Commit graph

22985 commits

Author SHA1 Message Date
Richard Levitte
97624638b0 util/mkdef.pl: Produce version scripts from unversioned symbols
This allows setting up export maps for DSOs as well in a uniform way.
This also means that util/mkdef.pl no longer picks up the target
version from configdata.pm, and it has to be given on the command line
instead.  This may be used to give modules separate versions as well,
if desirable.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)
2018-10-05 08:22:42 +02:00
Matt Caswell
52d78cc5eb Extend the BIO callback tests to check the return value semantics
Check that different return values passed to the BIO callback are
correctly handled.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7344)
2018-10-04 14:16:16 +01:00
Matt Caswell
d97ce8d9a0 Fix the BIO callback return code handling
The BIO callback handling incorrectly wrote over the return code passed
to the callback, meaning that an incorrect result was (eventually) returned
to the caller.

Fixes #7343

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7344)
2018-10-04 14:16:16 +01:00
Richard Levitte
30699aa194 Refactor util/mknum.pl for clearer separation of functionality
Rewrite util/mknum.pl to become cleaner, and to use the separate
generic C header parsing module, as well as the separate ordinals
manipulation module.
Adapt the build files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-04 12:45:40 +02:00
Richard Levitte
15ba109631 Add code to manipulate the items in OpenSSL::Ordinals
This means adding the capability to add new items, to invalidate and
revalidate all the items, and to update the file it came from, as well
as the possibility to create new items from other data than a line
from said file.

While we're at it, we throw in a couple of useful filters.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-04 12:45:40 +02:00
Richard Levitte
d73c44404d A perl module to parse through C headers
OpenSSL::ParseC is a module that parses through a C header file and
returns a list with information on what it found.  Currently, the
information it returns covers function and variable declarations,
macro definitions, struct declarations/definitions and typedef
definitions.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-04 12:45:40 +02:00
Richard Levitte
ab1e5495e4 Move ZLIB from 'platforms' to 'features'
Having it as a 'platform' was conceptually wrong from from the
beginning, and makes decoding more complicated than necessary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Richard Levitte
8effd8fa67 Refactor util/mkdef.pl for clearer separation of functionality
Move the .num updating functionality to util/mknum.pl.
Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively,
using the separate ordinals reading module.
Adapt the build files.
Adapt the symbol presence test.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Richard Levitte
91a99748d3 Add a perl module that deals with ordinals files
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Richard Levitte
18958cefd8 Remove SSL_version_str
I was never exported in our shared libraries and no one noticed, and
we don't seem to use it ourselves, so clean it away.

In all likelyhood, this is a remain from the 90's, when it was in
fashion to litter library modules with these kinds of strings.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7340)
2018-10-03 22:15:15 +02:00
Matt Caswell
1b39bc9bcf Fix the drbgtest with randomized ordering
In drbgtest, test_set_defaults changes the default DRBGs. This works fine
when tests are run in the normal order. However if
OPENSSL_TEST_RAND_ORDER is defined then it may fail (dependent on the
ordering). This environment variable is defined for one of the Travis
tests, so this issue was causing intermittent travis test failures.

[extended tests]

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7338)
2018-10-03 16:41:33 +01:00
Matt Caswell
a21f4cec14 Ignore libcrypto.ld and libssl.ld
These are auto generated files that should not be checked into git

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7339)
2018-10-03 16:40:18 +01:00
Matt Caswell
434893af2b Fix some Coverity warnings
Check some return values on some functions.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7335)
2018-10-02 10:52:57 +01:00
Matt Caswell
c20a76f695 Fix a mem leak in the ocsp app
Free memory allocated in the parent process that is not needed in the
child. We also free it in the parent. Technically this isn't really
required since we end up calling exit() soon afterwards - but to
prevent false positives we free it anyway.

Fixes a Coverity issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7335)
2018-10-02 10:52:57 +01:00
Shane Lontis
f3002a2ed3 Change DRBG's to DRBGs
Minor change to documentation of RAND_DRBG_set_defaults()

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7326)
2018-10-02 09:25:59 +10:00
Richard Levitte
8ddbff9c08 'openssl list': add option -objects to list built in objects
Related to #6696

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6702)
2018-10-01 15:33:28 +02:00
Richard Levitte
ef2dfc9902 Refactor linker script generation
The generation of linker scripts was badly balanced, as all sorts of
platform dependent stuff went into the top build.info, when that part
should really be made as simply and generic as possible.

Therefore, we move a lot of the "magic" to the build files templates,
since they are the place for platform dependent things.  What remains
is to parametrize just enough in the build.info file to generate the
linker scripts correctly for each associated library.

"linker script" is a term usually reserved for certain Unix linkers.
However, we only use them to say what symbols should be exported, so
we use the term loosely for all platforms.  The internal extension is
'.ld', and is changed by the build file templates as appropriate for
each target platform.

Note that this adds extra meaning to the value of the shared_target
attribute.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7333)
2018-10-01 09:49:16 +02:00
Richard Levitte
b44882a0bd Clean out aliases in include/openssl/symhacks.h
Only a few clashing ones remain

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)
2018-09-30 19:46:19 +02:00
Richard Levitte
7e09c5eaa5 Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)
BIO_s_log() is declared for everyone, so should return NULL when not
actually implemented.  Also, it had explicit platform limitations in
util/mkdef.pl that didn't correspond to what was actually in code.
While at it, a few other hard coded things that have lost their
relevance were removed.

include/openssl/ocsp.h had a few duplicate declarations.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)
2018-09-30 19:46:19 +02:00
Shane Lontis
8bf3665196 Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6779)
2018-09-28 07:22:13 +10:00
Antoine Salon
1362190b1b Add missing cipher aliases to openssl(1)
And references to other manpages are also added in openssl(1).

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7314)
2018-09-26 16:58:17 +08:00
James Callahan
306bb728d7 doc/man3/SSL_set_bio.pod: Fix wrong function name in return values section
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7035)
2018-09-26 11:33:42 +08:00
Antoine Salon
eadde90bff Update enc(1) examples to more recent ciphers and key derivation algorithms
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7248)
2018-09-25 21:18:04 +03:00
Matt Caswell
7f1d923aa9 Fix no-tls1_2
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7308)
2018-09-25 16:08:28 +01:00
Matt Caswell
734af93a27 Fix no-psk
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7306)
2018-09-25 16:01:22 +01:00
Bernd Edlinger
ec0c5f5693 Reduce stack usage in tls13_hkdf_expand
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7297)
2018-09-24 15:58:24 +02:00
Daniel Bevenius
7c69495712 Document OPENSSL_VERSION_TEXT macro
This commit documents the OPENSSL_VERSION_TEXT which is currently
missing in the man page.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7301)
2018-09-24 12:00:22 +02:00
Pauli
5c39a55d04 Use secure_getenv(3) when available.
Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.

CPU processor override flags are unchanged.

Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7047)
2018-09-24 11:21:18 +10:00
Bernd Edlinger
0f58220973 Create the .rnd file it it does not exist
It's a bit annoying, since some commands try to read a .rnd file,
and print an error message if the file does not exist.

But previously a .rnd file was created on exit, and that does no longer
happen.

Fixed by continuing in app_RAND_load_conf regardless of the error in
RAND_load_file.

If the random number generator is still not initalized on exit, the
function RAND_write_file will fail and no .rnd file would be created.

Remove RANDFILE from openssl.cnf

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7217)
2018-09-23 08:26:19 +02:00
agnosticdev
46d085096c typo-fixes: miscellaneous typo fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7277)
2018-09-21 23:55:22 +02:00
Matt Caswell
f39a02c68a Fix the max psk len for TLSv1.3
If using an old style TLSv1.2 PSK callback then the maximum possible PSK
len is PSK_MAX_PSK_LEN (256) - not 64.

Fixes #7261

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7267)
2018-09-21 17:50:23 +01:00
Matt Caswell
cd6fe29f5b Add a test for the certificate callback
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7257)
2018-09-21 17:39:14 +01:00
Matt Caswell
524006dd1b Delay setting the sig algs until after the cert_cb has been called
Otherwise the sig algs are reset if SSL_set_SSL_CTX() gets called.

Fixes #7244

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7257)
2018-09-21 17:38:58 +01:00
Richard Levitte
dda5396aae crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG
This module includes bn.h via other headers, so it picks up the
definition from there and doesn't need to define them locally (any
more?).  Worst case scenario, the redefinition may be different and
cause all sorts of compile errors.

Fixes #7227

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7287)
2018-09-21 11:15:25 +02:00
Richard Levitte
f52f2c1ae8 /dev/crypto engine: add missing RC4 parameter
Fixes #7280

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7281)
2018-09-20 22:01:55 +02:00
Paul Yang
41a6fa74e6 Add some missing ciphers in 'enc' document
The original issue is #7273 and this commit fixes part of that issue.

[skip ci]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7275)
2018-09-20 23:38:52 +08:00
Richard Levitte
d3c72e392a util/mkdef.pl, util/add-depends.pl: don't lowercase file names
It turns out to be detrimental on some file systems that may or may not
be case sensitive (such as NTFS, which has a case sensitive mode).

Fixes #7172

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7172)
2018-09-20 13:43:22 +02:00
Richard Levitte
276bf8620c crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too
These both indicate that the file descriptor we're trying to use as a
terminal isn't, in fact, a terminal.

Fixes #7271

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7272)
2018-09-20 06:39:07 +02:00
Benjamin Kaduk
2340ed277b Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()
Historically SSL_CTX_set_ssl_version() has reset the cipher list
to the default.  Splitting TLS 1.3 ciphers to be tracked separately
caused a behavior change, in that TLS 1.3 cipher configuration was
preserved across calls to SSL_CTX_set_ssl_version().  To restore commensurate
behavior with the historical behavior, set the ciphersuites to the default as
well as setting the cipher list to the default.

Closes: #7226

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7270)
2018-09-19 16:44:30 -05:00
Pauli
0db957dbbc Add a GMAC demonstration program.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7249)
2018-09-19 11:38:43 +10:00
Dr. Matthias St. Pierre
f9a22815f3 ssl/ssl_ciph.c: make set_ciphersuites static
Fixes #7252

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7253)
2018-09-18 09:32:08 +02:00
Tobias Nießen
523fcfb4c0 Trivial test improvements
This commit reuses a variable instead of reevaluating the expression
and updates an outdated comment in the EVP test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7242)
2018-09-18 09:22:10 +02:00
David Makepeace
d474100af0 Fixed typos in hkdf documentation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7236)
2018-09-17 13:46:08 +10:00
Pauli
a825856ab7 Add missing include file.
Specifically, include e_os.h to pick up alloca definition for WIN32.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7234)
2018-09-17 10:40:32 +10:00
Pauli
da5fac72b1 Add a compile time test to verify that openssl/rsa.h and complex.h can
coexist.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)
2018-09-17 09:14:03 +10:00
Pauli
972f67889b Use 'i' as parameter name not 'I'.
The latter causes problems when complex.h is #included.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)
2018-09-17 09:14:03 +10:00
Matt Eaton
01e04f444d Update RAND_DRBG.pod
Fixed a minor typo while reading the documentation.
I agree that this contribution is trivial can be freely used.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7221)
2018-09-17 01:56:47 +03:00
Kurt Roeckx
8e593f0a0d Improve SSL_shutdown() documentation
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
GH: #7188
2018-09-16 13:39:44 +02:00
Richard Levitte
cd92d1fdd3 VMS: only use the high precision on VMS v8.4 and up
It simply isn't available on older versions.

Issue submitted by Mark Daniels

Fixes #7229

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7230)

(cherry picked from commit d6d6aa3521)
2018-09-15 15:44:45 +02:00
Richard Levitte
f09877c12c VMS libtestutil: look for lower case "main"
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7208)
2018-09-14 11:00:38 +02:00