0.0 numerical
version number and to thereby support both forms at the same time.

Internally, we define the following macros depending on the value of
OPENSSL_API_COMPAT:

    OPENSSL_API_0_9_8
    OPENSSL_API_1_0_0
    OPENSSL_API_1_1_0
    OPENSSL_API_3

They indicate that functions marked for deprecation in the
corresponding major release shall not be built if defined.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:48 +01:00
Richard Levitte
0695b19342 util/find-doc-nits: allow #undef
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:48 +01:00
Richard Levitte
478d4f912c include/openssl/opensslconf.h.in: allow future deprecation for v4.0
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:48 +01:00
Richard Levitte
db2f2d49b9 Configure: allow building without things deprecated up to and including v3.0
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:48 +01:00
Richard Levitte
3a63dbef15 Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.

The most central change is that we now express the version number with
three macros, one for each part of the version number:

    OPENSSL_VERSION_MAJOR
    OPENSSL_VERSION_MINOR
    OPENSSL_VERSION_PATCH

We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):

    OPENSSL_VERSION_PRE_RELEASE
    OPENSSL_VERSION_BUILD_METADATA

To get the library's idea of all those values, we introduce the
following functions:

    unsigned int OPENSSL_version_major(void);
    unsigned int OPENSSL_version_minor(void);
    unsigned int OPENSSL_version_patch(void);
    const char *OPENSSL_version_pre_release(void);
    const char *OPENSSL_version_build_metadata(void);

Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):

    OPENSSL_SHLIB_VERSION

We also provide a macro that contains the release date.  This is not
part of the version number, but is extra information that we want to
be able to display:

    OPENSSL_RELEASE_DATE

Finally, also provide the following convenience functions:

    const char *OPENSSL_version_text(void);
    const char *OPENSSL_version_text_full(void);

The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:

    OPENSSL_VERSION_NUMBER
    OPENSSL_VERSION_TEXT
    OPENSSL_VERSION
    OpenSSL_version_num()
    OpenSSL_version()

Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:

    OPENSSL_info()

For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Richard Levitte
672f943ad6 Switch future deprecation version from 1.2.0 to 3.0
This is in preparation for a switch to MAJOR.MINOR.PATCH versioning
and calling the next major version 3.0.0.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Richard Levitte
2284f64c87 util/mkdef.pl: prepare for DEPRECATEDIN_X
This is in preparation for new versioning scheme, where the
recommendation is to start deprecations at major version boundary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Matt Caswell
0fb2815b87 Fix some SSL_export_keying_material() issues
Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label length
in TLSv1.3.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)
2018-12-05 10:55:04 +00:00
Matt Caswell
ed371b8cba Revert "Reduce stack usage in tls13_hkdf_expand"
This reverts commit ec0c5f5693.

SSL_export_keying_material() may use longer label lengths.

Fixes #7712

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)
2018-12-05 10:54:52 +00:00
Andy Polyakov
3a4a88f436 bn/bn_{div|shift}.c: introduce fixed-top interfaces.
Fixed-top interfaces tolerate zero-padded inputs and facilitate
constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend,
but not divisor. It's argued that divisor's length is public even
when value is secret.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)
2018-12-05 10:33:57 +00:00
Andy Polyakov
3da2e9c4ee bn/bn_div.c: make conditional addition unconditional
and add template for constant-time bn_div_3_words.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)
2018-12-05 10:33:57 +00:00
Andy Polyakov
31703da3b8 Configure: recognize div3w modules and add -DBN_DIV3W.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)
2018-12-05 10:33:28 +00:00
Andy Polyakov
b34446cca2 Configurations/10-main.conf: remove MIPS bn_div_3_words.
It's being replaced with constant-time alternative.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)
2018-12-05 10:33:28 +00:00
Matt Caswell
871493a2be Ignore an auto-generated documentation file
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7746)
2018-12-04 08:38:53 +00:00
Matt Caswell
e65a79d2aa Add an Ed25519 signature maleability test
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7697)
2018-12-03 14:21:05 +00:00
Matt Caswell
0ac8f35c04 Disallow Ed25519 signature maleability
Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.1.7

Fixes #7693

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7697)
2018-12-03 14:21:05 +00:00
Richard Levitte
be80b21d2a Docs: better deprecation text
Expand the text on deprecation to be more descriptive and to refer
back to openssl_user_macros(7).

Incidently, this required a small change in util/find-doc-nits, to
have it skip over any line that isn't part of a block (i.e. that
hasn't been indented with at least one space.  That makes it skip over
deprecation text.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7745)
2018-12-03 12:32:31 +01:00
Richard Levitte
7b4a3515a4 Docs fixup: some man3 pages had unindented code in SYNOPSIS
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7744)
2018-12-03 10:57:01 +01:00
Richard Levitte
b608fabfcc util/process_docs.pl: handle multiple source directories for .pod files
From now on, the default is to look in both the source directory and
the build directory.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)
2018-12-03 10:00:14 +01:00
Richard Levitte
547a3320fc Doc: add doc/man7/openssl_user_macros.pod.in
This manual is a start to describe macros that users can use to affect
what symbols are exported by the public header files.

Because the macro OPENSSL_API_COMPAT has a default that's affected by
configuration choices, we must make it a generated manual.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7742)
2018-12-03 10:00:14 +01:00
Antoine Salon
9b1c0e006b Fix usage of deprecated SSL_set_tmp_ecdh()
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7738)
2018-11-30 16:50:29 -08:00
Andy Polyakov
603221407d rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.
Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
if nul delimiter is preceded by 8 consecutive 0x03 bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2018-11-30 12:32:25 +00:00
Andy Polyakov
75f5e944be rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.
And make RSAErr call unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2018-11-30 12:32:25 +00:00
Andy Polyakov
e875b0cf2f rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.
And make RSAErr call unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2018-11-30 12:32:25 +00:00
Andy Polyakov
89072e0c2a rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2018-11-30 12:32:25 +00:00
Andy Polyakov
f658a3b64d err/err.c: add err_clear_last_constant_time.
Expected usage pattern is to unconditionally set error and then
wipe it if there was no actual error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2018-11-30 12:32:25 +00:00
Richard Levitte
f1d49ed947 Don't test the collected system errors when configured to not have them
Config options 'no-err' and 'no-autoerrinit'

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7711)
2018-11-27 09:01:35 +00:00
Paul Yang
5a4481f0e0 Fix access zero memory if SSL_DEBUG is enabled
If compile OpenSSL with SSL_DEBUG macro, some test cases will cause the
process crashed in the debug code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7707)
2018-11-27 11:26:02 +08:00