Commit graph

23158 commits

Author SHA1 Message Date
Mansour Ahmadi
98f62979b2 Check return value of EVP_PKEY_new
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7427)

(cherry picked from commit d896b79b09)
2018-11-10 04:42:29 +02:00
Billy Brumley
6f172154f5 [crypto/bn] swap BN_FLG_FIXED_TOP too
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7599)

(cherry picked from commit dd41956d80)
2018-11-10 04:14:11 +02:00
Bernd Edlinger
bdb8897691 Fix issues with do_rand_init/rand_cleanup_int
Fixes #7022

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7588)

(cherry picked from commit e2d227bb4a)
2018-11-09 13:37:38 +01:00
Richard Levitte
37044f4557 VMS build: colon after target must be separated with a space
... otherwise, it's taken to be part of a device name.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7602)

(cherry picked from commit e9994901f8)
2018-11-09 12:30:11 +01:00
Richard Levitte
201a33f4ab Have install targets depend on more precise build targets
We only had the main 'install' target depend on 'all'.  This changes
the dependencies so targets like install_dev, install_runtime_libs,
install_engines and install_programs depend on build targets that are
correspond to them more specifically.  This increases the parallel
possibilities.

Fixes #7466

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)

(cherry picked from commit e8d01a6087)
2018-11-09 06:20:52 +01:00
Richard Levitte
d582f15469 Allow parallel install
When trying 'make -j{n} install', you may occasionally run into
trouble because to sub-targets (install_dev and install_runtime) try
to install the same shared libraries.  That makes parallel install
difficult.

This is solved by dividing install_runtime into two parts, one for
libraries and one for programs, and have install_dev depend on
install_runtime_libs instead of installing the shared runtime
libraries itself.

Fixes #7466

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)

(cherry picked from commit c1123d9f7e)
2018-11-09 06:20:51 +01:00
Paul Yang
0178459aa1 Fix a doc-nit in EVP_PKEY_CTX_ctrl.pod
[skip-ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7546)

(cherry picked from commit e5a8712d03)
2018-11-09 12:54:18 +08:00
Dr. Matthias St. Pierre
abf58ed319 rand_unix.c: open random devices on first use only
Commit c7504aeb64 (pr #6432) fixed a regression for applications in
chroot environments, which compensated the fact that the new OpenSSL CSPRNG
(based on the NIST DRBG) now reseeds periodically, which the previous
one didn't. Now the reseeding could fail in the chroot environment if the
DEVRANDOM devices were not present anymore and no other entropy source
(e.g. getrandom()) was available.

The solution was to keep the file handles for the DEVRANDOM devices open
by default. In fact, the fix did more than this, it opened the DEVRANDOM
devices early and unconditionally in rand_pool_init(), which had the
unwanted side effect that the devices were opened (and kept open) even
in cases when they were not used at all, for example when the getrandom()
system call was available. Due  to a bug (issue #7419) this even happened
when the feature was disabled by the application.

This commit removes the unconditional opening of all DEVRANDOM devices.
They will now only be opened (and kept open) on first use. In particular,
if getrandom() is available, the handles will not be opened unnecessarily.

This change does not introduce a regression for applications compiled for
libcrypto 1.1.0, because the SSLEAY RNG also seeds on first use. So in the
above constellation the CSPRNG will only be properly seeded if it is happens
before the forking and chrooting.

Fixes #7419

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7437)

(cherry picked from commit 8cfc19716c)
2018-11-08 16:41:24 +01:00
Dr. Matthias St. Pierre
cdf33504ef Test: enable internal tests for shared Windows builds
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)

(cherry picked from commit 1901516a4b)
2018-11-08 16:32:35 +01:00
Dr. Matthias St. Pierre
c39df745b0 Test: link drbgtest statically against libcrypto
and remove duplicate rand_drbg_seedlen() implementation again.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)

(cherry picked from commit 1c615e4ce9)
2018-11-08 16:32:30 +01:00
Matt Caswell
efd67e01a5 Give a better error if an attempt is made to set a zero length groups list
Previously we indicated this as a malloc failure which isn't very
helpful.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7479)

(cherry picked from commit 680bd131b6)
2018-11-08 11:31:22 +00:00
Matt Caswell
f306b9e62a Ignore disabled ciphers when deciding if we are using ECC
use_ecc() was always returning 1 because there are default (TLSv1.3)
ciphersuites that use ECC - even if those ciphersuites are disabled by
other options.

Fixes #7471

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7479)

(cherry picked from commit 589b6227a8)
2018-11-08 11:31:22 +00:00
Pauli
f7258489d8 Add missing RAND initialisation call.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7587)

(cherry picked from commit ac765685d4)
2018-11-08 08:13:16 +10:00
Bernd Edlinger
294941aebb Rename the rand_drbg_st data member "pool" to "seed_pool"
... to make the intended use more clear and differentiate
it from the data member "adin_pool".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7575)

(cherry picked from commit 31f32abb8e)
2018-11-07 15:23:39 +01:00
Bernd Edlinger
9bc987f008 Initialize reseed_gen_counter to 1, like it is done in master
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7532)
2018-11-07 15:16:19 +01:00
Richard Levitte
4274ef97c1 util/add-depends.pl: go through shared_sources too
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7545)

(cherry picked from commit 3866b2247f)
2018-11-07 14:40:02 +01:00
Bernd Edlinger
7b7fdf8a79 Fix a race condition in drbgtest.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7531)

(cherry picked from commit 2bb1b5ddd1)
2018-11-05 23:00:57 +01:00
Bernd Edlinger
939ef2ea11 Avoid two memory allocations in each RAND_DRBG_bytes
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7518)
2018-11-05 22:52:24 +01:00
Bernd Edlinger
c40c1ef4f3 Fix error handling in RAND_DRBG_uninstantiate
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7519)
2018-11-05 22:46:21 +01:00
Bernd Edlinger
fd59e425a8 Fix error handling in drbgtest.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7519)
2018-11-05 22:46:20 +01:00
Bernd Edlinger
ee5a79104c Fix error handling in rand_drbg_new
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7519)
2018-11-05 22:46:20 +01:00
Bernd Edlinger
f98a893ed4 Fix error handling in RAND_DRBG_set
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7519)
2018-11-05 22:46:20 +01:00
Pauli
0f316a0c20 Fix return formatting.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7564)

(cherry picked from commit 2087028612)
2018-11-06 07:09:00 +10:00
Pauli
030da7436e Cleanse the key log buffer.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7564)

(cherry picked from commit e931f370aa)
2018-11-06 07:08:30 +10:00
Benjamin Kaduk
33a37a6179 Restore sensible "sess_accept" counter tracking
Commit 9ef9088c15 switched the SSL/SSL_CTX
statistics counters to using Thread-Sanitizer-friendly primitives.
However, it erroneously converted an addition of -1
(for s->session_ctx->stats.sess_accept) to an addition of +1, since that
is the only counter API provided by the internal tsan_assist.h header
until the previous commit.  This means that for each accepted (initial)
connection, the session_ctx's counter would get doubly incremented, and the
(switched) ctx's counter would also get incremented.

Restore the counter decrement so that each accepted connection increments
exactly one counter exactly once (in net effect).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7464)

(cherry picked from commit 2aaa0b146b)
2018-11-03 23:27:12 -05:00
Benjamin Kaduk
a649b52f86 Add tsan_decr() API, counterpart of tsan_counter()
The existing tsan_counter() API increments a reference counter.
Provide a new API, tsan_decr(), to decrement such a reference counter.
This can be used, for example, when a reference is added to the session_ctx's
sess_accept stats but should more properly be tracked in the regular ctx's
statistics.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7464)

(cherry picked from commit 95658c3243)
2018-11-03 23:27:11 -05:00
Richard Levitte
cd01707b7f crypto/engine/eng_devcrypto.c: ensure we don't leak resources
If engine building fails for some reason, we must make sure to close
the /dev/crypto handle.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7506)

(cherry picked from commit 681e8cacdb)
2018-11-02 20:24:08 +01:00
Richard Levitte
120fc33e29 crypto/engine/eng_devcrypto.c: open /dev/crypto only once
We opened /dev/crypto once for each session, which is quite unnecessary.
With this change, we open /dev/crypto once at engine init, and close
it on unload.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7506)

(cherry picked from commit 458c7dad9e)
2018-11-02 20:24:00 +01:00
Richard Levitte
dcbbcf083c crypto/engine/eng_devcrypto.c: new compilers are strict on prototypes
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7506)

(cherry picked from commit 28ac1bd9a9)
2018-11-02 20:23:53 +01:00
Richard Levitte
3dcca12a20 crypto/engine/eng_devcrypto.c: add digest copy
Copying an EVP_MD_CTX, including the implementation local bits, is a
necessary operation.  In this case, though, it's the same as
initializing the local bits to be "copied to".

Fixes #7495

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7506)

(cherry picked from commit 36af124bfb)
2018-11-02 20:23:47 +01:00
Richard Levitte
b33e7698b8 apps: Stop pretending to care about Netscape keys
The documentation says some commands care, but the code says differently.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7440)

(cherry picked from commit d91d443f0d)
2018-11-02 10:59:17 +01:00
Pauli
6039651c43 Add a constant time flag to one of the bignums to avoid a timing leak.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7549)

(cherry picked from commit 00496b6423)
2018-11-02 08:14:35 +10:00
Richard Levitte
222b0a8e1a Configuration: when building the dirinfo structure, include shared_sources
This makes sure that any resulting directory target in the build files
also depend on object files meant for shared libraries.

As a side effect, we move the production of the dirinfo structure from
common.tmpl to Configure, to make it easier to check the result.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7452)

(cherry picked from commit b6e660754c)
2018-10-31 15:47:56 +01:00
Andy Polyakov
3b1928fe64 Configurations/15-android.conf: detect NDK llvm-ar.
This excluses user from additional PATH adjustments in case NDK has
llvm-ar.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7443)

(cherry picked from commit ddf2e8c8cc)
2018-10-31 15:45:03 +01:00
Andy Polyakov
3453dbde7f Configurations/15-android.conf: fix implicit __ANDROID_API__ handling.
03ad7c009e failed if one didn't pass
explicit -D__ANDROID_API__=N :-(

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7443)

(cherry picked from commit 71f2b3171e)
2018-10-31 15:45:03 +01:00
Bernd Edlinger
faca6bfac3 Fix a race condition in drbg_add
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7523)

(cherry picked from commit 4011bab1f8)
2018-10-30 23:28:12 +01:00
Matt Caswell
de8848aeaf Add a client_cert_cb test
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7413)

(cherry picked from commit 6e46c065b9)
2018-10-30 12:18:55 +00:00
Matt Caswell
a2388b50af Don't call the client_cert_cb immediately in TLSv1.3
In TLSv1.2 and below a CertificateRequest is sent after the Certificate
from the server. This means that by the time the client_cert_cb is called
on receipt of the CertificateRequest a call to SSL_get_peer_certificate()
will return the server certificate as expected. In TLSv1.3 a
CertificateRequest is sent before a Certificate message so calling
SSL_get_peer_certificate() returns NULL.

To workaround this we delay calling the client_cert_cb until after we
have processed the CertificateVerify message, when we are doing TLSv1.3.

Fixes #7384

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7413)

(cherry picked from commit e45620140f)
2018-10-30 12:18:55 +00:00
Dr. Matthias St. Pierre
5cf0f0e708 rand_drbg.h: include <openssl/obj_mac.h>
The RAND_DRBG_TYPE preprocessor define depends on a NID, so  we have
to include obj_mac.h to make the header selfcontained.

Fixes #7521

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7524)

(cherry picked from commit cf3d6ef7af)
2018-10-30 08:03:06 +01:00
Chocobo1
189b56b206 Fix MSVC warning C4819
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7444)

(cherry picked from commit cf4eea1204)
2018-10-30 04:52:27 +01:00
Richard Levitte
d308458ef1 test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run()
pkey_test_ctrl() was designed for parsing values, not for using in
test runs.  Relying on its returned value when it returned 1 even for
control errors made it particularly useless for mac_test_run().

Here, it gets replaced with a MAC specific control function, that
parses values the same way but is designed for use in a _run() rather
than a _parse() function.

This uncovers a SipHash test with an invalid control that wasn't
caught properly.  After all, that stanza is supposed to test that
invalid control values do generate an error.  Now we catch that.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7500)

(cherry picked from commit ce5d64c79c)
2018-10-29 17:32:27 +01:00
Matt Caswell
86743ef857 Add a test where we reuse the EVP_PKEY_CTX for two HKDF test runs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7501)

(cherry picked from commit 10d5b415f9)
2018-10-29 14:11:40 +00:00
Matt Caswell
070ce40be1 Reset the HKDF state between operations
Fixes #7497

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7501)

(cherry picked from commit ca55d70be0)
2018-10-29 14:11:40 +00:00
Richard Levitte
7e01266fa6 Windows build: build foo.d after foo.obj
We made the build of foo.obj depend on foo.d, meaning the latter gets
built first.  Unfortunately, the way the compiler works, we are forced
to redirect all output to foo.d, meaning that if the source contains
an error, the build fails without showing those errors.

We therefore remove the dependency and force the build of foo.d to
always happen after build of foo.obj.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7469)

(cherry picked from commit ecc347f5f5)
2018-10-29 14:28:40 +01:00
Richard Levitte
7ccfce81db ssl/statem: Don't compare size_t with less than zero
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7194)

(cherry picked from commit 60690b5b83)
2018-10-29 14:25:45 +01:00
Richard Levitte
a862a1d517 VMS & cryptoerr.h: include symhacks.h
Needed to clear a clash between ERR_load_CRYPTO_strings and
ERR_load_crypto_strings

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7194)

(cherry picked from commit cc3a2e4f51)
2018-10-29 14:25:45 +01:00
Richard Levitte
bbc1c56a3c apps/rehash.c: Convert ISO-8859-1 to UTF-8
Believe it or not, the VMS C compiler is remarking on this

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7194)

(cherry picked from commit 4602cc85af)
2018-10-29 14:25:45 +01:00
Bernd Edlinger
6101850baf Rework and simplify resource flow in drbg_add
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7504)

(cherry picked from commit f9e43929c4)
2018-10-29 12:31:21 +01:00
Dr. Matthias St. Pierre
c7a7ed3870 randfile.c: fix a Coverity warning
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7510)

(cherry picked from commit 040a03470c)
2018-10-28 23:39:13 +01:00
Pauli
b1d6d55ece Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
Preallocate an extra limb for some of the big numbers to avoid a reallocation
that can potentially provide a side channel.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7486)

(cherry picked from commit 99540ec794)
2018-10-29 07:59:23 +10:00