Commit graph

1453 commits

Author SHA1 Message Date
Matt Caswell
fa9a08780a Prepare for 1.1.1-pre8-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-05-29 13:22:05 +01:00
Matt Caswell
77cdad3184 Prepare for 1.1.1-pre7 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-05-29 13:20:01 +01:00
Matt Caswell
83cf7abf8e Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6371)
2018-05-29 13:16:04 +01:00
Dr. Matthias St. Pierre
a0cef658d6 ECDSA_SIG: restore doc comments which were deleted accidentally
amends 0396401d1c

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6366)
2018-05-28 22:47:28 +02:00
Dr. Matthias St. Pierre
0396401d1c ECDSA_SIG: add simple getters for commonly used struct members
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6290)
2018-05-28 19:11:23 +02:00
Dr. Matthias St. Pierre
6692ff7777 RSA: add simple getters for commonly used struct members
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6290)
2018-05-28 19:11:23 +02:00
Dr. Matthias St. Pierre
e6f35b5768 DSA: add simple getters for commonly used struct members
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6290)
2018-05-28 19:11:23 +02:00
Matt Caswell
07824f304a Revert "Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA"
This reverts commit a6f5b11634.

The EVP_PKEY_sign() function is intended for pre-hashed input which is
not supported by our EdDSA implementation.

See the discussion in PR 5880

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6284)
2018-05-24 17:25:43 +01:00
Dr. Matthias St. Pierre
6db7fadf09 DH: add simple getters for commonly used DH struct members
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6273)
2018-05-18 08:53:48 +02:00
Matt Caswell
9d0a8bb71e Enable the ability to set the number of TLSv1.3 session tickets sent
We send a session ticket automatically in TLSv1.3 at the end of the
handshake. This commit provides the ability to set how many tickets should
be sent. By default this is one.

Fixes #4978

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5227)
2018-05-17 16:48:25 +01:00
Matt Caswell
73cc84a132 Suport TLSv1.3 draft 28
Also retains support for drafts 27 and 26

Fixes #6257

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6258)
2018-05-15 10:02:59 +01:00
Matt Caswell
61fb59238d Rework the decrypt ticket callback
Don't call the decrypt ticket callback if we've already encountered a
fatal error. Do call it if we have an empty ticket present.

Change the return code to have 5 distinct returns codes and separate it
from the input status value.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6198)
2018-05-11 14:51:09 +01:00
Matt Caswell
4db296d9f0 Make X509_VERIFY_PARAM_get_hostflags() take a const arg
Commit 5b748dea5 added this function which should have taken a const
argument.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6154)
2018-05-02 23:43:52 +01:00
Matt Caswell
a216df599a Fix SSL_get_shared_ciphers()
The function SSL_get_shared_ciphers() is supposed to return ciphers shared
by the client and the server. However it only ever returned the client
ciphers.

Fixes #5317

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6113)
2018-05-02 23:30:46 +01:00
FdaSilvaYY
c7e10755fa opensslconf.h inclusion cleanup
No need to buildtest on opensslconf.h

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6149)
2018-05-02 23:42:21 +02:00
Dr. Matthias St. Pierre
c671843770 a_strex.c: prevent out of bound read in do_buf()
which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*().

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6105)
2018-05-02 20:36:21 +02:00
Matt Caswell
5b748dea5d Add getter for X509_VERIFY_PARAM_get_hostflags
Fixes #5061

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6139)
2018-05-01 15:06:16 +01:00
Matt Caswell
8a0c91d3bd Prepare for 1.1.1-pre7-dev
Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-05-01 13:55:46 +01:00
Matt Caswell
a910a9e98f Prepare for 1.1.1-pre6 release
Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-05-01 13:46:05 +01:00
Rich Salz
fe1128dc2a Fix last(?) batch of malloc-NULL places
Add a script to find them in the future

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/6103)
2018-04-26 14:02:24 -04:00
FdaSilvaYY
f06080cb3d Add missing error code when alloc-return-null
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6085)
2018-04-26 12:27:46 -04:00
Richard Levitte
d6d94d3397 PEM_def_callback(): use same parameter names as for pem_password_cb
Add a bit more commentary to explain what's going on.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6080)
2018-04-26 10:39:44 +02:00
Rich Salz
f90bc6c5cb Add missing malloc-return-null instance
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6071)
2018-04-24 12:41:45 -04:00
FdaSilvaYY
7fcdbd839c X509: add more error codes on malloc or sk_TYP_push failure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5837)
2018-04-24 09:08:33 +02:00
Bernd Edlinger
eb2b989206 Ensure the thread keys are always allocated in the same order
Fixes: #5899

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5911)
2018-04-20 15:45:06 +02:00
Dr. Matthias St. Pierre
e1c0348cc7 openssl/err.h: remove duplicate OSSL_STOREerr()
Two definitions in lines 127 and 136, introduced in 71a5516dcc.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6029)
2018-04-20 13:05:22 +02:00
Dr. Matthias St. Pierre
9d978ac3f3 openssl/ssl.h: restore some renamed public SSL_CTRL defines
Fixes #6022

In commit de4d764e32, the following SSL_CTRL #define's where renamed

    SSL_CTRL_GET_CURVES        ->  SSL_CTRL_GET_GROUPS
    SSL_CTRL_SET_CURVES        ->  SSL_CTRL_SET_GROUPS
    SSL_CTRL_SET_CURVES_LIST   ->  SSL_CTRL_SET_GROUPS_LIST
    SSL_CTRL_GET_SHARED_CURVE  ->  SSL_CTRL_GET_SHARED_GROUP

The corresponding function-like macros (e.g, SSL_get1_curves(ctx, s)) were
renamed, too, and compatibility #define's were added. This was overlooked for
the above constants. Since the constants are part of the public interface,
they must not be removed for a minor release.

As a consequence the Qt5 configure check (and the build) fails.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6023)
2018-04-20 13:01:21 +02:00
FdaSilvaYY
2f8271ebca Style: ssl.h
fix some indents, and restrict to 80 cols some lines.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4466)
2018-04-18 09:04:55 +01:00
Richard Levitte
a051af0e75 Prepare for 1.1.1-pre6-dev
Reviewed-by: Matt Caswell <matt@openssl.org>
2018-04-17 15:32:41 +02:00
Richard Levitte
4ff3df161c Prepare for 1.1.1-pre5 release
Reviewed-by: Matt Caswell <matt@openssl.org>
2018-04-17 15:32:02 +02:00
Dr. Matthias St. Pierre
b7fb239438 Revert "Add OPENSSL_VERSION_AT_LEAST"
Fixes #5961

This reverts commit 3c5a61dd0f.

The macros OPENSSL_MAKE_VERSION() and OPENSSL_VERSION_AT_LEAST() contain
errors and don't work as designed. Apart from that, their introduction
should be held back until a decision has been mad about the future
versioning scheme.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5968)
2018-04-16 18:43:52 +02:00
Richard Levitte
560096f804 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5948)
2018-04-13 23:48:41 +02:00
Matt Caswell
a6f5b11634 Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA
Adding support for these operations for the EdDSA implementations
makes pkeyutl usable for signing/verifying for these algorithms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5880)
2018-04-06 10:10:05 +01:00
Rich Salz
7de2b9c4af Set error code if alloc returns NULL
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5886)
2018-04-05 15:13:55 -04:00
Matt Caswell
d54897cf54 Pick a q size consistent with the digest for DSA param generation
There are two undocumented DSA parameter generation options available in
the genpkey command line app:
dsa_paramgen_md and dsa_paramgen_q_bits.

These can also be accessed via the EVP API but only by using
EVP_PKEY_CTX_ctrl() or EVP_PKEY_CTX_ctrl_str() directly. There are no
helper macros for these options.

dsa_paramgen_q_bits sets the length of q in bits (default 160 bits).
dsa_paramgen_md sets the digest that is used during the parameter
generation (default SHA1). In particular the output length of the digest
used must be equal to or greater than the number of bits in q because of
this code:

            if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
                goto err;
            if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
                goto err;
            for (i = 0; i < qsize; i++)
                md[i] ^= buf2[i];

            /* step 3 */
            md[0] |= 0x80;
            md[qsize - 1] |= 0x01;
            if (!BN_bin2bn(md, qsize, q))
                goto err;

qsize here is the number of bits in q and evpmd is the digest set via
dsa_paramgen_md. md and buf2 are buffers of length SHA256_DIGEST_LENGTH.
buf2 has been filled with qsize bits of random seed data, and md is
uninitialised.

If the output size of evpmd is less than qsize then the line "md[i] ^=
buf2[i]" will be xoring an uninitialised value and the random seed data
together to form the least significant bits of q (and not using the
output of the digest at all for those bits) - which is probably not what
was intended. The same seed is then used as an input to generating p. If
the uninitialised data is actually all zeros (as seems quite likely)
then the least significant bits of q will exactly match the least
significant bits of the seed.

This problem only occurs if you use these undocumented and difficult to
find options and you set the size of q to be greater than the message
digest output size. This is for parameter generation only not key
generation. This scenario is considered highly unlikely and
therefore the security risk of this is considered negligible.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5800)
2018-04-05 15:44:24 +01:00
Matt Caswell
d8f031e890 Move the loading of the ssl_conf module to libcrypto
The GOST engine needs to be loaded before we initialise libssl. Otherwise
the GOST ciphersuites are not enabled. However the SSL conf module must
be loaded before we initialise libcrypto. Otherwise we will fail to read
the SSL config from a config file properly.

Another problem is that an application may make use of both libcrypto and
libssl. If it performs libcrypto stuff first and OPENSSL_init_crypto()
is called and loads a config file it will fail if that config file has
any libssl stuff in it.

This commit separates out the loading of the SSL conf module from the
interpretation of its contents. The loading piece doesn't know anything
about SSL so this can be moved to libcrypto. The interpretation of what it
means remains in libssl. This means we can load the SSL conf data before
libssl is there and interpret it when it later becomes available.

Fixes #5809

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5818)
2018-04-05 15:30:12 +01:00
Richard Levitte
fc1d73bb0c VMS: stricter acquisition of entropy for the pool
Fail harshly (in debug builds) when rand_pool_acquire_entropy isn't
delivering the required amount of entropy.  In release builds, this
produces an error with details.

We also take the opportunity to modernise the types used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5857)
2018-04-03 18:24:41 +02:00
Rich Salz
cdb10bae3f Set error code on alloc failures
Almost all *alloc failures now set an error code.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5842)
2018-04-03 11:31:16 -04:00
Bernd Edlinger
4f090f76a4 Use gnu_printf format attribute to minimise MinGW warnings
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5839)
2018-04-03 16:00:01 +02:00
Matt Caswell
f4b076e6e6 Prepare for 1.1.1-pre5-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-04-03 14:26:16 +01:00
Matt Caswell
facdcba99b Prepare for 1.1.1-pre4 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-04-03 14:24:18 +01:00
Dr. Matthias St. Pierre
a73d990e2b Add documentation for the RAND_DRBG API
The RAND_DRBG API was added in PR #5462 and modified by PR #5547.
This commit adds the corresponding documention.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5461)
2018-03-30 00:10:38 +02:00
FdaSilvaYY
3484236d8d EVP,KDF: Add more error code along some return 0 in ...
methods :
 - EVP_PBE_scrypt
 - EVP_PKEY_meth_add0
 - EVP_PKEY_meth_new
 - EVP_PKEY_CTX_dup

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5783)
2018-03-29 22:46:10 +02:00
Matt Caswell
4cabbb9f48 Limit ASN.1 constructed types recursive definition depth
Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-03-27 10:22:49 +01:00
Rich Salz
faec5c4a8a Remove QNX support
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5756)
2018-03-26 14:10:57 -04:00
Andy Polyakov
b9499cf8de include/openssl/rand.h: omit intermediate typedef.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4159)
2018-03-22 15:06:02 +01:00
Andy Polyakov
a497a08813 openssl/rand.h: fix formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4159)
2018-03-22 15:04:08 +01:00
Jack Bates
693be9a2cb Convert _meth_get_ functions to const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2181)
2018-03-21 10:37:05 +00:00
Matt Caswell
9fcfd0cd86 Prepare for 1.1.1-pre4-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-03-20 13:15:39 +00:00
Matt Caswell
be2df12a34 Prepare for 1.1.1-pre3 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-03-20 13:13:56 +00:00