Commit graph

23517 commits

Author SHA1 Message Date
Andy Polyakov
a28e4890ee poly1305/asm/poly1305-ppc.pl: add vector base 2^26 implementation.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8120)
2019-02-01 09:23:25 +01:00
Andy Polyakov
f8f3d624b7 perlasm/ppc-xlate.pl: add VSX word load/store instructions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8120)
2019-02-01 09:23:25 +01:00
Bernd Edlinger
5dc40a83c7 Fix a crash in reuse of i2d_X509_PUBKEY
If the second PUBKEY is malformed there is use after free.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8122)
2019-01-31 19:24:07 +01:00
Bernd Edlinger
5364902250 Fixed d2i_X509 in-place not re-hashing the ex_flags
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8116)
2019-01-31 19:17:50 +01:00
Bernd Edlinger
a727627922 Fix a memory leak with di2_X509_CRL reuse
Additionally avoid undefined behavior with
in-place memcpy in X509_CRL_digest.

Fixes #8099

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8112)
2019-01-31 19:10:57 +01:00
Richard Levitte
62b563b9df Better phrasing around 1.1.0
Fixes #8129

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8130)
2019-01-31 16:48:00 +01:00
Richard Levitte
a17089b0d7 Configure: clean away unused variables and double assignments
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)
2019-01-31 16:19:50 +01:00
Richard Levitte
fb3637d9ae Build: clean away RENAME and SHARED_NAME
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)
2019-01-31 16:19:50 +01:00
Richard Levitte
da7e31e0c7 Build: remove EXTRA
We never used it for anything

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)
2019-01-31 16:19:50 +01:00
Richard Levitte
77adb75e16 Build: Remove BEGINRAW / ENDRAW / OVERRIDE
It was an ugly hack to avoid certain problems that are no more.

Also added GENERATE lines for perlasm scripts that didn't have that
explicitly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)
2019-01-31 16:19:49 +01:00
Richard Levitte
77550dbf7a Build cleanup: Remove the VMS hack from test/build.info
There was a hack specifically for VMS, which involved setting a make
variable to indicate that test/libtestutil contains a 'main'.

Instead, we use the new attributes 'has_main' to indicate this, and
let the VMS build file template fend with it appropriately.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)
2019-01-31 16:19:49 +01:00
Richard Levitte
d1dd5d6f4c VMS: force 'pinshared'
VMS doesn't currently support unloading of shared object, and we need
to reflect that.  Without this, the shlibload test fails

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8131)
2019-01-31 16:15:55 +01:00
weinholtendian
e57120128f Fix error message for s_server -psk option
Previously if -psk was given a bad key it would print "Not a hex
number 's_server'".

CLA: Trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8113)
2019-01-31 15:17:09 +08:00
Petr Vorel
c4734493d7 Reuse already defined macros
instead of duplicity the code.

CLA: trivial

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8127)
2019-01-30 22:27:52 +01:00
David Benjamin
a97faad76a Document and add macros for additional DSA options
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS and EVP_PKEY_CTRL_DSA_PARAMGEN_MD are only
exposed from EVP_PKEY_CTX_ctrl, which means callers must write more error-prone
code (see also issue #1319). Add the missing wrapper macros and document them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8093)
2019-01-30 10:04:47 -06:00
Matt Caswell
40b64553f5 Complain if -twopass is used incorrectly
The option -twopass to the pkcs12 app is ignored if -passin, -passout
or -password is used. We should complain if an attempt is made to use
it in combination with those options.

Fixes #8107

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8114)
2019-01-30 15:36:13 +00:00
Matt Caswell
522b11e969 Fix no-dso builds
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8111)
2019-01-30 15:26:48 +00:00
Matt Caswell
fa6b1ee111 Don't leak memory from ERR_add_error_vdata()
If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then
a mem leak can occur. This commit checks that we successfully added the
error data, and if not frees the buffer.

Fixes #8085

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8105)
2019-01-29 11:08:18 +00:00
Richard Levitte
6e826c471b Android build: use ANDROID_NDK_HOME rather than ANDROID_NDK
It apepars that ANDROID_NDK_HOME is the recommended standard
environment variable for the NDK.

We retain ANDROID_NDK as a fallback.

Fixes #8101

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8103)
2019-01-29 00:40:20 +01:00
Antonio Iacono
e85d19c68e crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of  Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).

This patch adds support for adding  ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create signatures
which comply with legal requirements of some European States (e.g Italy).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7893)
2019-01-27 23:59:21 +01:00
Ping Yu
9f5a87fd66 add an additional async notification communication method based on callback
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Signed-off-by: Ping Yu <ping.yu@intel.com>
Signed-off-by: Steven Linsell <stevenx.linsell@intel.com>

(Merged from https://github.com/openssl/openssl/pull/7573)
2019-01-27 12:27:17 +00:00
Michael Richardson
61e033308b clarify which functions are the CMS functions which must have CMS_PARTIAL set
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7960)
2019-01-27 12:25:24 +00:00
David Asraf
3d43f9c809 crypto/bn: fix return value in BN_generate_prime
When the ret parameter is NULL the generated prime
is in rnd variable and not in ret.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8076)
2019-01-27 12:12:50 +00:00
Shigeki Ohtsu
5478e21002 s_client: fix not to send a command letter of R
Before 1.1.0, this command letter is not sent to a server.

CLA: trivial
(cherry picked from commit bc180cb4887c2e82111cb714723a94de9f6d2c35)

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8081)
2019-01-27 11:59:15 +00:00
Tomas Mraz
d7bcbfd082 Remove stray -modulus option from the ec manual page.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8082)
2019-01-27 11:57:11 +00:00
Matthias Kraft
6638b22147 Add "weak" declarations of symbols used in safestack.h and lhash.h
Only for SunCC for now.

It turns out that some compilers to generate external variants of
unused static inline functions, and if they use other external
symbols, those need to be present as well.  If you then happen to
include one of safestack.h or lhash.h without linking with libcrypto,
the build fails.

Fixes #6912

Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8087)
2019-01-27 10:48:58 +01:00
Dr. Matthias St. Pierre
2c75f03b39 X509_STORE: fix two misspelled compatibility macros
Fixes #8084

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8086)
2019-01-25 11:18:35 +01:00
Klotz, Tobias
5c8b7b4caa Cleanup vxworks support to be able to compile for VxWorks 7
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7569)
2019-01-24 17:55:04 +01:00
Matt Caswell
0b53fe1cdc Fix s_client so that it builds on Windows
Fixes #8050

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8065)
2019-01-24 13:54:52 +00:00
Matt Caswell
bcc1f3e2ba Revert "Keep the DTLS timer running after the end of the handshake if appropriate"
This commit erroneously kept the DTLS timer running after the end of the
handshake. This is not correct behaviour and shold be reverted.

This reverts commit f7506416b1.

Fixes #7998

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8047)
2019-01-24 13:39:38 +00:00
Matt Caswell
80c455d5ae Make sure we trigger retransmits in DTLS testing
During a DTLS handshake we may need to periodically handle timeouts in the
DTLS timer to ensure retransmits due to lost packets are performed. However,
one peer will always complete a handshake before the other. The DTLS timer
stops once the handshake has finished so any handshake messages lost after
that point will not automatically get retransmitted simply by calling
DTLSv1_handle_timeout(). However attempting an SSL_read implies a
DTLSv1_handle_timeout() and additionally will process records received from
the peer. If those records are themselves retransmits then we know that the
peer has not completed its handshake yet and a retransmit of our final
flight automatically occurs.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8047)
2019-01-24 13:39:38 +00:00
Richard Levitte
5cae2d349b Build: change remaining $unified_info{install} checks to use attributes
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8063)
2019-01-22 16:12:47 +01:00
Richard Levitte
13234dd310 Rework build: Windows dependency building fix
One variable misssing

Fixes #8060

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8061)
2019-01-22 15:51:32 +01:00
Richard Levitte
5f8257494c Build: pass attributes down to make rule generators
For good measure, we pass down attributes when calling obj2shlib,
obj2lib, obj2dso, obj2bin, or in2script.  We currently don't use them
in our build file templates, but might as well for future use.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7581)
2019-01-22 12:35:39 +01:00
Richard Levitte
994e86a9ff Build: use attributes to indicate installed script classes
We have two classes of scripts to be installed, those that are
installed as "normal" programs, and those that are installed as "misc"
scripts.  These classes are installed in different locations, so the
build file templates must pay attention.

Because we didn't have the tools to indicate what scripts go where, we
had these scripts hard coded in the build template files, with the
maintenance issues that may cause.  Now that we have attributes, those
can be used to classify the installed scripts, and have the build file
templates simply check the attributes to know what's what.

Furthermore, the 'tsget.pl' script exists both as 'tsget.pl' and
'tsget', which is done by installing a symbolic link (or copy).  This
link name is now given through an attribute, which results in even
less hard coding in the Unix Makefile template.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7581)
2019-01-22 12:35:39 +01:00
Richard Levitte
ac6bba6f6e Build: Change all _NO_INST to use attributes instead.
This means that all PROGRAMS_NO_INST, LIBS_NO_INST, ENGINES_NO_INST
and SCRIPTS_NO_INST are changed to be PROGRAM, LIBS, ENGINES and
SCRIPTS with the associated attribute 'noinst'.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7581)
2019-01-22 12:35:39 +01:00
Richard Levitte
c91f24d4cc Configure: add attributes to end product build.info variables
Among others, this avoids having special variables like
PROGRAMS_NO_INST.  Instead, we can have something like this:

    PROGRAMS{noinst}=foo bar

Configure itself is entirely agnostic to these attributes, they are
simply passed to the build file templates, to be used as they see fit.

Attributes can also have values, for example:

    SCRIPTS{linkname=foo}=foo.pl

This could help indicate to build file templates that care that the
perl script 'foo.pl' should also exist with the name 'foo', preferably
as a symbolic link.

Fixes #7568

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7581)
2019-01-22 12:35:39 +01:00
Richard Levitte
5d3af25934 Configure: teach the tokenizer to handle other separators than spaces
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7581)
2019-01-22 12:35:39 +01:00
Matt Eaton
52bcd4afc8 Update NOTES.ANDROID
Minor typo fix to `adjustment` in the line:
"In such case you have to pass matching target
 name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjustment
 becomes simpler, $ANDROID_NDK/bin:$PATH suffices."

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8054)
2019-01-21 20:14:34 -06:00
Richard Levitte
f5fb6f0543 Rework building: Get rid of old %unified_info structures
Now that we have the names of libraries on different systems
established through platform modules, we can remove the old structure
to establish the same thing, i.e. $unified_info{sharednames} and
$unified_info{rename}.  That means removing support for the RENAME and
SHARED_NAME keywords in build.info as well.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
2019-01-21 19:31:32 +01:00
Richard Levitte
9afc2b92fe Rework building: adapt some scripts
The platform module collection is made in such a way that any Perl
script that wants to take part of the available information can use
them just as well as the build system.

This change adapts test/recipes/90-test_shlibload.t, util/mkdef.pl,
and util/shlib_wrap.sh.in

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
2019-01-21 19:31:32 +01:00
Richard Levitte
9dd4ed28eb Rework building: Unix changes to handle extensions and product names
Add platform::Unix, which is a generic Unix module to support product
name and extensions functionlity.  However, this isn't quite enough,
as mingw and Cygwin builds are done using the same templates, but
since shared libraries work as on Windows and are named accordingly,
platform::mingw and platform::Cygwin were also added to provide the
necessary tweaks.

This reworks Configurations/unix-Makefile.tmpl to work out product
names in platform::Unix et al terms.  In this one, we currently do
care about the *_extension config attributes, and the modules adapt
accordingly where it matters.

This change also affected crypto/include/internal/dso_conf.h.in, since
the DSO extension is meant to be the same as the short shared library
extension, which isn't '.so' everywhere.

'shared_extension' attributes that had the value
'.so.\$(SHLIB_VERSION_NUMBER)' are removed, platform::Unix provides
an extension where the shared library version number is hard-coded
instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
2019-01-21 19:31:32 +01:00
Richard Levitte
c162a8c344 Rework building: VMS changes to handle extensions and product names
Add platform::VMS, which is a generic VMS module.  Additional modules
to support specific building aspects (such as specific compilers) may
be added later, but since we currently work on file names and those
are generic enough, this is also enough.

This reworks Configurations/descrip.mms.tmpl to work out product names
in platform::VMS terms.  Something to be noted is that the new
functionality ignores the *_extension config attributes, as they were
never used.  VMS is very consistent in its use of extensions, so there
is no reason to believe much will change in this respect.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
2019-01-21 19:31:32 +01:00
Richard Levitte
957689611b Rework building: Windows changes to handle extensions and product names
Add platform::Windows, which is a generic Windows module, and
platform::Windows::MSVC, which is a module specifically for MS Visual
C.

This reworks Configurations/windows-makeffile.tmpl to work out product
names in platform::Windows.  Something to be noted is that the new
functionality ignores the *_extension config attributes, as they were
never used.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
2019-01-21 19:31:32 +01:00
Richard Levitte
d7e4932eaf Rework building: initial changes
This is the start of a major work to correct some quirks in the
buiding system.  The base for this is to move certain attributes that
lack desired flexibility from Configurations/*.conf to perl modules
that can be selected with one single attribute in the config targets.

The way this is meant to work is by adding this attribute in select
config targets:

    perl_module         => 'Name';      # Name to be replaced

Then, in the perl scripts or modules that need the functionality,
these lines should be added:

    use lib catdir($srcdir, 'Configurations');	# Ensure access to platform.pm
    use lib $blddir;    # Ensure access to configdata.pm
    use platform;       # Will load platform::$target{perl_module}

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
2019-01-21 19:31:32 +01:00
Bernd Edlinger
ac454d8d46 Make ca command silently use default if .attr file does not exist
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7286)
2019-01-21 15:50:20 +01:00
Bernd Edlinger
c8f370485c PPC: Try out if mftb works before using it
If this fails try out if mfspr268 works.

Use OPENSSL_ppccap=0x20 for enabling mftb,
OPENSSL_ppccap=0x40 for enabling mfspr268,
and OPENSSL_ppccap=0 for enabling neither.

Fixes #8012

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8043)
2019-01-21 15:42:04 +01:00
David von Oheimb
11642f3553 update Copyright date
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8036)
2019-01-21 09:43:27 +00:00
David von Oheimb
a4abcaeab8 add 'L' after _OPENSSL_VERSION_PRE_RELEASE literals, fixes #8021
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8036)
2019-01-21 09:43:27 +00:00
Corey Minyard
c6048af23c Fix a memory leak in the mem bio
If you use a BIO and set up your own buffer that is not freed, the
memory bio will leak the BIO_BUF_MEM object it allocates.

The trouble is that the BIO_BUF_MEM is allocated and kept around,
but it is not freed if BIO_NOCLOSE is set.

The freeing of BIO_BUF_MEM was fairly confusing, simplify things
so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM
in mem_free(), where it should be done.

Alse add a test for a leak in the memory bio
Setting a memory buffer caused a leak.

Signed-off-by: Corey Minyard <minyard@acm.org>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8051)
2019-01-21 17:47:02 +10:00