Commit graph

15198 commits

Author SHA1 Message Date
Matt Caswell
8ce4e7e605 Add have_precompute_mult tests
Add tests for have_precompute_mult for the optimised curves (nistp224,
nistp256 and nistp521) if present

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 12:56:58 +00:00
Matt Caswell
615614c886 Fix bug in nistp224/256/521 where have_precompute_mult always returns 0
During precomputation if the group given is well known then we memcpy a
well known precomputation. However we go the wrong label in the code and
don't store the data properly. Consequently if we call have_precompute_mult
the data isn't there and we return 0.

RT#3600

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 12:56:58 +00:00
Matt Caswell
f5a12207ec Add missing return value checks
The function DH_check_pub_key() was missing some return value checks in
some calls to BN functions.

RT#4278

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-29 11:53:32 +00:00
Matt Caswell
cb389fe804 Correct value of DH_CHECK_PUBKEY_INVALID
A new return value for DH_check_pub_key was recently added:
DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other
return values it should have been set to the value 4 not 3.

RT#4278

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-29 11:53:32 +00:00
Matt Caswell
ec4479249d Implement Async SSL_shutdown
This extends the existing async functionality to SSL_shutdown(), i.e.
SSL_shutdown() can now casuse an SSL_ERROR_WANT_ASYNC error to be returned
from SSL_get_error() if async mode has been enabled.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-29 11:36:44 +00:00
Viktor Dukhovni
35ade23b02 Keep RC5 bit shifts in [0..31]
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-28 21:39:46 -05:00
Dr. Stephen Henson
987157f6f6 Use callback for DSAPublicKey
PR#4277

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-28 23:41:35 +00:00
Rich Salz
cc373a37a1 Remove extraneous output from util/mk scripts
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-28 15:52:56 -05:00
Rich Salz
45bf87a0b9 Remove outdated tests
These tests are not built, and only usable as hand-tests so not
worth moving into our test framework.
This closes https://github.com/openssl/openssl/pull/561 and RT 4252

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-28 15:45:02 -05:00
Rich Salz
1119ddff84 Add more components to build.
Add enable-crypto-mdebug enable-rc5 enable-md2 to any target that was
--strict-warnings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-28 14:48:14 -05:00
Rich Salz
78d6a74a6c Missed part of b4f35e
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-28 13:40:33 -05:00
Richard Levitte
41a28cb294 Correct number of arguments in BIO_get_conn_int_port macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-28 18:19:55 +01:00
Matt Caswell
502bed22a9 CHANGES and NEWS updates for release
Add details about the latest issues fixed in the forthcoming release.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-28 14:41:19 +00:00
Matt Caswell
e729aac19d Add a test for small subgroup attacks on DH/DHE
Following on from the previous commit, add a test to ensure that
DH_compute_key correctly fails if passed a bad y such that:

y^q (mod p) != 1

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-28 14:41:19 +00:00
Matt Caswell
b128abc343 Prevent small subgroup attacks on DH/DHE
Historically OpenSSL only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for
generating X9.42 style parameter files such as those required for RFC
5114 support. The primes used in such files may not be "safe". Where an
application is using DH configured with parameters based on primes that
are not "safe" then an attacker could use this fact to find a peer's
private DH exponent. This attack requires that the attacker complete
multiple handshakes in which the peer uses the same DH exponent.

A simple mitigation is to ensure that y^q (mod p) == 1

CVE-2016-0701

Issue reported by Antonio Sanso.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-28 14:41:19 +00:00
Rich Salz
3444c36ab4 Fix typo in md2.h
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-28 09:18:21 -05:00
Viktor Dukhovni
7eba4e6207 Restore NUMPRIMES as a numeric literal
This fixes clang compilation problem with size_t NUMPRIMES and int
loop counters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-28 06:36:55 -05:00
Rich Salz
3538c7da3d Add CRYPTO_secure_zalloc
Also turn B<foo> into foo() in the pod page.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-27 23:34:13 -05:00
Viktor Dukhovni
109f8b5dec Comment side-effect only calls of X509_check_purpose
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-27 22:16:12 -05:00
Rich Salz
b4f35e5e07 Remove EIGHT_BIT and SIXTEEN_BIT
Also cleaned up bn_prime.pl to current coding style.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-27 19:10:13 -05:00
Rich Salz
3e9e810f2e Remove outdated legacy crypto options
Many options for supporting optimizations for legacy crypto on legacy
platforms have been removed.  This simplifies the source code and
does not really penalize anyone.
        DES_PTR (always on)
        DES_RISC1, DES_RISC2 (always off)
        DES_INT (always 'unsigned int')
        DES_UNROLL (always on)
        BF_PTR (always on) BF_PTR2 (removed)
        MD2_CHAR, MD2_LONG (always 'unsigned char')
        IDEA_SHORT, IDEA_LONG (always 'unsigned int')
        RC2_SHORT, RC2_LONG (always 'unsigned int')
        RC4_LONG (only int and char (for assembler) are supported)
        RC4_CHUNK (always long), RC_CHUNK_LL (removed)
        RC4_INDEX (always on)
And also make D_ENCRYPT macro more clear (@appro)

This is done in consultation with Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-27 19:05:50 -05:00
Richard Levitte
8ed40b83ec Fix check of what makedepprog should be
A mistake was made and the setting of this config variable got
reverted to an older behavior.  This restores the latest.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-01-27 19:03:13 +01:00
Billy Brumley
920ed8c81d Test all built-in curves and let the library choose the EC_METHOD
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-27 18:49:09 +01:00
Richard Levitte
d20a161f46 Complete the removal of /* foo.c */ comments
Some files that are automatically generated still had those comments
added by the generating scripts.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-27 18:42:23 +01:00
Richard Levitte
49dc5404df Skip all explicitely if the number of tests is 0
It seems that Test::More doesn't like 0 tests, a line like this raises
an error and stops the recipe entirely:

    plan tests => 0;

So we need to check for 0 tests beforehand and skip the subtest
explicitely in that case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-27 18:41:34 +01:00
Zhao Junwang
57a143fd83 Fix typos
cryptograpic => cryptographic

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-27 12:08:11 -05:00
Richard Levitte
ec307bcc36 Be careful when applying EXE_SHELL
$EXE_SHELL should only be used with out own programs, not with
surrounding programs such as the perl interpreter.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-27 12:11:52 +01:00
Viktor Dukhovni
8f243018d2 Doc fixes suggested by Claus Assmann
RT4264, RT4268

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-27 02:02:22 -05:00
Viktor Dukhovni
f006217bb6 Fix Custom Extension tests skip count
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-26 21:19:57 -05:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Richard Levitte
97ad487029 SHARED_LIBS_LINK_EXTS is no longer used, remove it completely
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-26 19:48:36 +01:00
Benjamin Kaduk
289578b90c Remove unused, undocumented clean-shared target
Also removes the make variable SHARED_LIBS_LINK_EXTS, only used by
the clean-shared target.

When shared library linking was moved to the separate Makefile.shared
in commit 30afcc072a, this target was
skipped.  Prior to that commit, clean-shared was invoked as a
dependency of build-shared, but afterward it was no longer referenced
anywhere in the tree.

Instead of porting the functionality over to Makefile.shared, just
remove it entirely, as it appears to be unused.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-26 11:42:28 -06:00
Todd Short
835894d138 RT4272: Unit tests fail when DTLS disabled
Missing SKIP: block in SSL unit tests for DTLS and TLS version tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-26 16:10:32 +01:00
Richard Levitte
aa50e2a39d 80-test_ca.t is made to use the new perlapp()
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-26 15:58:22 +01:00
Richard Levitte
a00c84f6c6 Have OpenSSL::Test handle perl scripts like any program
Since we're building some of our perl scripts and the result might not
end up in apps/ (*), we may need to treat them like the compile
programs we use for testing.

This introduces perlapp() and perltest(), which behave like app() and
test(), but will add the perl executable in the command line.

-----

(*) For example, with a mk1mf build, the result will end up in $(BIN_D)

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-26 15:58:22 +01:00
Matt Caswell
a18a31e49d Add SSL_up_ref() and SSL_CTX_up_ref()
The SSL and SSL_CTX structures are reference counted. However since libssl
was made opaque there is no way for users of the library to manipulate the
reference counts. This adds functions to enable that.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-26 13:19:10 +00:00
Matt Caswell
1bca5888da Remove dirs from mkfiles.pl
Recent changes have removed some directories which is causing mkfiles.pl
to fail.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-26 10:29:48 +00:00
Richard Levitte
90d48e5ea0 Use the new OpenSSL::Test::Utils routines.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 09:53:36 +01:00
Richard Levitte
96d2d7bc71 Use Configure's @disablables and %disabled through configdata.pm
Enhances the routines in OpenSSL::Test::Utils for checking disabled
stuff to get their information directly from Configure instead of
'openssl list -disabled'.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 09:53:36 +01:00
Richard Levitte
36b82b3464 Configure first in travis create release
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-26 08:26:27 +01:00
Richard Levitte
2b0e65d0f6 Base the tarfile list of files on git ls-files instead of find
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-26 08:26:27 +01:00
Rich Salz
c5eed2775e Ask for tests in CONTRIBUTING
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-25 17:12:57 -05:00
Richard Levitte
05e4e63366 Small Makefile.in cleanup
engines_obj changed name to padlock_obj in Configure.  We need to do
the corresponding ENGINES_ASM_OBJ -> PADLOCK_ASM_OBJ in appropriate
Makefile.ins.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 22:23:42 +01:00
Richard Levitte
f0bd468675 Small cleanups in Configure
- Small rearrangement of the TABLE and HASH printouts, and adding
  printout of the "build_scheme" item
- Renamed "engines_obj" to "padlock_obj"
- Moved the runs of dofile down...  it didn't quite make sense to have
  that in the middle of a printout

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 21:51:22 +01:00
Richard Levitte
9ab6fc5936 Generate warning text
Now that we're using templates, we should warn people not to edit the
resulting file.  We do it through util/dofile.pl, which is enhanced
with an option to tell what file it was called from.  We also change
the calls so the template files are on the command line instead of
being redirected through standard input.  That way, we can display
something like this (example taken from include/openssl/opensslconf.h):

    /* WARNING: do not edit! */
    /* Generated by Configure from include/openssl/opensslconf.h.in */

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 21:19:59 +01:00
Richard Levitte
52cdc9970d Misc fixups
The goal is Makefile, not Makefile.new
Remove the second generation of opensslconf.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 20:36:43 +01:00
Richard Levitte
971a725be4 Revert merge error
There are two versions of print_table_entry() in Configure.  Remove
the older.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 20:18:22 +01:00
Richard Levitte
4f2eec60c2 Add some info in CHANGES about what's happening so far with Configure et al
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-25 19:11:09 +01:00
Richard Levitte
9e4d6fbf3d Remove GOST again
The config for the removed GOST engine reappeared by mistake.  Now
removed again.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-25 19:07:11 +01:00
Richard Levitte
107b5792b2 Refactor file writing - Remake Makefile.org into a template
It is time for Makefile.org to fold into the new regime and have a run
through util/dofile.pl.  This forces some information out of there and
into Configure, which isn't a bad thing, it makes Configure
increasingly the center of build information, which is as it should
be.

A few extra defaults were needed in the BASE template to get rid of
warnings about missing values.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-25 19:07:11 +01:00