Commit graph

21068 commits

Author SHA1 Message Date
Andy Polyakov
e44480cc26 rsa/rsa_gen.c: ensure backward compatibility with external rsa->meth.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4770)
2017-11-23 21:08:07 +01:00
Andy Polyakov
88ac224cda crypto/x86_64cpuid.pl: fix AVX512 capability masking.
Originally it was thought that it's possible to use AVX512VL+BW
instructions with XMM and YMM registers without kernel enabling
ZMM support, but it turned to be wrong assumption.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-11-23 21:05:44 +01:00
Ronald Tse
6df34091ba Add SM3/SM4 to openssl command-line tool
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4773)
2017-11-22 15:23:48 +08:00
Richard Levitte
f106f40694 Avoid unnecessary MSYS2 conversion of some arguments
Fixes #4740

The MSYS2 run-time convert arguments that look like paths when
executing a program unless that application is linked with the MSYS
run-time.  The exact conversion rules are listed here:

    http://www.mingw.org/wiki/Posix_path_conversion

With the built-in configurations (all having names starting with
"mingw"), the openssl application is not linked with the MSYS2
run-time, and therefore, it will receive possibly converted arguments
from the process that executes it.  This conversion is fine for normal
path arguments, but it happens that some arguments to the openssl
application get converted when they shouldn't.  In one case, it's
arguments like '-passin file:something', and in another, it's a file:
URI (what typically happens is that URIs without an authority
component get converted, 'cause the conversion mechanism doesn't
recognise them as URIs).

To avoid conversion where we don't want it, we simply assign
MSYS2_ARG_CONV_EXCL a pattern to avoid specific conversions.  As a
precaution, we only do this where we obviously need it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4765)
2017-11-22 00:37:34 +01:00
Matt Caswell
281bf2332c If a server is not acknowledging SNI then don't reject early_data
SNI needs to be consistent before we accept early_data. However a
server may choose to not acknowledge SNI. In that case we have to
expect that a client may send it anyway. We change the consistency
checks so that not acknowledging is treated more a like a "wild card",
accepting any SNI as being consistent.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
2017-11-21 17:46:22 +00:00
Matt Caswell
3b5873567d Provide a more information early_data message in s_server
s_server reported early_data not being sent and early_data being
rejected in the same way, i.e. "No early data received". This is
slightly misleading so this commit provides a different error message
if the early data is rejected.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
2017-11-21 17:46:22 +00:00
Matt Caswell
bfab12bb7d Allow a client to send early_data with SNI if the session has no SNI
We can only send early_data if the SNI is consistent. However it is valid
for the client to set SNI and the server to not use it. This would still be
counted as consistent. OpenSSL client was being overzealous in this check
and disallowing this scenario.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
2017-11-21 17:46:22 +00:00
Matt Caswell
b510b740fb Ignore the session when setting SNI in s_client
As per this comment:

https://github.com/openssl/openssl/issues/4496#issuecomment-337767145

Since the server is entitled to reject our session our ClientHello
should include everything that we would want if a full handshake were
to happen. Therefore we shouldn't use the session as a source of
information for setting SNI.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
2017-11-21 17:46:22 +00:00
Paul Yang
665d899fa6 Support multi-prime RSA (RFC 8017)
* Introduce RSA_generate_multi_prime_key to generate multi-prime
  RSA private key. As well as the following functions:
    RSA_get_multi_prime_extra_count
    RSA_get0_multi_prime_factors
    RSA_get0_multi_prime_crt_params
    RSA_set0_multi_prime_params
    RSA_get_version
* Support EVP operations for multi-prime RSA
* Support ASN.1 operations for multi-prime RSA
* Support multi-prime check in RSA_check_key_ex
* Support multi-prime RSA in apps/genrsa and apps/speed
* Support multi-prime RSA manipulation functions
* Test cases and documentation are added
* CHANGES is updated

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4241)
2017-11-21 14:38:42 +08:00
Paul Yang
b000470873 Support public key and param check in EVP interface
EVP_PKEY_public_check() and EVP_PKEY_param_check()

Doc and test cases are added

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4647)
2017-11-20 07:20:30 +01:00
Andy Polyakov
5d99881e6a Iron out /WX errors in VC-WIN32.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-11-17 21:22:26 +01:00
Andy Polyakov
c1ec4db33d bn/bn_exp.c: harmonize BN_mod_exp_mont_consttime with negative input.
All exponentiation subroutines but BN_mod_exp_mont_consttime produce
non-negative result for negative input, which is confusing for fuzzer.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4676)
2017-11-17 12:12:19 +01:00
FdaSilvaYY
899e62d186 Fix AppVeyor/VC build failure
..\test\asn1_internal_test.c(96): warning C4113: 'int (__cdecl *)()'
differs in parameter lists from 'int (__cdecl *)(void)'

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4744)
2017-11-16 14:02:27 +01:00
Andy Polyakov
a78324d95b bn/bn_add.c: address performance regression.
Performance regression was reported for EC key generation between
1.0.2 and 1.1.x [in GH#2891]. It naturally depends on platform,
values between 6 and 9% were observed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4743)
2017-11-16 13:57:55 +01:00
Richard Levitte
8e4ec5b2e7 Modify expected output of a CRL to match the changed printout
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4746)
2017-11-16 01:19:55 +01:00
Richard Levitte
be63fc1223 Add padding spaces before printing signature algorithm for CRLs output
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4746)
2017-11-16 01:19:55 +01:00
Richard Levitte
d1453d60a5 Modify expected output of a certificate to match the changed printout
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4746)
2017-11-16 01:19:31 +01:00
Yutian Li
e6cccb5f05 Add padding spaces before printing algo.
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Rich Salz <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1513)
2017-11-16 01:00:06 +01:00
Rich Salz
4ff71d6740 Revert "Add padding spaces before printing algo."
Some test files need to be updated.
This reverts commit 26a374a271.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4745)
2017-11-15 18:26:22 -05:00
Yutian Li
26a374a271 Add padding spaces before printing algo.
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Rich Salz <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1513)
2017-11-15 17:11:50 -05:00
FdaSilvaYY
4483fbae10 Factorise duplicated code.
Extract and factorise duplicated string glue code.
Cache strlen result to avoid duplicate calls.
[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4719)
2017-11-13 07:52:35 -05:00
FdaSilvaYY
1a78a33aed remove magic number
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4719)
2017-11-13 07:52:35 -05:00
Andy Polyakov
7533162322 ARMv8 assembly pack: add Qualcomm Kryo results.
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
2017-11-13 11:13:00 +01:00
Andy Polyakov
0d2394a8c0 Configurations/10-main.conf: add back /WX to VC-WIN32.
We had /WX (treat warnings as errors) in VC-WIN32 for long time. At
some point it was somehow omitted. It's argued that it allows to
keep better focus on new code, which motivates the comeback...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4721)
2017-11-13 10:59:16 +01:00
Andy Polyakov
3a63c0edab Resolve warnings in VC-WIN32 build, which allows to add /WX.
It's argued that /WX allows to keep better focus on new code, which
motivates its comeback...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4721)
2017-11-13 10:58:57 +01:00
Andy Polyakov
802127e8fc ssl/ssl_asn1.c: resolve warnings in VC-WIN32 build, which allows to add /WX.
It's argued that /WX allows to keep better focus on new code, which
motivates its comeback...

[Keep this commit separate as reminder for time overhaul.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4721)
2017-11-13 10:58:21 +01:00
Andy Polyakov
b4c0e4dff6 evp/pbe_scrypt.c: add boundary condition for implicit cast.
Even though |Blen| is declared uint64_t it was casted implicitly to int.
[Caught by VC warning subsytem.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4721)
2017-11-13 10:58:14 +01:00
Andy Polyakov
3724631039 asn1/a_strex.c: fix flags truncation in do_esc_char.
|flags| argument to do_esc_char  was apparently truncated by implicit
cast. [Caught by VC warning subsytem.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4721)
2017-11-13 10:56:42 +01:00
Rich Salz
b741fcd2dd Fix typo that cause find-doc-nits failure
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4727)
2017-11-12 19:32:52 -05:00
Ben Kaduk
f1d3de718b make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4573)
2017-11-11 20:04:42 -06:00
Benjamin Kaduk
27da13430b Add OCSP API test executable
Some of the OCSP APIs (such as the recently added OCSP_resp_get0_signer)
do not really merit inclusion in the ocsp(1) utility, but we should still
have unit tests for them.

For now, only test OCSP_resp_get0_signer(), but it should be easy to
add more tests in the future.

Provide an X509 cert and private key in the test's data directory
to use for signing responses, since constructing those on the fly
is more effort than is needed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4573)
2017-11-11 20:03:49 -06:00
Benjamin Kaduk
ce5886dda8 Add an API to get the signer of an OCSP response
Add a new function OCSP_resp_get0_signer() that looks in the
certs bundled with the response as well as in additional certificates
provided as a function argument, returning the certificate that signed
the given response (if present).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4573)
2017-11-11 20:03:49 -06:00
Piotr Czajka
47c07020b7 Typo fix
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4705)
2017-11-11 20:34:45 -05:00
Josh Soref
46f4e1bec5 Many spelling fixes/typo's corrected.
Around 138 distinct errors found and fixed; thanks!

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3459)
2017-11-11 19:03:10 -05:00
Long Qin
b4d0fa49d9 lhash.c: Replace Unicode EN DASH with the ASCII char '-'.
* addressing", Proc. 6th Conference on Very Large Databases: 212–223
                                                                 ^
The EN DASH ('–') in this line is one UTF-8 character (hex: e2 80 93).
Under some code page setting (e.g. 936), Visual Studio may report C4819
warning: The file contains a character that cannot be represented in the
current code page.

Replace this character with the ASCII char '-' (Hex Code: 2D).

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4691)
2017-11-11 12:44:09 +01:00
FdaSilvaYY
1687aa760c Fix possible leaks on sk_X509_EXTENSION_push() failure ...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4677)
2017-11-10 09:45:17 +01:00
Andy Polyakov
1097d2a39e util/copy.pl: work around glob quirk in some of earlier 5.1x Perl versions.
In earlier 5.1x Perl versions quoting globs works only if there is
white space. If there is none, it's looking for names starting with ".

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4695)
2017-11-10 09:39:29 +01:00
Andy Polyakov
7285803872 00-base-templates.conf: fix ia64 builds.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-11-10 09:37:31 +01:00
Matt Caswell
44f19af743 Fix an s_client memory leak
We were using OPENSSL_strdup() unnecessarily and then failing to free it. There is
no reason to use OPENSSL_strdup() in this scenario - so just remove it.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4699)
2017-11-09 17:01:18 +00:00
Andy Polyakov
b6705d4893 Configurations/unix-Makefile.tmpl: fix HP-UX build.
HP-UX make doesn't recognize $< in explict target rules, only in
inference ones such as .c.o.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4697)
2017-11-08 21:55:02 +01:00
Andy Polyakov
d6ee8f3dc4 OPENSSL_ia32cap: reserve for new extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-11-08 21:45:16 +01:00
Rich Salz
1b6fa9fdf8 Don't NULL check before calling DSO_free.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4703)
2017-11-08 14:59:42 -05:00
Rich Salz
7aae0d33ac Removre comment with user's name
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4702)
2017-11-08 10:37:52 -05:00
FdaSilvaYY
f4411faac4 Various typo
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4457)
2017-11-07 17:09:36 +01:00
FdaSilvaYY
f479eab227 style : fix some if(...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4457)
2017-11-07 17:09:24 +01:00
Richard Levitte
89635075d8 Configure: cleanup @disable_cascade
'rsa', 'sha' and 'tlsext' can't be disabled, not even as a consequence
of other conditions, so having cascading disables that depend on them
is futile.  Clean up!

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4693)
2017-11-07 16:29:09 +01:00
Rich Salz
89a99cd589 Warn if -days without -x509
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4692)
2017-11-07 07:30:31 -05:00
Matt Caswell
1c47d35a03 Mark a zero length record as read
If SSL_read() is called with a zero length buffer, and we read a zero length
record then we should mark that record as read.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4685)
2017-11-07 11:07:17 +00:00
Matt Caswell
018632ae98 Fix race condition in TLSProxy
Normally TLSProxy waits for the s_server process to finish before
continuing. However in cases where serverconnects > 1 we need to keep the
s_server process around for a later test so we continue immediately. This
means that TAP test output can end up being printed to stdout at the same
time as s_server is printing stuff. This confuses the test runner and can
cause spurious test failures. This commit introduces a small delay in cases
where serverconnects > 1 in order to give s_server enough time to finish
what it was doing before we continue to the next test.

Fixes #4129

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4660)
2017-11-07 10:51:17 +00:00
Matt Caswell
9f5671c7e9 Remove 4 broken macros from ocsp.h
There were 4 macros in ocsp.h that have not worked since 1.1.0 because
they attempt to access the internals of an opaque structure.

For OCSP_REQUEST_sign() applications should use OCSP_request_sign() instead.
For OCSP_BASICRESP_sign() applications should use OCSP_basic_sign() instead.
For OCSP_REQUEST_verify() applications should use OCSP_request_verify()
instead.
For OCSP_BASICRESP_verify() applications should use OCSP_basic_verify()
instead.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4635)
2017-11-07 10:47:01 +00:00