Emilia Kasper [Tue, 2 Feb 2016 15:26:38 +0000 (16:26 +0100)]
RT3234: disable compression
CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression by
calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
the SSL_CONF library to configure compression. SSL_CONF continues to
work as before:
Richard Levitte [Fri, 29 Jan 2016 22:33:10 +0000 (23:33 +0100)]
unified build scheme: add build.info files
Now that we have the foundation for the "unified" build scheme in
place, we add build.info files. They have been generated from the
Makefiles in the same directories. Things that are platform specific
will appear in later commits.
Richard Levitte [Fri, 29 Jan 2016 18:45:51 +0000 (19:45 +0100)]
unified build scheme: a first introduction
The "unified" build scheme revolves around small information files,
build.info, which each describe their own bit of everything that needs
to be built, using a mini-language described in Configurations/README.
The information in build.info file contain references to source files
and final result. Object files are not mentioned at all, they are
simply from source files. Because of this, all the *_obj items in
Configurations/*.conf are renamed to *_asm_src and the files listed
in the values are change from object files to their corresponding
source files. For the sake of the other build schemes, Configure
generates corresponding *_obj entries in %target.
Furthermore, the "unified" build scheme supports having a build
directory tree separate from the source directry tree.
All paths in a build.info file is assumed to be relative to its
location, either within the source tree or within the build tree.
Add EC_GROUP_order_bits, EC_GROUP_get0_order and EC_GROUP_get0_cofactor
New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.
Richard Levitte [Sun, 31 Jan 2016 17:33:42 +0000 (18:33 +0100)]
Remove the extra checks for Intel's C compiler
When the target is {something}-icc, we're doing some extra checks of
the icc compiler. However, all such targets were cleaned away in
March 2015, so this Configure section is dead code.
Richard Levitte [Sat, 30 Jan 2016 14:39:34 +0000 (15:39 +0100)]
Fix opt_imax() call
Not all architectures have a time_t defined the same way. To make
sure we get the same result, we need to cast &checkoffset to (intmax_t *)
and make sure that intmax_t is defined somehow.
To make really sure we don't pass a variable with the wrong size down
to opt_imax(), we use a temporary intmax_t.
Richard Levitte [Fri, 29 Jan 2016 17:07:37 +0000 (18:07 +0100)]
Configure et al: split up the lflags configuration item into two
The lflags configuration had a weird syntax with a % as separator. If
it was present, whatever came before ended up as PEX_LIBS in Makefile
(usually, this is LDFLAGS), while whatever came after ended up as
EX_LIBS.
This change splits that item into lflags and ex_libs, making their use
more explicit.
Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS.
Viktor Dukhovni [Thu, 28 Jan 2016 03:43:23 +0000 (22:43 -0500)]
Make it possible to check for explicit auxiliary trust
By default X509_check_trust() trusts self-signed certificates from
the trust store that have no explicit local trust/reject oids
encapsulated as a "TRUSTED CERTIFICATE" object. (See the -addtrust
and -trustout options of x509(1)).
This commit adds a flag that makes it possible to distinguish between
that implicit trust, and explicit auxiliary settings.
With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted
via explicit trust settings.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 4 Nov 2015 17:30:22 +0000 (17:30 +0000)]
Fix bug in nistp224/256/521 where have_precompute_mult always returns 0
During precomputation if the group given is well known then we memcpy a
well known precomputation. However we go the wrong label in the code and
don't store the data properly. Consequently if we call have_precompute_mult
the data isn't there and we return 0.
RT#3600
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 29 Jan 2016 09:38:06 +0000 (09:38 +0000)]
Correct value of DH_CHECK_PUBKEY_INVALID
A new return value for DH_check_pub_key was recently added:
DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other
return values it should have been set to the value 4 not 3.
Matt Caswell [Mon, 25 Jan 2016 15:00:10 +0000 (15:00 +0000)]
Implement Async SSL_shutdown
This extends the existing async functionality to SSL_shutdown(), i.e.
SSL_shutdown() can now casuse an SSL_ERROR_WANT_ASYNC error to be returned
from SSL_get_error() if async mode has been enabled.
Rich Salz [Thu, 28 Jan 2016 03:00:55 +0000 (22:00 -0500)]
Remove outdated tests
These tests are not built, and only usable as hand-tests so not
worth moving into our test framework.
This closes https://github.com/openssl/openssl/pull/561 and RT 4252
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 18 Jan 2016 11:31:58 +0000 (11:31 +0000)]
Prevent small subgroup attacks on DH/DHE
Historically OpenSSL only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for
generating X9.42 style parameter files such as those required for RFC
5114 support. The primes used in such files may not be "safe". Where an
application is using DH configured with parameters based on primes that
are not "safe" then an attacker could use this fact to find a peer's
private DH exponent. This attack requires that the attacker complete
multiple handshakes in which the peer uses the same DH exponent.
A simple mitigation is to ensure that y^q (mod p) == 1
Rich Salz [Wed, 27 Jan 2016 23:43:25 +0000 (18:43 -0500)]
Remove outdated legacy crypto options
Many options for supporting optimizations for legacy crypto on legacy
platforms have been removed. This simplifies the source code and
does not really penalize anyone.
DES_PTR (always on)
DES_RISC1, DES_RISC2 (always off)
DES_INT (always 'unsigned int')
DES_UNROLL (always on)
BF_PTR (always on) BF_PTR2 (removed)
MD2_CHAR, MD2_LONG (always 'unsigned char')
IDEA_SHORT, IDEA_LONG (always 'unsigned int')
RC2_SHORT, RC2_LONG (always 'unsigned int')
RC4_LONG (only int and char (for assembler) are supported)
RC4_CHUNK (always long), RC_CHUNK_LL (removed)
RC4_INDEX (always on)
And also make D_ENCRYPT macro more clear (@appro)
Rich Salz [Fri, 18 Dec 2015 17:57:23 +0000 (12:57 -0500)]
Remove /* foo.c */ comments
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
Benjamin Kaduk [Thu, 21 Jan 2016 18:06:39 +0000 (12:06 -0600)]
Remove unused, undocumented clean-shared target
Also removes the make variable SHARED_LIBS_LINK_EXTS, only used by
the clean-shared target.
When shared library linking was moved to the separate Makefile.shared
in commit 30afcc072acd4f70590fec68bf0590da4e4f1883, this target was
skipped. Prior to that commit, clean-shared was invoked as a
dependency of build-shared, but afterward it was no longer referenced
anywhere in the tree.
Instead of porting the functionality over to Makefile.shared, just
remove it entirely, as it appears to be unused.
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Tue, 26 Jan 2016 13:57:21 +0000 (14:57 +0100)]
Have OpenSSL::Test handle perl scripts like any program
Since we're building some of our perl scripts and the result might not
end up in apps/ (*), we may need to treat them like the compile
programs we use for testing.
This introduces perlapp() and perltest(), which behave like app() and
test(), but will add the perl executable in the command line.
-----
(*) For example, with a mk1mf build, the result will end up in $(BIN_D)
Matt Caswell [Tue, 26 Jan 2016 11:31:41 +0000 (11:31 +0000)]
Add SSL_up_ref() and SSL_CTX_up_ref()
The SSL and SSL_CTX structures are reference counted. However since libssl
was made opaque there is no way for users of the library to manipulate the
reference counts. This adds functions to enable that.
projects / openssl / log