Andy Polyakov [Mon, 20 Nov 2017 09:24:14 +0000 (10:24 +0100)]
poly1305/asm/poly1305-x86_64.pl: switch to pure AVX512F.
Convert AVX512F+VL+BW code path to pure AVX512F, so that it can be
executed even on Knights Landing. Trigger for modification was
observation that AVX512 code paths can negatively affect overall
Skylake-X system performance. Since we are likely to suppress
AVX512F capability flag [at least on Skylake-X], conversion serves
as kind of "investment protection".
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4758)
David Benjamin [Fri, 24 Nov 2017 17:56:32 +0000 (12:56 -0500)]
Pretty-print large INTEGERs and ENUMERATEDs in hex.
This avoids taking quadratic time to pretty-print certificates with
excessively large integer fields. Very large integers aren't any more
readable in decimal than hexadecimal anyway, and the i2s_* functions
will parse either form.
Found by libFuzzer.
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4790)
Originally it was thought that it's possible to use AVX512VL+BW
instructions with XMM and YMM registers without kernel enabling
ZMM support, but it turned to be wrong assumption.
Ronald Tse [Wed, 22 Nov 2017 07:23:48 +0000 (15:23 +0800)]
Add SM3/SM4 to openssl command-line tool
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4773)
Richard Levitte [Tue, 21 Nov 2017 14:09:59 +0000 (15:09 +0100)]
Avoid unnecessary MSYS2 conversion of some arguments
Fixes #4740
The MSYS2 run-time convert arguments that look like paths when
executing a program unless that application is linked with the MSYS
run-time. The exact conversion rules are listed here:
http://www.mingw.org/wiki/Posix_path_conversion
With the built-in configurations (all having names starting with
"mingw"), the openssl application is not linked with the MSYS2
run-time, and therefore, it will receive possibly converted arguments
from the process that executes it. This conversion is fine for normal
path arguments, but it happens that some arguments to the openssl
application get converted when they shouldn't. In one case, it's
arguments like '-passin file:something', and in another, it's a file:
URI (what typically happens is that URIs without an authority
component get converted, 'cause the conversion mechanism doesn't
recognise them as URIs).
To avoid conversion where we don't want it, we simply assign
MSYS2_ARG_CONV_EXCL a pattern to avoid specific conversions. As a
precaution, we only do this where we obviously need it.
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4765)
Matt Caswell [Tue, 14 Nov 2017 15:14:51 +0000 (15:14 +0000)]
If a server is not acknowledging SNI then don't reject early_data
SNI needs to be consistent before we accept early_data. However a
server may choose to not acknowledge SNI. In that case we have to
expect that a client may send it anyway. We change the consistency
checks so that not acknowledging is treated more a like a "wild card",
accepting any SNI as being consistent.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
Matt Caswell [Tue, 14 Nov 2017 14:21:13 +0000 (14:21 +0000)]
Provide a more information early_data message in s_server
s_server reported early_data not being sent and early_data being
rejected in the same way, i.e. "No early data received". This is
slightly misleading so this commit provides a different error message
if the early data is rejected.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
Matt Caswell [Tue, 14 Nov 2017 13:55:21 +0000 (13:55 +0000)]
Allow a client to send early_data with SNI if the session has no SNI
We can only send early_data if the SNI is consistent. However it is valid
for the client to set SNI and the server to not use it. This would still be
counted as consistent. OpenSSL client was being overzealous in this check
and disallowing this scenario.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
Since the server is entitled to reject our session our ClientHello
should include everything that we would want if a full handshake were
to happen. Therefore we shouldn't use the session as a source of
information for setting SNI.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
Paul Yang [Tue, 1 Aug 2017 18:19:43 +0000 (02:19 +0800)]
Support multi-prime RSA (RFC 8017)
* Introduce RSA_generate_multi_prime_key to generate multi-prime
RSA private key. As well as the following functions:
RSA_get_multi_prime_extra_count
RSA_get0_multi_prime_factors
RSA_get0_multi_prime_crt_params
RSA_set0_multi_prime_params
RSA_get_version
* Support EVP operations for multi-prime RSA
* Support ASN.1 operations for multi-prime RSA
* Support multi-prime check in RSA_check_key_ex
* Support multi-prime RSA in apps/genrsa and apps/speed
* Support multi-prime RSA manipulation functions
* Test cases and documentation are added
* CHANGES is updated
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4241)
Paul Yang [Tue, 31 Oct 2017 16:45:24 +0000 (00:45 +0800)]
Support public key and param check in EVP interface
EVP_PKEY_public_check() and EVP_PKEY_param_check()
Doc and test cases are added
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4647)
FdaSilvaYY [Wed, 15 Nov 2017 20:04:12 +0000 (21:04 +0100)]
Fix AppVeyor/VC build failure
..\test\asn1_internal_test.c(96): warning C4113: 'int (__cdecl *)()'
differs in parameter lists from 'int (__cdecl *)(void)'
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4744)
Andy Polyakov [Wed, 15 Nov 2017 11:25:02 +0000 (12:25 +0100)]
bn/bn_add.c: address performance regression.
Performance regression was reported for EC key generation between
1.0.2 and 1.1.x [in GH#2891]. It naturally depends on platform,
values between 6 and 9% were observed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4743)
Andy Polyakov [Sat, 11 Nov 2017 21:24:12 +0000 (22:24 +0100)]
Configurations/10-main.conf: add back /WX to VC-WIN32.
We had /WX (treat warnings as errors) in VC-WIN32 for long time. At
some point it was somehow omitted. It's argued that it allows to
keep better focus on new code, which motivates the comeback...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4721)
Benjamin Kaduk [Thu, 19 Oct 2017 19:44:10 +0000 (14:44 -0500)]
Add OCSP API test executable
Some of the OCSP APIs (such as the recently added OCSP_resp_get0_signer)
do not really merit inclusion in the ocsp(1) utility, but we should still
have unit tests for them.
For now, only test OCSP_resp_get0_signer(), but it should be easy to
add more tests in the future.
Provide an X509 cert and private key in the test's data directory
to use for signing responses, since constructing those on the fly
is more effort than is needed.
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4573)
Benjamin Kaduk [Wed, 18 Oct 2017 20:29:18 +0000 (15:29 -0500)]
Add an API to get the signer of an OCSP response
Add a new function OCSP_resp_get0_signer() that looks in the
certs bundled with the response as well as in additional certificates
provided as a function argument, returning the certificate that signed
the given response (if present).
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4573)
Josh Soref [Sun, 12 Nov 2017 00:03:10 +0000 (19:03 -0500)]
Many spelling fixes/typo's corrected.
Around 138 distinct errors found and fixed; thanks!
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3459)
Long Qin [Tue, 7 Nov 2017 06:59:20 +0000 (14:59 +0800)]
lhash.c: Replace Unicode EN DASH with the ASCII char '-'.
* addressing", Proc. 6th Conference on Very Large Databases: 212–223
^
The EN DASH ('–') in this line is one UTF-8 character (hex: e2 80 93).
Under some code page setting (e.g. 936), Visual Studio may report C4819
warning: The file contains a character that cannot be represented in the
current code page.
Replace this character with the ASCII char '-' (Hex Code: 2D).
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4691)
Matt Caswell [Wed, 8 Nov 2017 13:22:59 +0000 (13:22 +0000)]
Fix an s_client memory leak
We were using OPENSSL_strdup() unnecessarily and then failing to free it. There is
no reason to use OPENSSL_strdup() in this scenario - so just remove it.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4699)
Richard Levitte [Tue, 7 Nov 2017 15:04:15 +0000 (16:04 +0100)]
Configure: cleanup @disable_cascade
'rsa', 'sha' and 'tlsext' can't be disabled, not even as a consequence
of other conditions, so having cascading disables that depend on them
is futile. Clean up!
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4693)
Matt Caswell [Fri, 3 Nov 2017 10:43:06 +0000 (10:43 +0000)]
Fix race condition in TLSProxy
Normally TLSProxy waits for the s_server process to finish before
continuing. However in cases where serverconnects > 1 we need to keep the
s_server process around for a later test so we continue immediately. This
means that TAP test output can end up being printed to stdout at the same
time as s_server is printing stuff. This confuses the test runner and can
cause spurious test failures. This commit introduces a small delay in cases
where serverconnects > 1 in order to give s_server enough time to finish
what it was doing before we continue to the next test.
Fixes #4129
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4660)
Matt Caswell [Tue, 31 Oct 2017 15:55:22 +0000 (15:55 +0000)]
Remove 4 broken macros from ocsp.h
There were 4 macros in ocsp.h that have not worked since 1.1.0 because
they attempt to access the internals of an opaque structure.
For OCSP_REQUEST_sign() applications should use OCSP_request_sign() instead.
For OCSP_BASICRESP_sign() applications should use OCSP_basic_sign() instead.
For OCSP_REQUEST_verify() applications should use OCSP_request_verify()
instead.
For OCSP_BASICRESP_verify() applications should use OCSP_basic_verify()
instead.
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4635)
Ronald Tse [Mon, 30 Oct 2017 09:59:00 +0000 (17:59 +0800)]
SM3: restructure to EVP internal and update doc to right location
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4616)
Jack Lloyd [Wed, 25 Oct 2017 17:19:02 +0000 (13:19 -0400)]
SM3: Add SM3 hash function
SM3 is a secure hash function which is part of the Chinese
"Commercial Cryptography" suite of algorithms which use is
required for certain commercial applications in China.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4616)
Andy Polyakov [Fri, 3 Nov 2017 22:30:01 +0000 (23:30 +0100)]
aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with binutils-2.29.
It's not clear if it's a feature or bug, but binutils-2.29[.1]
interprets 'adr' instruction with Thumb2 code reference differently,
in a way that affects calculation of addresses of constants' tables.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4669)
Richard Levitte [Wed, 1 Nov 2017 16:09:06 +0000 (17:09 +0100)]
Fix small but important regression
In OpenSSL pre 1.1.0, 'openssl x509 -CAkeyformat engine' was possible
and supported. In 1.1.0, a small typo ('F' instead of 'f') removed
that possibility. This restores the pre 1.1.0 behavior.
Fixes #4366
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4643)
Ronald Tse [Sat, 21 Oct 2017 02:59:09 +0000 (11:59 +0900)]
Synchronize man3 EVP cipher list with existing implementations, adding:
* ARIA, SEED, Camellia
* AES-XTS, OCB, CTR
* Key wrap for 3DES, AES
* RC4-MD5 AD
* CFB modes with 1-bit and 8-bit shifts
Split EVP_EncryptInit cipher list to individual man pages.
Consolidate cipher bit-lengths in EVP_EncryptInit cipher list.
Clarify
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4564)
A block of six TEST_int_xy() macro definitions was duplicated.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4624)
Baptiste Jonglez [Mon, 30 Oct 2017 10:36:06 +0000 (11:36 +0100)]
afalg: Use eventfd2 syscall instead of eventfd
The eventfd syscall is deprecated and is not available on aarch64, causing
build to fail:
engines/e_afalg.c: In function 'eventfd':
engines/e_afalg.c:108:20: error: '__NR_eventfd' undeclared (first use in this function)
return syscall(__NR_eventfd, n);
^
Instead, switch to the newer eventfd2 syscall, which is supposed to be
supported by all architectures.
This kind of issues would be avoided by simply using the eventfd(2)
wrapper from the libc, but there must be subtle reasons not to...
Tested on a aarch64 system running OpenSUSE Leap 42.1 (gcc118 from
https://cfarm.tetaneutral.net/machines/list/ ) and also cross-compiling
for aarch64 with LEDE (kernel 4.9).
This properly fixes #1685.
CLA: trivial Fixes: 7f458a48 ("ALG: Add AFALG engine") Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4617)
Ronald Tse [Tue, 31 Oct 2017 05:19:14 +0000 (15:19 +1000)]
SM4: Add SM4 block cipher to EVP
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4552)
Benjamin Kaduk [Fri, 27 Oct 2017 14:54:14 +0000 (09:54 -0500)]
Prevent NULL dereference in async clear-fd code
If the list of fds contains only (one or more) entries marked
as deleted prior to the entry currently being deleted, and the
entry currently being deleted was only just added, the 'prev'
pointer would never be updated from its initial NULL value, and
we would dereference NULL while trying to remove the entry from
the linked list.
Reported by Coverity.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4602)
Benjamin Kaduk [Wed, 18 Oct 2017 13:05:57 +0000 (08:05 -0500)]
Provide SSL_CTX.stats.sess_accept for switched ctxs
We currently increment the SSL_CTX stats.sess_accept field in
tls_setup_handshake(), which is invoked from the state machine well
before ClientHello processing would have had a chance to switch
the SSL_CTX attached to the SSL object due to a provided SNI value.
However, stats.sess_accept_good is incremented in tls_finish_handshake(),
and uses the s->ctx.stats field (i.e., the new SSL_CTX that was switched
to as a result of SNI processing). This leads to the confusing
(nonsensical) situation where stats.sess_accept_good is larger than
stats.sess_accept, as the "sess_accept" value was counted on the
s->session_ctx.
In order to provide some more useful numbers, increment
s->ctx.stats.sess_accept after SNI processing if the SNI processing
changed s->ctx to differ from s->session_ctx. To preserve the
property that any given accept is counted only once, make the
corresponding decrement to s->session_ctx.stats.sess_accept when
doing so.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4549)
Benjamin Kaduk [Tue, 17 Oct 2017 20:28:42 +0000 (15:28 -0500)]
Normalize on session_ctx for stats where possible
For client SSL objects and before any callbacks have had a chance
to be called, we can write the stats accesses using the session_ctx,
which makes sense given that these values are all prefixed with
"sess_".
For servers after a client_hello or servername callback has been
called, retain the existing behavior of modifying the statistics
for the current (non-session) context. This has some value,
in that it allows the statistics to be viewed on a per-vhost level.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4549)
Benjamin Kaduk [Tue, 17 Oct 2017 19:46:58 +0000 (14:46 -0500)]
Use atomics for SSL_CTX statistics
It is expected that SSL_CTX objects are shared across threads,
and as such we are responsible for ensuring coherent data accesses.
Aligned integer accesses ought to be atomic already on all supported
architectures, but we can be formally correct.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4549)
Extend the s390x capability vector to store the longer facility list
available from z13 onwards. The bits indicating the vector extensions
are set to zero, if the kernel does not enable the vector facility.
Also add capability bits returned by the crypto instructions' query
functions.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4542)
projects / openssl / log