Commit graph

23180 commits

Author SHA1 Message Date
Matt Caswell
71b1ceffc4 Make sure build_SYS_str_reasons() preserves errno
This function can end up being called during ERR_get_error() if we are
initialising. ERR_get_error() must preserve errno since it gets called via
SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are
supposed to inspect errno.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)
2018-12-10 10:17:43 +00:00
Richard Levitte
f2f734d4f9 make update
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)
2018-12-10 10:07:15 +01:00
Richard Levitte
a8bf2f8f24 Prevent calling decryption in an encryption context and vice versa
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)
2018-12-10 10:07:15 +01:00
Viktor Dukhovni
1057c2c39f Cleaner disposal of ephemeral engine ids and names
Engine names and ids are typically static strings.  If an application
actually dynamically allocated these, the application owns the
storage, and should dispose of it via the original handle, rather
than the "const char *" returned by the engine.

In any case, this resolves the test code issue without resort to
"unconst" macros/casts.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-12-09 22:02:48 -05:00
Viktor Dukhovni
9b34028187 Eliminate NOP cast
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-12-09 22:02:48 -05:00
Christos Zoulas
73ff6d6847 change into hex string constants to avoid overflow warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:51 -05:00
Christos Zoulas
ec91206fbe Add a format attribute to the format functions and fix the broken format
strings.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:50 -05:00
Christos Zoulas
5db120dc35 Fix const issues
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:50 -05:00
Christos Zoulas
bda1f0c0d6 Avoid const castaway warning
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:50 -05:00
Christos Zoulas
d8adf68cd6 Use a const variable
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:50 -05:00
Christos Zoulas
8343229bc4 Use the proper fonst cast
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:49 -05:00
Christos Zoulas
82f518acee don't pass const string where a modifyable string is expected
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:49 -05:00
Christos Zoulas
706a8af015 add missing "void" in prototype.
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:49 -05:00
Christos Zoulas
15f77f2cae add missing const in cast
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:49 -05:00
Christos Zoulas
4b6ae3c3c2 add missing const
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:48 -05:00
Christos Zoulas
f53537b1fa use the proper types to eliminate casts
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:48 -05:00
Andy Polyakov
91d0fd1c27 err/err.c: improve err_clear_last_constant_time's portability.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7850)
2018-12-08 12:34:18 +01:00
terry zhao
97c213814b Update kmac.c
fix nmake compiler error

```
crypto\kmac\kmac.c : warning treated as error - no object file generated
crypto\kmac\kmac.c : warning C4819: The file contains a character that cannot be represented in the current code page (936). Save the file in Unicode format to prevent data loss
```

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7846)
2018-12-08 11:00:18 +01:00
Dr. Matthias St. Pierre
16942e081e Configure: fix the version string in the configure output
Since `$config{version}` and `$config{version_num}` were removed
in commit 3a63dbef15, the configure output displays an empty
version number string in parentheses instead of the version number.

This pull request fixes that by adding new config variables
`version` and `full_version`, analogous to `OPENSSL_VERSION_STR`
and `OPENSSL_FULL_VERSION_STR`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7841)
2018-12-07 17:45:49 +01:00
Richard Levitte
d26d2cfe95 Remove all NOEXIST symbols from ordinals files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
3b39185880 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
bfc3b4ffd6 util/perl/OpenSSL/Ordinals.pm: introduce a base version
The idea is that a base version is the minimum version that must be
assigned to all symbols.  The practical result is that, for any new
major release, the version number for all symbols will automatically
be bumped to the new release's version number, if necessary.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
ad0b144b8a util/perl/OpenSSL/Ordinals.pm: use OpenSSL::Util::cmp_versions
OpenSSL::Util::cmp_versions() is introduced to be used everywhere
where versions are compared.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
257ab867d0 util/perl/OpenSSL/Ordinals.pm: shift to dotted versions internally
Any version from an ordinals file will have '_' changed to '.' on
input, and changed back on output.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Boris Pismenny
d6c3c1896c apps: print Kernel TLS in s_client and s_server
Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
Boris Pismenny
42ea4ef2db CHANGES: Add Linux Kernel TLS data-path
Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
Boris Pismenny
fe5d945028 sslapitest: add test ktls
Add a unit-test for ktls.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
Boris Pismenny
50ec750567 ssl: Linux TLS Tx Offload
This patch adds support for the Linux TLS Tx socket option.
If the socket option is successful, then the data-path of the TCP socket
is implemented by the kernel.
We choose to set this option at the earliest - just after CCS is complete.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
Boris Pismenny
ecd1557fb4 evp/e_aes: Expose IV
This commit exposes the cipher's IV to applications.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
Boris Pismenny
6ba76c4f23 bio: Linux TLS Offload
Add support for Linux TLS offload in the BIO layer
and specifically in bss_sock.c.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
Boris Pismenny
69495e3df5 Configure Kernel TLS datapath
Allow users to disable ktls using the "no-ktls" option.
Also, disable ktls when cross-compiling, non-linux, or too-old-kernel.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
Boris Pismenny
fe3ad3aee3 Linux ktls infrastructure
Introduce a compatability layer that exposes the required structures
and constants for supporting ktls.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
Richard Levitte
a860031621 Make EVP_PKEY_asn1_add0() stricter about its input
It turns out that the strictness that was implemented in
EVP_PKEY_asn1_new() (see Github openssl/openssl#6880) was badly placed
for some usages, and that it's better to do this check only when the
method is getting registered.

Fixes #7758

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7847)
2018-12-07 11:57:04 +01:00
Matt Caswell
95b7926bc3 Only include opensslconf.h once
Fixes a pyca cryptography test failure.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7839)
2018-12-07 10:37:41 +00:00
Matt Caswell
5d609f22d2 Remove the cast from the definition of OPENSSL_VERSION_NUMBER
If a cast is included in the definition it cannot be used in preprocessor
expressions, e.g. "#if OPENSSL_VERSION_NUMBER > 0x10000000L"

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7839)
2018-12-07 10:37:41 +00:00
FdaSilvaYY
56bc3ea0a4 Doc: fix reference to deprecated methods.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7705)
2018-12-06 20:48:29 +01:00
Dr. Matthias St. Pierre
425dde5d75 curve25519.c: improve formula alignment
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7750)
2018-12-06 19:38:13 +01:00
Dr. Matthias St. Pierre
3a17b9a46e curve25519.c: reformat code to follow coding guidelines
Fixes #7698

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7750)
2018-12-06 19:38:13 +01:00
Richard Levitte
4ace4ccda2 Remaining boilerplate change in doc/man3/OpenSSL_version.pod
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7838)
2018-12-06 15:58:55 +01:00
Richard Levitte
48f4ad7718 Following the license change, modify the boilerplates in include/ and crypto/include/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7770)
2018-12-06 15:57:31 +01:00
Richard Levitte
402dd5585e Following the license change, modify the boilerplates in last few
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7836)
2018-12-06 15:40:33 +01:00
Richard Levitte
4569ff3257 Following the license change, modify the boilerplates in external/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7835)
2018-12-06 15:39:02 +01:00
Richard Levitte
5e73e6baac Following the license change, modify the boilerplates in demos/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7834)
2018-12-06 15:38:19 +01:00
Richard Levitte
0642931f30 Following the license change, modify the boilerplates in fuzz/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7833)
2018-12-06 15:37:38 +01:00
Richard Levitte
ab3fa1c0ad Following the license change, modify the boilerplates in engines/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7832)
2018-12-06 15:36:54 +01:00
Richard Levitte
3187791ed3 Following the license change, modify the boilerplates in doc/man7/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7831)
2018-12-06 15:36:02 +01:00
Richard Levitte
b1e979aeec Following the license change, modify the boilerplates in doc/man5/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7830)
2018-12-06 15:35:20 +01:00
Richard Levitte
4746f25ac6 Following the license change, modify the boilerplates in doc/man3/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7829)
2018-12-06 15:34:13 +01:00
Richard Levitte
449040b49a Following the license change, modify the boilerplates in doc/man1/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7828)
2018-12-06 15:33:06 +01:00
Richard Levitte
0e9725bcb9 Following the license change, modify the boilerplates in crypto/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7827)
2018-12-06 15:32:17 +01:00