Commit graph

21440 commits

Author SHA1 Message Date
Dr. Matthias St. Pierre
d7c402c4f2 OPENSSL_cleanup: cleanup secure memory
If the global DRBGs are allocated on the secure heap, then calling
CRYPTO_secure_malloc_done() inside main() will have no effect, unless
OPENSSL_cleanup() has been called explicitely before that, because
otherwise the DRBGs will still be allocated. So it is better to cleanup
the secure heap automatically at the end of OPENSSL_cleanup().

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5294)
2018-02-13 17:32:54 +01:00
Dr. Matthias St. Pierre
8164d91d18 DRBG: make the derivation function the default for ctr_drbg
The NIST standard presents two alternative ways for seeding the
CTR DRBG, depending on whether a derivation function is used or not.
In Section 10.2.1 of NIST SP800-90Ar1 the following is assessed:

  The use of the derivation function is optional if either an
  approved RBG or an entropy source provides full entropy output
  when entropy input is requested by the DRBG mechanism.
  Otherwise, the derivation function shall be used.

Since the OpenSSL DRBG supports being reseeded from low entropy random
sources (using RAND_POOL), the use of a derivation function is mandatory.
For that reason we change the default and replace the opt-in flag
RAND_DRBG_FLAG_CTR_USE_DF with an opt-out flag RAND_DRBG_FLAG_CTR_NO_DF.
This change simplifies the RAND_DRBG_new() calls.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5294)
2018-02-13 17:32:54 +01:00
Dr. Matthias St. Pierre
4f9dabbfe3 DRBG: unify initialization and cleanup code
The functions drbg_setup() and drbg_cleanup() used to duplicate a lot of
code from RAND_DRBG_new() and RAND_DRBG_free(). This duplication has been
removed, which simplifies drbg_setup() and makes drbg_cleanup() obsolete.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5294)
2018-02-13 17:32:54 +01:00
Dr. Matthias St. Pierre
3ce1c27b56 DRBG: add locking api
This commit adds three new accessors to the internal DRBG lock

   int RAND_DRBG_lock(RAND_DRBG *drbg)
   int RAND_DRBG_unlock(RAND_DRBG *drbg)
   int RAND_DRBG_enable_locking(RAND_DRBG *drbg)

The three shared DRBGs are intended to be used concurrently, so they
have locking enabled by default. It is the callers responsibility to
guard access to the shared DRBGs by calls to RAND_DRBG_lock() and
RAND_DRBG_unlock().

All other DRBG instances don't have locking enabled by default, because
they are intendended to be used by a single thread. If it is desired,
locking can be enabled by using RAND_DRBG_enable_locking().

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5294)
2018-02-13 17:32:54 +01:00
Matt Caswell
fcd2150273 Prepare for 1.1.1-pre2-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-13 13:59:25 +00:00
Matt Caswell
dcfa88bb29 Prepare for 1.1.1-pre1 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-13 13:59:25 +00:00
Matt Caswell
6738bf1417 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-13 13:59:25 +00:00
Matt Caswell
abfee348c6 OpenSSL 1.1.1 is now in pre release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-13 13:59:25 +00:00
Matt Caswell
d6d605e32a Update last release letter for CHANGES and NEWS
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-13 13:59:25 +00:00
Dr. Matthias St. Pierre
87411f0595 Fix whitespace issues in CHANGES and NEWS
Removed mixed tabs (converted tabs to eight spaces)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5344)
2018-02-13 09:14:00 +00:00
Dr. Matthias St. Pierre
53010ea150 Document new random generator in NEWS and CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5344)
2018-02-13 09:14:00 +00:00
Matt Caswell
1c5b57bc0a Update NEWS file for new release
Updated the NEWS file with the most significant items from CHANGES

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5333)
2018-02-12 22:38:13 +00:00
Matt Caswell
034d55cd5c Some minor tweaks following TLSv1.3 becoming default
Fix a typo in INSTALL and update the link in CHANGES

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5329)
2018-02-12 14:56:45 +00:00
Bernd Edlinger
ada22597ce Remove code that prints "<SPACES/NULS>" in hexdumps
when the data block ends with SPACEs or NULs.

The problem is, you can't see if the data ends
with SPACE or NUL or a combination of both.

This can happen for instance with
openssl rsautl -decrypt -hexdump

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5328)
2018-02-12 15:15:27 +01:00
Andy Polyakov
af0fcf7b46 sha/asm/sha512-armv8.pl: add hardware-assisted SHA512 subroutine.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-02-12 14:05:05 +01:00
Andy Polyakov
77f3612e2b crypto/armcap.c: detect hardware-assisted SHA512 support.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-02-12 14:04:53 +01:00
Matt Caswell
1d0c08b496 The function ssl_get_min_max_version() can fail
We should always check the return code.

This fixes a coverity issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5308)
2018-02-12 10:06:39 +00:00
Matt Caswell
7e70213fe3 Don't overestimate the ticket age
On the client we calculate the age of the ticket in seconds but the server
may work in ms. Due to rounding errors we could overestimate the age by up
to 1s. It is better to underestimate it. Otherwise, if the RTT is very
short, when the server calculates the age reported by the client it could
be bigger than the age calculated on the server - which should never happen.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5306)
2018-02-12 10:01:13 +00:00
Daniël van Eeden
c684a2d34d Fix include in manpage of X509_check_host
Fixes Issue #5255

CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5256)
2018-02-11 10:55:38 -05:00
Rich Salz
6dbe4dc475 Copy name string in BIO_meth_new
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5318)
2018-02-10 13:36:47 -05:00
Viktor Dukhovni
4e0752535e Avoid leaking peername data via accept BIOs
Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-02-09 21:06:18 -05:00
Bernd Edlinger
ebc20cfa74 Swap the check in ssl3_write_pending to avoid using
the possibly indeterminate pointer value in wpend_buf.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5305)
2018-02-09 19:52:31 +01:00
Matt Caswell
c423ecaa7f Fixes for no-tls1_2 and no-tls1_2-method
The no-tls1_2 option does not work properly in conjunction with TLSv1.3
being enabled (which is now the default). This commit fixes the issues.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5301)
2018-02-09 17:44:43 +00:00
Nick Mathewson
83739b39e5 Run "make update"
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5150)
2018-02-09 17:49:07 +01:00
Nick Mathewson
41e9afa945 In err_all.c, include the *err.h headers.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5150)
2018-02-09 17:49:07 +01:00
Nick Mathewson
5773f7bee4 Improve #include structure of pem{,2}.h
- pem2.h is empty, so pem.h doesn't need to include it.
  - pem2.h once declared ERR_load_PEM_strings(), so it should now
    include pemerr.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5150)
2018-02-09 17:49:07 +01:00
Nick Mathewson
a5d0d6b8fd Remove redundant declarations of ERR_load_*_strings()
In commit 52df25cf2e, the
ERR_load_FOO_strings() functions were moved from their original
location in foo.h into new headers called fooerr.h.  But they were
never removed from their original locations.  This duplication
causes redundant-declaration warnings on programs that use OpenSSL's
headers with such warnings enabled.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5150)
2018-02-09 17:49:07 +01:00
Matt Caswell
5d67110173 Don't calculate the Finished MAC twice
In <= TLSv1.2 a Finished message always comes immediately after a CCS
except in the case of NPN where there is an additional message between
the CCS and Finished. Historically we always calculated the Finished MAC
when we processed the CCS. However to deal with NPN we also calculated it
when we receive the Finished message. Really this should only have been
done if we hand negotiated NPN.

This simplifies the code to only calculate the MAC when we receive the
Finished. In 1.1.1 we need to do it this way anyway because there is no
CCS (except in middlebox compat mode) in TLSv1.3.

Coincidentally, this commit also fixes the fact that no-nextprotoneg does
not currently work in master.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5285)
2018-02-09 15:27:32 +00:00
Richard Levitte
368297d173 Configuration: move the handling of zlib_include to config files
It was a bit absurd to have this being specially handled in the build
file templates, especially that we have the 'includes' attribute.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5296)
2018-02-09 14:27:31 +01:00
Richard Levitte
f3ac964ba4 Turn off printf format checking for BIO_printf et al on Mac OS/X
Mac OS/X has a type for %j that doesn't agree with how we define it,
which gives incorrect warnings.  The easiest way out of that situation
is simply to turn off that check on Mac OS/X.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5302)
2018-02-09 14:06:41 +01:00
FdaSilvaYY
a699b8e4ca Small simplification in mkerr.pl
As suggested in https://github.com/openssl/openssl/pull/5275

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5288)
2018-02-09 07:04:32 -05:00
Richard Levitte
2e8b0ef8f4 VMS: take care of includes
Configurations/descrip.mms.tmpl didn't treat the includes config
attribute very well.  In fact, it didn't treat it at all!

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5295)
2018-02-09 10:31:32 +01:00
Pauli
4cd58771d8 Fix glibc version detection.
Simplify Posix timer detection.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5279)
2018-02-09 10:10:45 +01:00
Richard Levitte
fd87700995 Fix check of cpuid_asm_src config attribute
The contents of that attribute is C file names, not object file names.
This went undetected because quite a lot of systems have assembler
implementations anyway, so setting OPENSSL_CPUID_OBJ was correct for
them.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5291)
2018-02-09 10:06:29 +01:00
Richard Levitte
a6da6b73ca Revert ".travis.yml: remove osx from build matrix."
Recent changes seem to have gotten OS X back on track, so we should be
able to run our tests there again.

This reverts commit e12e903e9a.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5292)
2018-02-09 10:03:40 +01:00
Dr. Matthias St. Pierre
b9ed9ab38e CRYPTO_THREAD_run_once.pod: fix typo and punktuation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5293)
2018-02-09 09:48:40 +01:00
Matt Caswell
71cff963b4 Fix no-chacha and no-poly1305
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5287)
2018-02-08 17:20:55 +00:00
Richard Levitte
b53fdad0e4 util/mkdef.pl: use better array in search of 'DEPRECATEDIN_'
%disabled_algorithms isn't necessarily initialised with the "algos"
'DEPRECATEDIN_1_1_0' etc.  However, we know that @known_algorithms has
them all, so use that to find them instead.

Fixes #5157
(where this was reported)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5282)
2018-02-08 12:33:08 +01:00
Richard Levitte
22626b972c With nmake, invoking $(MAKE) needs /$(MAKEFLAGS)
The slash should be there according to Microsoft documentation,
see https://msdn.microsoft.com/en-us/library/7cafx990.aspx

Fixes #5277

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5278)
2018-02-08 05:10:46 +01:00
Matt Caswell
4af2697948 Don't run tls13encryptiontest on a shared Windows build
tls13encryptiontest is an "internal" test. As with all the other internal
tests it should not be run on a shared native Windows build.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
2018-02-07 21:34:18 +00:00
Matt Caswell
04e3bb045f Fix some undefined behaviour in ossltest engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
2018-02-07 21:34:18 +00:00
Matt Caswell
0f41dc0e9e Fix clienthellotest with TLSv1.3
If TLSv1.3 is enabled and combined with other options that extend the
size of the ClientHello, then the clienthello test can sometimes fail
because the ClientHello has grown too large. Part of the purpose of the
test is to check that the padding extension works properly. This requires
the ClientHello size to be kept within certain bounds.

By restricting the number of ciphersuites sent we can reduce the size of
the ClientHello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
2018-02-07 21:34:18 +00:00
Matt Caswell
f518cef40c Enable TLSv1.3 by default
[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
2018-02-07 21:34:18 +00:00
Richard Levitte
c517ac4c3f Revert "Modify test/afalgtest to fail if the afalg engine couldn't be loaded"
It turns out that even if you successfully build the engine, it might
not load properly, so we cannot make the test program fail for it.

See the message in commit 25b9d11c00

This reverts commit 227a1e3f45.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5276)
2018-02-07 22:18:44 +01:00
Richard Levitte
048ebccb88 make update ERROR_REBUILD=-rebuild
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5275)
2018-02-07 22:16:45 +01:00
Richard Levitte
cb7b727568 mkerr.pl: When writing internal FOOerr.h, pay attention to disablable modules
If a module is disablable (i.e. can be configured with 'no-FOO'), the
resulting header file needs to be guarded with a check of the
corresponding OPENSSL_NO_FOO.  While this seem fairly innocuous, it
has an impact on the information in util/*.num, generated by mkdef.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5275)
2018-02-07 22:16:44 +01:00
Richard Levitte
3a7141df87 Make all private functions in e_afalg.c static
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5270)
2018-02-07 16:15:47 +01:00
Richard Levitte
7d3901f6db test/recipes/30-test_afalg.t: set OPENSSL_ENGINES correctly
The afalg engine was moved down from engines/afalg/ to engines/, but
the test wasn't changed accordingly.  This was undetected because the
test program didn't fail when it couldn't load the engine.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5270)
2018-02-07 16:15:47 +01:00
Richard Levitte
227a1e3f45 Modify test/afalgtest to fail if the afalg engine couldn't be loaded
If you know that there's no afalg engine, don't run this test.
test/recipes/30-test_afalg.t checks this correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5270)
2018-02-07 16:15:47 +01:00
Pauli
bed4afa81b Fix glibc specific conditional for Mac OS/X
MacOS seems to define __GLIBC__ but not __GLIBC_PREREQ.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5269)
2018-02-07 11:46:15 +10:00