Commit graph

9252 commits

Author SHA1 Message Date
Rich Salz
dcf6e50f48 Merge Intel copyright notice into standard
This is done with the kind permission of Intel.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3813)
2017-06-30 12:01:54 -04:00
Rich Salz
2915fe19a6 Add fork handlers, based on pthread_atfork
Only for Unix platforms

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3754)
2017-06-29 16:19:41 -04:00
Richard Levitte
5ee407460b STORE: Make sure the loader to be registered is complete
Most of the loader function pointers are crucial, they must be defined
unconditionally.  Therefore, let's make sure OSSL_STORE_register_loader
refuses to register incomplete loaders

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3805)
2017-06-29 22:11:40 +02:00
Richard Levitte
6f9c506268 STORE: simplify store_loader_cmp()
We have already made sure that the loader scheme isn't NULL, so
checking if they are NULL or not when comparing registered loaders
is redundant.  We still soft assert it, just to be entirely sure.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3805)
2017-06-29 21:48:12 +02:00
Andy Polyakov
7807267bed Add sha/asm/keccak1600-s390x.pl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-06-29 21:16:02 +02:00
Andy Polyakov
d6f0c94a65 sha/asm/keccak1600-x86_64.pl: add CFI directives.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-06-29 21:15:56 +02:00
Andy Polyakov
a1613840dd sha/asm/keccak1600-x86_64.pl: optimize by re-ordering instructions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-06-29 21:15:51 +02:00
Andy Polyakov
a078d9dfa9 sha/asm/keccak1600-x86_64.pl: remove redundant moves.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-06-29 21:15:45 +02:00
Andy Polyakov
64aef3f53d Add sha/asm/keccak1600-x86_64.pl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-06-29 21:15:09 +02:00
Richard Levitte
4c17819c41 Add internal functions to fetch PEM data from an opened BIO
store_attach_pem_bio() creates a STORE_CTX with the 'file' scheme
loader backend in PEM reading mode on an already opened BIO.
store_detach_pem_bio() detaches the STORE_CTX from the BIO and
destroys it (without destroying the BIO).

These two functions can be used in place of STORE_open() and
STORE_close(), and are present as internal support for other OpenSSL
functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2745)
2017-06-29 19:25:39 +02:00
Richard Levitte
7852f588a6 Make it possible to tell the file loader to use secure memory
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3483)
2017-06-29 19:19:40 +02:00
Richard Levitte
6fc1d33c90 STORE 'file' scheme loader: refactor the treatment of matches
Sometimes, 'file_load' couldn't really distinguish if a file handler
matched the data and produced an error or if it didn't match the data
at all.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:33 +02:00
Richard Levitte
f91ded1fc4 STORE: add ENGINE information to loaders
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
970f467ac3 STORE 'file' scheme loader: Add directory listing capability
This has it recognised when the given path is a directory.  In that
case, the file loader will give back a series of names, all as URI
formatted as possible given the incoming URI.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
7ad2ef366c STORE 'file' scheme loader: Add handler for encrypted PKCS#8 data
Add a separate handler for encrypted PKCS#8 data.  This uses the new
restart functionality.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
1aabc2445b STORE 'file' scheme loader: refactor file_load to support decoding restart
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
50ecedda40 STORE: Add a OSSL_STORE_INFO type to help support file handler restarts
Some containers might very simply decode into something new that
deserves to be considered as new (embedded) data.  With the help of a
special OSSL_STORE_INFO type, make that new data available to the
loader functions so they can start over.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
a09003ea22 STORE 'file' scheme loader: add support for the PKCS#12 container
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
e61ec2d9ba STORE 'file' scheme loader: add support for containers
Containers are objects that are containers for a bunch of other
objects with types we recognise but aren't readable in a stream.  Such
containers are read and parsed, and their content is cached, to be
served one object at a time.

This extends the FILE_HANDLER type to include a function to destroy
the cache and a function to simulate the EOF check.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
9c6da42d0c Add a STORE loader for the "file" scheme
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
dc10560eba Make it possible to peek at BIO data through BIO_f_buffer()
This is needed for the upcoming "file" scheme STORE loader.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
86f7b04212 Make asn1_d2i_read_bio accessible from STORE
This is needed for the upcoming "file" scheme STORE loader.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
71a5516dcc Add the STORE module
This STORE module adds the following functionality:

- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
  that accesses a URI and helps loading the supported objects (PKEYs,
  CERTs and CRLs for the moment) from it.
- An opaque type OSSL_STORE_INFO that holds information on each loaded
  object.
- A few functions to retrieve desired data from a OSSL_STORE_INFO
  reference.
- Functions to register and unregister loaders for different URI
  schemes.  This enables dynamic addition of loaders from applications
  or from engines.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
c785fd48e6 Make it possible to refer to ERR_R_UI_LIB
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
afe9bba749 crypto/mem.c: on Windows, use rand() instead of random()
Windows doesn't provide random().  In this particular case, our
requirements on the quality of randomness isn't high, so we don't
need to care how good randomness rand() does or doesn't provide.

Fixes #3778

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3779)
2017-06-28 22:15:02 +02:00
Richard Levitte
3816be5d4a UI_UTIL_wrap_read_pem_callback: make sure to terminate the string received
The callback we're wrapping around may or may not return a
NUL-terminated string.  Let's ensure it is.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3791)
2017-06-28 14:24:28 +02:00
Richard Levitte
8bd2c65fbb Comment on the lack of documentation for asymmetric ciphers
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
4f79affb05 Adapt for BSD cryptodev.h differences
The BSD cryptodev.h doesn't have things like COP_FLAG_WRITE_IV and
COP_FLAG_UPDATE.  In that case, we need to implement that
functionality ourselves.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
619eb33a0c Add new /dev/crypto engine
Based on cryptodev-linux

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
9a32dcf42e Add the common error ERR_R_OPERATION_FAIL
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Benjamin Kaduk
c91ec01365 Fix return-value checks in OCSP_resp_get1_id()
Commit db17e43d88 added the function
but would improperly report success if the underlying dup operation
failed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3775)
2017-06-27 10:49:53 -05:00
Rich Salz
4b8515baa6 Rename static global "lock" to "obj_lock"
Breaks djgpp, masks a common kernel function name.
Thanks to Gisle Vanem for pointing this out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3776)
2017-06-26 14:29:19 -04:00
Paul Yang
edea42c602 Change to check last return value of BN_CTX_get
To make it consistent in the code base

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3749)
2017-06-26 15:40:16 +02:00
Paul Yang
e8e5597606 Fix inaccurate comments in bn_prime.c
As well as a coding style nit is fixed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3763)
2017-06-26 14:59:30 +02:00
Andy Polyakov
a163e60d95 sha/asm/keccak1600-mmx.pl: optimize for Atom and add comparison data.
Curiously enough out-of-order Silvermont benefited most from
optimization, 33%. [Originally mentioned "anomaly" turned to be
misreported frequency scaling problem. Correct results were
collected under older kernel.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3739)
2017-06-24 09:42:14 +02:00
Andy Polyakov
415248e1e1 Add sha/asm/keccak1600-mmx.pl, x86 MMX module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3739)
2017-06-24 09:42:08 +02:00
Matt Caswell
f13615c5b8 Fix OBJ_create() to tolerate a NULL sn and ln
In 1.0.2 and before OBJ_create() allowed the sn or ln parameter to be NULL.
Commit 52832e47 changed that so that it crashed if they were NULL.

This was causing problems with the built-in config oid module. If a long
name was provided OBJ_create() is initially called with a NULL ln and
therefore causes a crash.

Fixes #3733

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3753)
2017-06-22 17:00:15 +01:00
Sascha Steinbiss
db17e43d88 Add OCSP_resp_get1_id() accessor
Adding a get1 style accessor as brought up in mailing list post
https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.html

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1876)
2017-06-21 15:01:54 -04:00
Andy Polyakov
b5cdec2fea sha/asm/sha512p8-ppc.pl: add POWER8 performance data.
[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3705)
2017-06-21 16:26:59 +02:00
Andy Polyakov
53ddf7dd05 Add Keccak-1600 modules for PPC64 and POWER8.
[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3705)
2017-06-21 16:24:36 +02:00
Matt Caswell
9924087573 Fix DTLS failure when used in a build which has SCTP enabled
The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with
the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately
due to this clash, this wasn't the case. The BIO ended up going into peek
mode and was continually reading the same data over and over - throwing it
away as a replay.

Fixes #3723

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3724)
2017-06-21 14:56:24 +01:00
Matt Caswell
9368f86526 Add TLSv1.3 client side external PSK support
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21 14:45:35 +01:00
Andy Polyakov
1d23bbccd3 Add sha/asm/keccak1600-c64x.pl
[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3708)
2017-06-21 15:21:47 +02:00
Dr. Stephen Henson
d2916a5b29 Use EVP_PKEY_X25519, EVP_PKEY_ED25519 instead of NIDs where appropriate.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
d3c094ca71 Recognise Ed25519 in X509_certificate_type
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
2017-06-21 14:11:01 +01:00
Rich Salz
aa8f3d76fc Modify Sun copyright to follow OpenSSL style
Approved by Oracle.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3585)
2017-06-20 11:13:45 -04:00
FdaSilvaYY
0c9d6818c8 Declare a new x509v3 extension: x509ExtAdmission
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2759)
2017-06-20 09:25:30 -04:00
Rich Salz
8d1598b0ce Fix typo (note by oneton@users.github)
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3716)
2017-06-20 08:15:00 -04:00
Rich Salz
0ea155fc1c Add RAND_UNIMPLEMENTED error code
See old GitHub PR 38.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3714)
2017-06-20 08:12:04 -04:00
Rich Salz
f39a5501ce Remove bsd_cryptodev engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3699)
2017-06-19 09:31:45 -04:00
Bernd Edlinger
3ac6d5ee53 Fix the fall-out in 04-test_bioprint.t
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3712)
2017-06-19 08:56:50 -04:00
Bernd Edlinger
af6de400b4 Fix the error handling in ERR_get_state:
- Ignoring the return code of ossl_init_thread_start created a memory leak.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3712)
2017-06-19 08:56:50 -04:00
Bernd Edlinger
93a8b3ba79 Remove a pointless "#if 0" block from BN_mul.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3683)
2017-06-17 14:18:26 +02:00
komainu8
6ea3bca427 Modify type of variable in OPENSSL_cpuid_setup function
CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3651)
2017-06-16 16:58:51 -04:00
Matt Caswell
a055a88155 Allow the server to change the ciphersuite on resume
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)
2017-06-16 10:57:59 +01:00
Andy Polyakov
5eb2dd88b3 Add sha/asm/keccak1600-armv8.pl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-15 21:53:30 +02:00
Rich Salz
0c3d0d4a01 Standardize Levitte's dual-license
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3689)
2017-06-15 14:16:16 -04:00
Pauli
5aba2b6e88 Correct Oracle copyrights & clarify.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3684)
2017-06-15 15:50:50 +10:00
Rich Salz
594da712ff Remove OLD_STR_TO_KEY compile option
This flag was added in 1992 and only documented in the CHANGES file.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3681)
2017-06-14 12:05:25 -04:00
Bernd Edlinger
5419dadd4b Fix possible crash in X931 code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
2017-06-14 09:35:48 -04:00
Bernd Edlinger
5625567f9c Fix another possible crash in rsa_ossl_mod_exp.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
2017-06-14 09:35:48 -04:00
Bernd Edlinger
fb0a64126b Fix a possible crash in dsa_builtin_paramgen2.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
2017-06-14 09:35:48 -04:00
Bernd Edlinger
abea494cf7 Fix crash in ecdh_simple_compute_key.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3671)
2017-06-14 08:52:18 -04:00
Bernd Edlinger
4fc426b789 Fix a possible crash in the error handling.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3672)
2017-06-13 21:48:29 -04:00
Bernd Edlinger
188a9bd950 Fix a memleak in ec_copy_parameters.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3666)
2017-06-13 13:27:25 -04:00
Andy Polyakov
150d0478a4 perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions.
[As well as few extra instructions from earlier spec.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-13 18:37:08 +02:00
Rich Salz
5816586ba4 Put message strings in state files
Add "*" as indicator meaning the function/reason is removed, so put an
empty string in the function/reason string table; this preserves backward
compatibility by keeping the #define's.

In state files, trailing backslash means text is on the next line.

Add copyright to state files

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3640)
2017-06-12 15:03:40 -04:00
Bernd Edlinger
19546246cf Fix memleak in EVP_DigestSignFinal/VerifyFinal.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3658)
2017-06-12 12:49:50 -04:00
Josh Soref
6bcb4175e6 improve comment: use "optimization" for clarity
The previous word was a misspelling of nicety

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3464)
2017-06-11 16:48:44 -04:00
Rich Salz
04e62715db Introduce ASN1_TIME_set_string_X509 API
Make funcs to deal with non-null-term'd string
in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm().

Fixes issue #3444.

This one is used to enforce strict format (RFC 5280) check and to
convert GeneralizedTime to UTCTime.

apps/ca has been changed to use the new API.

Test cases and documentation are updated/added

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3566)
2017-06-11 16:36:07 -04:00
Rich Salz
a020f54c25 Remove needless type casting.
CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3627)
2017-06-10 15:25:56 -04:00
Benjamin Kaduk
62b0a0dea6 Fix memory leaks in CTLOG_new_from_base64
Move the call to ct_base64_decode(), which allocates, until after
the check for NULL output parameter.

Also place a cap on the number of padding characters used to decrement
the output length -- any more than two '='s is not permitted in a
well-formed base64 text.  Prior to this change, ct_base64_decode() would
return a length of -1 along with allocated storage for an input of
"====".

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3379)
2017-06-09 13:32:29 -04:00
Paul Yang
bd91e3c870 Fix a bundle of trailing spaces in several files
Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3622)
2017-06-09 12:04:10 -04:00
Rich Salz
0b20ad127c Fix a read off the end of the input buffer
when building with OPENSSL_SMALL_FOOTPRINT defined.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3533)
2017-06-08 16:05:52 -04:00
Andy Polyakov
6dad1efef7 sha/asm/keccak1600-armv4.pl: switch to more efficient bit interleaving algorithm.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-08 20:21:31 +02:00
Andy Polyakov
13603583b3 sha/keccak1600.c: switch to more efficient bit interleaving algorithm.
[Also bypass sizeof(void *) == 8 check on some platforms.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-08 20:21:04 +02:00
Todd Short
1c036c6443 Fix #340: Parse ASN1_TIME to struct tm
This works with ASN1_UTCTIME and ASN1_GENERALIZED_TIME

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3378)
2017-06-08 13:19:13 +01:00
Rich Salz
52df25cf2e make error tables const and separate header file
Run perltidy on util/mkerr
Change some mkerr flags, write some doc comments
Make generated tables "const" when genearting lib-internal ones.
Add "state" file for mkerr
Renerate error tables and headers
Rationalize declaration of ERR_load_XXX_strings
Fix out-of-tree build
Add -static; sort flags/vars for options.
Also tweak code output
Moved engines/afalg to engines (from master)
Use -static flag
Standard engine #include's of errors
Don't linewrap err string tables unless necessary

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3392)
2017-06-07 15:12:03 -04:00
Rich Salz
be606c013d Add a lock around the OBJ_NAME table
Various initialization functions modify this table, which can cause heap
corruption in the absence of external synchronization.

Some stats are modified from OPENSSL_LH_retrieve, where callers aren't
expecting to have to take out an exclusive lock. Switch to using atomic
operations for those stats.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3525)
2017-06-07 11:23:37 -04:00
Andy Polyakov
367c552790 sha/asm/keccak1600-armv4.pl: add NEON code path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-06 19:54:29 +02:00
Andy Polyakov
56676f877d sha/asm/keccak1600-armv4.pl: add SHA3_absorb and SHA3_squeeze.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-06 19:54:24 +02:00
Andy Polyakov
5371810714 sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-06 19:54:19 +02:00
Andy Polyakov
aabfd32910 Add sha/asm/keccak1600-armv4.pl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-06 19:54:12 +02:00
Andy Polyakov
71dd3b6464 sha/keccak1600.c: add #ifdef KECCAK1600_ASM.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-05 19:35:41 +02:00
Andy Polyakov
22f9fa6e06 sha/keccak1600.c: reduce temporary storage utilization even futher.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-05 19:35:30 +02:00
Andy Polyakov
1ded2dd3ee sha/keccak1600.c: add another 1x variant.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-05 19:35:07 +02:00
Andy Polyakov
c83a4db521 sha/keccak1600.c: add ARM-specific "reference" tweaks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-05 19:34:48 +02:00
Andy Polyakov
8fc063dcc9 ec/asm/ecp_nistz256-x86_64.pl: minor sqr_montx cleanup.
Drop some redundant instructions in reduction in ecp_nistz256_sqr_montx.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-05 14:25:16 +02:00
Todd Short
1ee2125922 Fix ex_data and session_dup issues
Code was added in commit b3c31a65 that overwrote the last ex_data value
using CRYPTO_dup_ex_data() causing a memory leak, and potentially
confusing the ex_data dup() callback.

In ssl_session_dup(), fix error handling (properly reference and up-ref
shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data();
all other structures that dup ex_data have the destination ex_data new'd
before the dup.

Fix up some of the ex_data documentation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3323)
2017-06-02 12:11:38 -04:00
Matt Caswell
51909407c2 Left shift of a negative number is undefined behaviour
Fix undefined behaviour in curve25519.c. Prior to this running with
ubsan produces errors like this:

crypto/ec/curve25519.c:3871:18: runtime error: left shift of negative
value -22867

[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3600)
2017-06-02 10:40:13 +01:00
Rich Salz
73bc53708c Only release thread-local key if we created it.
Thanks to Jan Alexander Steffens for finding the bug and confirming the
fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3592)
2017-05-31 14:10:05 -04:00
Erwann Abalea
4a8ab10dd2 Add some OID's from X.520
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3590)
2017-05-31 13:33:20 -04:00
Richard Levitte
545360c4df Add UI functionality to duplicate the user data
This can be used by engines that need to retain the data for a longer time
than just the call where this user data is passed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3575)
2017-05-31 19:00:24 +02:00
HorimotoYasuhiro
3f23390b14 CLA: trivial
Fix coding style

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3581)
2017-05-31 08:56:03 -04:00
Dr. Stephen Henson
04dec1ab34 Clear sensitive data in ED25519_sign
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:21 +01:00
Dr. Stephen Henson
684c41c83f Add custom sig_info_set for ED25519
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:20 +01:00
Dr. Stephen Henson
9f889cc177 make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:20 +01:00
Dr. Stephen Henson
9f98fbad47 Add custom ASN.1 sign and verify
Since ED25519 doesn't have an associated digest it needs custom sign/verify
routines to handle ASN.1 signatures.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:20 +01:00
Dr. Stephen Henson
b85236966b Add ED25519 as signature OID
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:20 +01:00
Dr. Stephen Henson
ca23d3e089 make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:20 +01:00
Dr. Stephen Henson
42a3008aa4 ED25519 public key method.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:20 +01:00
Dr. Stephen Henson
a13727e5df add method
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Dr. Stephen Henson
8ecade8bfb Add ED25519 ASN.1 method
Make X25519 key method more flexible by removing hard coding of NID_X25519
OID. Since the parameters and key syntax between ED25519 and X25519 are
almost identical they can share a lot of common code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Dr. Stephen Henson
9691a749c8 Add EdDSA algorithm OIDs from draft-ietf-curdle-pkix-04
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Dr. Stephen Henson
d4d001df37 Make Ed25519 consistent with X25519
Rename and change ED25519_keypair_from_seed to ED25519_public_from_private
to be consistent with X25519 API.

Modidy ED25519_sign to take separate public key argument instead of
requiring it to follow the private key.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Dr. Stephen Henson
06c6d05fae Add Ed25519 algorithm.
Reinstate Ed25519 algorithm to curv25519.c this is largely just a copy of
the code from BoringSSL with some adjustments so it compiles under OpenSSL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Dr. Stephen Henson
bbbfee30bd make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Dr. Stephen Henson
7dd6de9fdd Allow NULL md for custom signing methods
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Dr. Stephen Henson
f723c98e2d Add support for custom digestsign/digestverify methods.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Andy Polyakov
1f2aff257d sha/keccak1600.c: implement lane complementing transform
...as discussed in section 2.2 of "Keccak implementation overview".

[skip ci]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-05-30 19:53:14 +02:00
Andy Polyakov
0dd0be9408 sha/keccak1600.c: implement bit interleaving optimization.
This targets 32-bit processors and is discussed in section 2.1 of
"Keccak implementation overview".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-05-30 19:52:50 +02:00
Marek Klein
e92947d8d9 fixing incorrect OID of signingCertificateV2
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3538)
2017-05-29 18:23:29 -04:00
Josh Soref
df578aa013 Fix spelling errors in CMS.
Unfortunately it affects error code macros in public cms.h header, for
which reason misspelled names are preserved for backward compatibility.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3463)
2017-05-27 14:15:24 +02:00
Andy Polyakov
14bb100b6c modes/ocb128.c: address undefined behaviour warning.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3526)
2017-05-26 10:52:11 +02:00
Andy Polyakov
f83409a69f aria/aria.c: address undefined behaviour warning in small-footprint path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3526)
2017-05-26 10:51:16 +02:00
Alex Gaynor
b1a3030e37 Newlines!
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
2017-05-22 08:03:22 -04:00
Alex Gaynor
2d8e9dbd2c Style fixes and use the source parameter so the OCSP path works
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
2017-05-22 08:03:22 -04:00
Alex Gaynor
8dcb87fdba This is an int
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
2017-05-22 08:03:22 -04:00
Alex Gaynor
8368a3abb8 Don't use a for-loop decleration
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
2017-05-22 08:03:22 -04:00
Alex Gaynor
3a490bbb1c Fixed #3020 -- set entry type on SCTs from X.509 and OCSP extensions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
2017-05-22 08:03:22 -04:00
Todd Short
c8e89d58a5 Tweak sec_mem tests
Remove assertion when mmap() fails.
Only run the 1<<31 limit test on Linux

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3455)
2017-05-20 20:54:04 -04:00
Matt Caswell
9bfeeef8ee Fix ASN1_TIME_to_generalizedtime to take a const ASN1_TIME
Fixes #1526

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3360)
2017-05-19 08:54:39 +01:00
Tomas Mraz
79b35228f1 Do not eat trailing '\n' in BIO_gets for fd BIO.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3442)
2017-05-15 15:13:36 +02:00
David Benjamin
e195c8a256 Remove filename argument to x86 asm_init.
The assembler already knows the actual path to the generated file and,
in other perlasm architectures, is left to manage debug symbols itself.
Notably, in OpenSSL 1.1.x's new build system, which allows a separate
build directory, converting .pl to .s as the scripts currently do result
in the wrong paths.

This also avoids inconsistencies from some of the files using $0 and
some passing in the filename.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3431)
2017-05-11 17:00:23 -04:00
Todd Short
7031ddac94 Fix infinite loops in secure memory allocation.
Issue 1:

sh.bittable_size is a size_t but i is and int, which can result in
freelist == -1 if sh.bittable_size exceeds an int.

This seems to result in an OPENSSL_assert due to invalid allocation
size, so maybe that is "ok."

Worse, if sh.bittable_size is exactly 1<<31, then this becomes an
infinite loop (because 1<<31 is a negative int, so it can be shifted
right forever and sticks at -1).

Issue 2:

CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when
sh_init() returns 0.

If sh_init() fails, we end up with secure_mem_initialized=1 but
sh.minsize=0. If you then call secure_malloc(), which then calls,
sh_malloc(), this then enters an infite loop since 0 << anything will
never be larger than size.

Issue 3:

That same sh_malloc loop will loop forever for a size greater
than size_t/2 because i will proceed (assuming sh.minsize=16):
i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, ....
This sequence will never be larger than "size".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3449)
2017-05-11 22:35:21 +02:00
Richard Levitte
b57f0c598b Clean away needless VMS check
BIO_socket_ioctl is only implemented on VMS for VMS version 7.0 and
up, but since we only support version 7.1 and up, there's no need to
check the VMS version.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3448)
2017-05-11 22:30:29 +02:00
Richard Levitte
74a011ebb5 Cleanup - use e_os2.h rather than stdint.h
Not exactly everywhere, but in those source files where stdint.h is
included conditionally, or where it will be eventually

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3447)
2017-05-11 21:52:37 +02:00
Bernd Edlinger
018fcbec38 Fix gcc-7 warnings.
- Mostly missing fall thru comments
- And uninitialized value used in sslapitest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3440)
2017-05-11 19:39:38 +02:00
Pauli
3f97052392 Remove dead code.
The second BN_is_zero test can never be true.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3434)
2017-05-11 11:03:40 -04:00
Dr. Stephen Henson
7539418981 Add EVP_DigestSign and EVP_DigesVerify
Add "single part" digest sign and verify functions. These sign and verify
a message in one function. This simplifies some operations and it will later
be used as the API for algorithms which do not support the update/final
mechanism (e.g. PureEdDSA).

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3409)
2017-05-11 12:59:25 +01:00
Benjamin Kaduk
44612e0a81 Make PEM_read_{,bio_}PrivateKey use secmem
We now have a version of PEM_read_bytes that can use temporary
buffers allocated from the secure heap; use them to handle this
sensitive information.

Note that for PEM_read_PrivateKey, the i/o still goes through
stdio since the input is a FILE pointer.  Standard I/O performs
additional buffering, which cannot be changed to use the OpenSSL
secure heap for temporary storage.  As such, it is recommended
to use BIO_new_file() and PEM_read_bio_PrivateKey() instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
2017-05-08 21:20:31 +02:00
Benjamin Kaduk
7671342e55 Add PEM_bytes_read_bio_secmem()
Split the PEM_bytes_read_bio() implementation out into a
pem_bytes_read_bio_flags() helper, to allow it to pass PEM_FLAG_SECURE
as needed.  Adjust the cleanup to properly use OPENSSL_secure_free()
when needed, and reimplement PEM_bytes_read() as a wrapper around
the _flags helper.

Add documentation for PEM_bytes_read_bio() and the new secmem variant.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
2017-05-08 21:20:31 +02:00
Benjamin Kaduk
204afd81b1 Add PEM_read_bio_ex
The extended function includes a 'flags' argument to allow callers
to specify different requested behaviors.  In particular, callers can
request that temporary storage buffers are allocated from the secure heap,
which could be relevant when loading private key material.

Refactor PEM_read_bio to use BIO_mems instead of BUFs directly,
use some helper routines to reduce the overall function length, and make
some of the checks more reasonable.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
2017-05-08 21:17:28 +02:00
Andy Polyakov
ce1932f25f sha/sha512.c: fix formatting.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-05-05 17:04:09 +02:00
Andy Polyakov
c47aea8af1 perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
Perl, multiple versions, for some reason occasionally takes issue with
letter b[?] in ox([0-9a-f]+) regex. As result some constants, such as
0xb1 came out wrong when generating code for MASM. Fixes GH#3241.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3385)
2017-05-05 16:53:33 +02:00
Rich Salz
1d3235f85c Fix pathname errors in errcode file
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3388)
2017-05-04 13:22:59 -04:00
Matt Caswell
689f112d98 Don't leave stale errors on queue if DSO_dsobyaddr() fails
The init code uses DSO_dsobyaddr() to leak a reference to ourselves to
ensure we remain loaded until atexit() time. In some circumstances that
can fail and leave stale errors on the error queue.

Fixes #3372

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3383)
2017-05-04 15:51:26 +01:00
Marek Klein
f0ef20bf38 Added support for ESSCertIDv2
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/771)
2017-05-03 09:04:23 +02:00
Matt Caswell
75a3e39288 Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
Fixes #1653 reported by Guido Vranken

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3362)
2017-05-02 17:12:33 +01:00
Rich Salz
dea0eb2c54 Fix URL links in comment
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3365)
2017-05-02 10:53:10 -04:00
Todd Short
20ee2bf138 Fix time offset calculation.
ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets,
even though that's not supported within certificates.

To convert the offset time back to GMT, the offsets are supposed to be
subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2654)
2017-05-02 10:38:54 +02:00
Benjamin Kaduk
f44903a428 Address some -Wold-style-declaration warnings
gcc's -Wextra pulls in -Wold-style-declaration, which triggers when a
declaration has a storage-class specifier as a non-initial qualifier.
The ISO C formal grammar requires the storage-class to be the first
component of the declaration, if present.

Seeint as the register storage-class specifier does not really have any effect
anymore with modern compilers, remove it entirely while we're here, instead of
fixing up the order.

Interestingly, the gcc devteam warnings do not pull in -Wextra, though
the clang ones do.

[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
2017-05-01 14:23:28 -04:00
Andy Polyakov
1e93d619b7 asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.
"Next" refers to negative minimum "next" to one presentable by given
number of bytes. For example, -128 is negative minimum presentable by
one byte, and -256 is "next" one.

Thanks to Kazuki Yamaguchi for report, GH#3339

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-30 15:17:03 +02:00
Rich Salz
595b2a4237 Check fflush on BIO_ctrl call
Bug found and fix suggested by Julian Rüth.
Push error if fflush fails

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3266)
2017-04-28 14:14:59 -04:00
Bernd Edlinger
237bc6c997 Remove unnecessary loop in pkey_rsa_decrypt.
It is not necessary to remove leading zeros here because
RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done
in constant time, this might have leaked timing information.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3313)
2017-04-26 20:47:37 -04:00
Dr. Stephen Henson
629e369c5b Add custom sig_info setting for RSA-PSS
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
2017-04-25 22:12:34 +01:00
Dr. Stephen Henson
c3c8823c87 Use X509_get_signature_info() when checking security levels.
Make signature security level checking more flexible by using
X509_get_signaure_info(): some signature methods (e.g. PSS, ED25519)
do not indicate the signing digest (if any) in the signature OID.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
2017-04-25 22:12:34 +01:00
Dr. Stephen Henson
786dd2c22c Add support for custom signature parameters
Many signature types define the digest and public key type by a single OID
such as ecdsa_with_sha256.

Some types (RSA-PSS for example) use a single OID to indicate the signature
scheme and additional parameters are encoded in the AlgorithmIdentifier.

Add an X509_SIG_INFO structure to contain details about the signature type:
specifically the digest algorithm, public key algorithm, security bits and
various flags. This supports both existing algorithms and more complex
types.

Add accessors for the structure and a special case that retrieves signature
information from a certificate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
2017-04-25 22:12:34 +01:00
Dmitry Belyavskiy
b5c4209be9 Switch command-line utils to new nameopt API.
The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO_printf
Testing cyrillic output of X509_CRL_print_ex
Write and use X509_CRL_print_ex
Reduce usage of X509_NAME_online
Using X509_REQ_print_ex instead of X509_REQ_print
Fix nameopt processing.
Make dump_cert_text nameopt-friendly
Move nameopt getter/setter to apps/apps.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3262)
2017-04-25 12:37:17 -04:00
Richard Levitte
d88ab353d3 Correct some badly formated preprocessor lines
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3304)
2017-04-25 15:44:48 +02:00
Matt Caswell
561f6f1ed2 Address review feedback for the SCTP changes
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
e829142846 Document BIO_lookup_ex()
We also change the enum type to an int.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
41b3c9ce2a Fix problem with SCTP close_notify alerts
In SCTP the code was only allowing a send of a close_notify alert if the
socket is dry. If the socket isn't dry then it was attempting to save away
the close_notify alert to resend later when it is dry and then it returned
success. However because the application then thinks that the close_notify
alert has been successfully sent it never re-enters the DTLS code to
actually resend the alert. A much simpler solution is to just fail with a
retryable error in the event that the socket isn't dry. That way the
application knows to retry sending the close_notify alert.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
dcf88c5b79 Add better error logging if SCTP AUTH chunks are not enabled
In order to use SCTP over DTLS we need ACTP AUTH chunks to be enabled in
the kernel.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
5114d8227e Add a BIO_lookup_ex() function
The existing BIO_lookup() wraps a call to getaddrinfo and provides an
abstracted capability to lookup addresses based on socket type and family.
However it provides no ability to lookup based on protocol. Normally,
when dealing with TCP/UDP this is not required. However getaddrinfo (at
least on linux) never returns SCTP addresses unless you specifically ask
for them in the protocol field. Therefore BIO_lookup_ex() is added which
provides the protocol field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Richard Levitte
20626cfd58 Add CRYPTO_mem_leaks_cb
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Rich Salz
a68d35057b check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3289)
2017-04-24 11:19:56 -04:00
Alex Gaynor
e8d542121b Annotate ASN.1 attributes of the jurisdictionCountryName NID
EV Guidelines section 9.2.5 says jurisdictionCountryName follows the
same ASN.1 encoding rules as countryName.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3284)
2017-04-24 03:29:45 +02:00
David Benjamin
8b24f94209 Numbers greater than 1 are usually non-negative.
BN_is_prime_fasttest_ex begins by rejecting if a <= 1. Then it goes to
set A := abs(a), but a cannot be negative at this point.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3275)
2017-04-21 12:22:37 -04:00
letrhee-nsr
dc99b885de Add ARIA 32-bit implementation
Modified code from http://seed.kisa.or.kr to human readable code.
Previous 8-bit code is available with -DOPENSSL_SMALL_FOOTPRINT.
New code is >2x faster.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3242)
2017-04-20 22:55:40 +02:00
Adam Langley
6e64c56066 Small primes are primes too.
Previously, BN_is_prime_fasttest_ex, when doing trial-division, would
check whether the candidate is a multiple of a number of small primes
and, if so, reject it. However, three is a multiple of three yet is
still a prime number.

This change accepts small primes as prime when doing trial-division.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3264)
2017-04-20 16:10:10 -04:00
Rich Salz
c0452248ea Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.

Raise errors if empty or malformed files are read when loading certificates
and CRLs.

Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}

Refactor these two routines into one.

Bring the unit test for duplicate certificates up to date using the test
framework.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
2017-04-20 15:33:42 -04:00
Marek Klein
0444c52a5f explicitText encoding
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/576)
2017-04-20 14:52:02 -04:00
Richard Levitte
f46f69f409 VMS: Copy DECC inclusion epi- and prologues to internals
Because many of our test programs use internal headers, we need to make
sure they know how, exactly, to mangle the symbols.  So far, we've done
so by specifying it in the affected test programs, but as things change,
that will develop into a goose chase.  Better then to declare once and
for all how symbols belonging in our libraries are meant to be treated,
internally as well as publically.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3259)
2017-04-20 13:10:06 +02:00
Andy Polyakov
786b6a45fb asn1/a_int.c: clean up asn1_get_int64.
Trouble was that integer negation wasn't producing *formally* correct
result in platform-neutral sense. Formally correct thing to do is
-(int64_t)u, but this triggers undefined behaviour for one value that
would still be representable in ASN.1. The trigger was masked with
(int64_t)(0-u), but this is formally inappropriate for values other
than the problematic one. [Also reorder branches to favour most-likely
paths and harmonize asn1_string_set_int64 with asn1_get_int64].]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3231)
2017-04-17 21:10:27 +02:00
Andy Polyakov
b997adb3a5 asn1/a_int.c: don't write result if returning error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
2017-04-14 11:56:39 +02:00
Andy Polyakov
6d4321fc24 asn1/a_int.c: simplify asn1_put_uint64.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
2017-04-14 11:56:32 +02:00
Andy Polyakov
a3ea6bf0ef asn1/a_int.c: remove code duplicate and optimize branches,
i.e. reduce amount of branches and favour likely ones.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
2017-04-14 11:55:06 +02:00
Richard Levitte
9612e15760 ASN.1: adapt our use of INTxx et al by making them explicitely embedded
Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
2017-04-13 10:23:31 +02:00
Richard Levitte
da26ff3085 ASN.1: change INTxx, UINTxx and Z variants to be embedable
Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
2017-04-13 10:23:31 +02:00
Richard Levitte
49005bb8b3 ASN.1: extend the possibilities to embed data instead of pointers
Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free().  Call prim_clear() instead.

Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
2017-04-13 10:23:31 +02:00
Todd Short
3bb0f989b5 OCSP Updates: error codes and multiple certificates
RT3877: Add X509 OCSP error codes and messages
Add additional OCSP error codes for X509 verify usage

RT3867: Support Multiple CA certs in ocsp app
Add the ability to read multiple CA certs from a single file in the
ocsp app.

Update some missing X509 errors in documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/941)
2017-04-12 14:41:10 -04:00
Frank Morgner
487a73def6 Added error checking for OBJ_create
fixes segmentation fault in case of not enough memory for object creation

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3157)
2017-04-11 19:16:01 -04:00
Richard Levitte
429223d198 Fix x_int64.c
Clearing a misunderstanding.  The routines c2i_uint64_int() and
i2c_uint64_int() expect to receive that internal values are absolute
and with a separate sign flag, and the x_int64.c code handles values
that aren't absolute and have the sign bit embedded.  We therefore
need to convert between absolute and non-absolute values for the
encoding of negative values to be correct.

[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3160)
2017-04-11 22:08:41 +02:00
Matt Caswell
0856e3f167 Reject decoding of an INT64 with a value >INT64_MAX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3159)
2017-04-11 15:29:42 +01:00
Richard Levitte
6a32a3c058 Act on deprecation of LONG and ZLONG, step 2
Replace all remaining uses of LONG and ZLONG with INT32 / ZINT32.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Richard Levitte
31ae516116 Act on deprecation of LONG and ZLONG, step 1
Don't compile code that still uses LONG when it's deprecated

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Richard Levitte
7eb4c1eb50 Discourage the use of LONG and ZLONG, and deprecate it in the future
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Richard Levitte
64f11ee888 Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:10:59 +02:00
Andy Polyakov
ce57ac4319 rand/rand_lib.c: keep fixing no-engine configuration.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-10 12:09:23 +02:00
Andy Polyakov
e128f891de asn1/x_long.c: remove conditions in inner loops and dependency on BN.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3152)
2017-04-10 12:05:32 +02:00
Rich Salz
076fc55527 Make default_method mostly compile-time
Document thread-safety issues
Have RSA_null return NULL (always fails)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)
2017-04-07 12:19:46 -04:00
Richard Levitte
2f881d2d90 Fix rand_lib.c for no-engine configuration
When configured no-engine, we still refered to rand_engine_lock.
Rework the lock init code to avoid that.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3145)
2017-04-07 16:33:39 +02:00
Richard Levitte
789a2b6250 Don't try to clean up RAND from ENGINE
This is especially harmful since OPENSSL_cleanup() has already called
the RAND cleanup function

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3137)
2017-04-07 04:55:16 +02:00
Richard Levitte
87975cfa91 Make getting and setting the RAND default method thread safe
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3137)
2017-04-07 04:55:16 +02:00
Todd Short
9dfc5b9687 Add support for MLOCK_ONFAULT to secure arena
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3115)
2017-04-06 12:53:23 +02:00
Richard Levitte
5006b37b31 In rand_cleanup_int(), don't go creating a default method
If no default method was yet given, RAND_get_rand_method() will set it
up.  Doing so just to clean it away seems pretty silly, so instead,
use the default_RAND_meth variable directly.

This also clears a possible race condition where this will try to init
things, such as ERR or ENGINE when in the middle of a OPENSSL_cleanup.

Fixes #3128

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3136)
2017-04-06 10:28:43 +02:00
Gergely Nagy
b98530d6e0 PBKDF2 computation speedup (15-40%)
This commit contains some optimizations in PKCS5_PBKDF2_HMAC() and
HMAC_CTX_copy() functions which together makes PBKDF2 computations
faster by 15-40% according to my measurements made on x64 Linux with
both asm optimized and no-asm versions of SHA1, SHA256 and SHA512.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1708)
2017-04-04 10:44:17 -04:00
Richard Levitte
79b3452faf Fix faulty check of padding in x_long.c
Bug uncovered by test

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Matt Caswell
8ac6a53100 Fix a possible integer overflow in long_c2i
Credit to OSS-Fuzz for finding this.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Richard Levitte
5c7e65486c make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Richard Levitte
93f7d6fc10 Implement internal ASN.1 types INT32, UINT32, INT64, UINT64
Also Z varieties.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Andy Polyakov
0bd93bbe4a crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.
It seems to be problematic to probe processor capabilities with SIGILL
on MacOS X. The problem should be limited to cases when application code
is debugged, but crashes were reported even during normal execution...

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-04-02 20:45:59 +02:00
Andy Polyakov
15b337fa58 bio/b_print.c: switch to int64_t as "greatest-width integer type".
Originally there was dependency on BN configuration parameters, but
it stemmed from times when "long long" support was optional. Today
we require 64-bit support from compiler, and there is no reason to
have "greatest-width integer" depend on BN configuration.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-01 15:40:43 +02:00
Jon Spillett
e6f648fd88 Fix for #2730. Add CRLDP extension to list of supported extensions
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3087)
2017-03-31 11:43:42 -04:00
Andy Polyakov
74d9519a68 bio/b_print.c: recognize even 'j' format modifier.
'j' is specified as modifier for "greatest-width integer type", which in
practice means 64 bits on both 32- and 64-bit platforms. Since we rely
on __attribute__((__format__(__printf__,...))) to sanitize BIO_print
format, we can use it to denote [u]int64_t-s in platform-neutral manner.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3083)
2017-03-30 19:33:32 +02:00
Andy Polyakov
c141782130 bio/b_print.c: fix %z failure in 32-bit build.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-29 23:51:57 +02:00
Richard Levitte
1e53a9fd1a Add z modifier parsing to the BIO_printf et all format string
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-29 16:16:25 +02:00
Qin Long
cff55b90e9 Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags
Add OPENSSL_SYS_UEFI to remove unused syslog and uid stuffs for
more clean UEFI build.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2961)
2017-03-29 07:35:59 +02:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
FdaSilvaYY
a6ac1ed686 Fix 0 -> NULL, indentation
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066)
2017-03-28 16:16:49 -04:00
FdaSilvaYY
cbe9524183 Refomat a few comments on 80 cols
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066)
2017-03-28 16:16:49 -04:00
Richard Levitte
165f1c3ef3 In err_cleanup(), cleanup the thread local storage too
Fixes #3033

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3035)
2017-03-27 12:54:40 +02:00
Andy Polyakov
0822d41b6d aes/asm/bsaes-armv7.pl: relax stack alignment requirement.
Even though Apple refers to Procedure Call Standard for ARM Architecture
(AAPCS), they apparently adhere to custom version that doesn't follow
stack alignment constraints in the said standard. [Why or why? If it's
vendor lock-in thing, then it would be like worst spot ever.] And since
bsaes-armv7 relied on standard alignment, it became problematic to
execute the code on iOS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-26 18:29:03 +02:00
Bernd Edlinger
1b6f5a4d3b Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3023)
2017-03-25 11:12:18 +01:00
Andy Polyakov
120a9e1a82 bn/asm/sparcv9-mont.pl: fix squaring code path.
This module is used only with odd input lengths, i.e. not used in normal
PKI cases, on contemporary processors. The problem was "illuminated" by
fuzzing tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-24 12:18:35 +01:00
Andy Polyakov
a2bb183623 modes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors.
One could have fixed the problem by arranging 64-bit alignment of
EVP_AES_OCB_CTX.aad_buf in evp/e_aes.c, but CRYPTO_ocb128_aad
prototype doesn't imply alignment and we have to honour it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2994)
2017-03-22 11:09:12 +01:00
Andy Polyakov
08d09628d2 aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
Initial IV was disregarded on SHAEXT-capable processors. Amazingly
enough bulk AES128-SHA* talk-to-yourself tests were passing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2992)
2017-03-22 11:02:56 +01:00
Andy Polyakov
0a5d1a38f2 poly1305/asm/poly1305-x86_64.pl: add poly1305_blocks_vpmadd52_8x.
As hinted by its name new subroutine processes 8 input blocks in
parallel by loading data to 512-bit registers. It still needs more
work, as it needs to handle some specific input lengths better.
In this sense it's yet another intermediate step...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-22 10:59:59 +01:00
Andy Polyakov
6cbfd94d08 x86_64 assembly pack: add some Ryzen performance results.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2017-03-22 10:58:01 +01:00
David Benjamin
b6ef12c4ba Remove duplicate X509_OBJECT free function.
These two functions do the same thing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3001)
2017-03-21 10:17:19 +00:00
Richard Levitte
ca2045dc54 Fix decoding of ASN.1 LONG and ZLONG items
LONG and ZLONG items (which are OpenSSL private special cases of
ASN1_INTEGER) are encoded into DER with padding if the leading octet
has the high bit set, where the padding can be 0x00 (for positive
numbers) or 0xff (for negative ones).

When decoding DER to LONG or ZLONG, the padding wasn't taken in
account at all, which means that if the encoded size with padding
is one byte more than the size of long, decoding fails.  This change
fixes that issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3000)
2017-03-20 22:09:57 +01:00
Bernd Edlinger
b3c31a6572 Fix the error handling in CRYPTO_dup_ex_data.
Fix a strict aliasing issue in ui_dup_method_data.
Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2988)
2017-03-20 13:11:31 +01:00
Kurt Roeckx
43c564170c Use memcmp() instead of CRYPTO_memcmp() when fuzzing
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2633
2017-03-19 14:34:07 +01:00
Kurt Roeckx
497910833e Make the CRYPTO_memcmp() prototype match memcmp()
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2633
2017-03-19 14:33:54 +01:00
Péter Budai
fa013b6524 Fixed PKCS5_PBKDF2_HMAC() to adhere to the documentation.
The documentation of this function states that the password parameter
can be NULL. However, the implementation returns an error in this case
due to the inner workings of the HMAC_Init_ex() function.
With this change, NULL password will be treated as an empty string and
PKCS5_PBKDF2_HMAC() no longer fails on this input.

I have also added two new test cases that tests the handling of the
special values NULL and -1 of the password and passlen parameters,
respectively.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1692)
2017-03-17 08:47:11 -04:00
Bernd Edlinger
29d1fad788 Fixed a crash in print_notice.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2935)
2017-03-15 17:32:28 -04:00
Richard Levitte
d1da335c55 Add EC_KEY_get0_engine()
Just as for DH, DSA and RSA, this gives the engine associated with the
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2960)
2017-03-15 15:03:11 +01:00
Bernd Edlinger
108909d30e Fix a crash or unbounded allocation in RSA_padding_add_PKCS1_PSS_mgf1
and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2801)
2017-03-13 21:59:53 +01:00
Andy Polyakov
c2b935904a poly1305/asm/poly1305-x86_64.pl: add poly1305_blocks_vpmadd52_4x.
As hinted by its name new subroutine processes 4 input blocks in
parallel. It still operates on 256-bit registers and is just
another step toward full-blown AVX512IFMA procedure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-13 18:48:34 +01:00
Andy Polyakov
a25cef89fd poly1305/asm/poly1305-armv8.pl: ilp32-specific poly1305_init fix.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-13 18:46:11 +01:00
Andy Polyakov
1aed5e1ac2 crypto/x86*cpuid.pl: move extended feature detection.
Exteneded feature flags were not pulled on AMD processors, as result
a number of extensions were effectively masked on Ryzen. Original fix
for x86_64cpuid.pl addressed this problem, but messed up processor
vendor detection. This fix moves extended feature detection past
basic feature detection where it belongs. 32-bit counterpart is
harmonized too.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-13 18:42:10 +01:00
Matt Caswell
8a585601fe Fix out-of-memory condition in conf
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.

Credit to OSS-Fuzz for finding this problem.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
2017-03-12 00:19:14 +00:00
Richard Levitte
6e470e1908 Fix UI_get0_action_string()
It shouldn't try to return an action description for UIT_PROMPT type
UI strings.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2904)
2017-03-11 01:25:06 +01:00
Jon Spillett
f125430063 Exit the loop on failure
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2805)
2017-03-09 09:26:13 -05:00
Andy Polyakov
f8418d87e1 crypto/x86_64cpuid.pl: move extended feature detection upwards.
Exteneded feature flags were not pulled on AMD processors, as result a
number of extensions were effectively masked on Ryzen. It should have
been reported for Excavator since it implements AVX2 extension, but
apparently nobody noticed or cared...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-07 11:17:32 +01:00
Rich Salz
697958313b Fix an endless loop in rsa_builtin_keygen.
And add a test case.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2757)
2017-03-06 09:54:17 -05:00
Matt Caswell
d08086645f Ensure we don't call memcpy with a NULL pointer
Commit d5aa14dd simplified the bn_expand_internal() and BN_copy() functions.
Unfortunately it also removed some checks which are still required,
otherwise we call memcpy passing in NULL which is not allowed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2836)
2017-03-03 23:49:24 +00:00
Bernd Edlinger
d734582275 Reset executable bits on files where not needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2835)
2017-03-03 09:13:40 +01:00
Rich Salz
332dc4fa5e sh_malloc & sh_free prototype change to match POSIX
CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2823)
2017-03-02 19:16:57 -05:00
Andy Polyakov
3e49ee23ea bio/b_addr.c: omit private hstrerror.
Private hstrerror was introduced to address linking problem on HP-UX,
but truth be told conemporary systems, HP-UX included, wouldn't come
to that call, they would use getaddrinfo and gai_strerror, while
gethostbyname and h_errno are there to serve legacy systems. Since
legacy systems are naturally disappearing breed, we can as well just
let user interpret number.

GH#2816

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-02 16:28:54 +01:00
Andy Polyakov
ea750b5929 aes/aes_x86core.c: clarify reference implementation status.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-02 16:26:01 +01:00
Andy Polyakov
5908555c96 evp/e_aes_cbc_hmac_{sha1|sha256}.c: tag reference code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-02 16:25:36 +01:00
Andy Polyakov
eac54143fd bn/asm: clean up unused PA-RISC modules.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-02 16:19:54 +01:00
Andy Polyakov
604c853d45 des/des_locl.h: clean up unused/irrelevant macros.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-02 16:16:52 +01:00
Richard Levitte
48ce800aa5 VMS: compensate for gmtime_r() parameter pointer size
With VMS C, the second parameter takes a 32-bit pointer.  When
building with 64-bit pointer size default, we must compensate.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2811)
2017-03-01 11:46:23 +01:00
Richard Levitte
15d95dd7ea Don't use deprecated EVP_CIPHER_CTX_cleanup() internally
Use EVP_CIPHER_CTX_reset() instead

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2812)
2017-03-01 11:42:50 +01:00
Emilia Kasper
2f0ca54c32 Remove some obsolete/obscure internal define switches:
- FLAT_INC
- PKCS1_CHECK (the SSL_OP_PKCS1_CHECK options have been
  no-oped)
- PKCS_TESTVECT (debugging leftovers)
- SSL_AD_MISSING_SRP_USERNAME (unfinished feature)
- DTLS_AD_MISSING_HANDSHAKE_MESSAGE (unfinished feature)
- USE_OBJ_MAC (note this removes a define from the public header but
   very unlikely someone would be depending on it)
- SSL_FORBID_ENULL

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2017-03-01 10:44:49 +01:00
Benjamin Kaduk
06611d0a16 Remove OPENSSL_indirect_call()
It's undocumented and unused in the tree.  The idea seems to have
never gained much traction, and can be removed without breaking
ABI compatibility.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2800)
2017-02-28 20:14:31 -05:00
Benjamin Kaduk
5c6c4c5c33 Don't free in cleanup routine
Cleanse instead, and free in the free routine.

Seems to have been introduced in commit
846ec07d90 when EVP_CIPHER_CTX was made
opaque.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2798)
2017-02-28 19:45:19 -05:00
Andy Polyakov
695ecf8b44 crypto/des: remove unreferenced rcp_enc.c module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 23:40:23 +01:00
Bernd Edlinger
1bcbf658a6 Fix handling of EVP_PKEY_CTRL_PKCS7_ENCRYPT/DECRYPT with OPENSSL_NO_CMS.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2764)
2017-02-28 15:28:18 -05:00
Richard Levitte
9c5e87bf34 Code health: With the VAX C-ism gone, OPENSSL_GLOBAL can be removed too
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2785)
2017-02-28 20:23:07 +01:00
Emilia Kasper
d5aa14dde5 Remove memcpy unrolling in bn_lib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2017-02-28 19:47:36 +01:00
Emilia Kasper
c26f655fdd Remove support for HMAC_TEST_PRIVATE_KEY_FORMAT
This is a bogus, undocumented format that was intended for testing; I
don't think anyone is using it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-28 19:46:01 +01:00
Matt Caswell
7f517c2676 Remove some commented out code in libcrypto
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2774)
2017-02-28 16:02:11 +00:00
Matt Caswell
a7ab9755da Remove a pointless "#ifndef" from bf_enc.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2778)
2017-02-28 15:17:46 +00:00
Matt Caswell
6bb900698d Remove bf_cbc.c
It is never built and the code is duplicated in bf_enc.c.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2778)
2017-02-28 15:17:46 +00:00
Matt Caswell
1fef2f8050 Remove dead code in bn
There are a number of symbols in bn which are internal only and never used
by anything. They should be removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2766)
2017-02-28 14:46:24 +00:00
Todd Short
2722ff506d Remove some #if 0 code in ssl, crypto/bio
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2781)
2017-02-28 09:32:41 -05:00