Richard Levitte [Sun, 23 Apr 2017 14:17:32 +0000 (16:17 +0200)]
Port Ben's parallell Makefile hack to VMS
As far as I know, there is no MMS / MMK with parallellism today.
However, it might be added in the future (perhaps in MMK at least), so
we may as well prepare for it now.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3282)
(cherry picked from commit 757264207ad8650a89ea903d48ad89f61d56ea9c)
Richard Levitte [Sat, 22 Apr 2017 13:06:35 +0000 (15:06 +0200)]
Port Ben's parallell Makefile hack to Windows
jom is an nmake clone that does parallell building, via the same -j
argument as GNU make. To make it work, we need to apply the same
dependeency build up as done in 27c40a93175d4dcb559325db9354910b3d16cd4e
Fixes #3272
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3277)
(cherry picked from commit f919c12f5c8b92f0318c650573e774fe6522c27c)
If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to
an unsupported algorithm/curve (e.g. if binary EC support is disabled).
Before this commit the issue arise for example if binary EC keys are added in
evptests.txt, and the test is run when EC is enabled but EC2m is disabled.
E.g. adding these lines to evptests.txt would reproduce the issue:
PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
53YiHHK4SzR844PzgGe4nD6a
-----END PUBLIC KEY-----
PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM
JRuNoCHLrCgfEj969PrFs9u4
-----END PUBLIC KEY-----
When compiling without EC support the test fails abruptly reading some keys.
Some keys merged in commit db040557c8bf4449e0a0b43510a2b30d89d58a83 start with
------BEGIN EC PRIVATE KEY-----
this format is not supported without EC support.
This commit reformat those keys with the generic format. After this change the
test simply skips the unsupported EC keys when EC is disabled, without parsing
errors.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3222)
Richard Levitte [Mon, 10 Apr 2017 20:01:05 +0000 (22:01 +0200)]
Fix x_int64.c
Clearing a misunderstanding. The routines c2i_uint64_int() and
i2c_uint64_int() expect to receive that internal values are absolute
and with a separate sign flag, and the x_int64.c code handles values
that aren't absolute and have the sign bit embedded. We therefore
need to convert between absolute and non-absolute values for the
encoding of negative values to be correct.
[extended tests]
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3160)
(cherry picked from commit 429223d198aabacd129cf6dde5a4203b5af41737)
Todd Short [Tue, 11 Apr 2017 13:02:05 +0000 (09:02 -0400)]
Remove ECDH(E) ciphers from SSLv3
SSLv3 does not support TLS extensions, and thus, cannot provide any
curves for ECDH(E). With the removal of the default (all) list of curves
being used for connections that didn't provide any curves, ECDHE is no
longer possible.
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3181)
(cherry picked from commit fe55c4a20f79c77c64a082c5df2c5e8a61317162)
Matt Caswell [Mon, 10 Apr 2017 16:33:29 +0000 (17:33 +0100)]
Reject decoding of an INT64 with a value >INT64_MAX
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3159)
(cherry picked from commit 0856e3f167964f58c26796331eab9d8b0a883921)
Benjamin Kaduk [Tue, 7 Feb 2017 22:23:16 +0000 (16:23 -0600)]
Allow an ALPN callback to pretend to not exist
RFC 7301 mandates that the server SHALL respond with a fatal
"no_application_protocol" alert when there is no overlap between
the client's supplied list and the server's list of supported protocols.
In commit 062178678f5374b09f00d70796f6e692e8775aca we changed from
ignoring non-success returns from the supplied alpn_select_cb() to
treating such non-success returns as indicative of non-overlap and
sending the fatal alert.
In effect, this is using the presence of an alpn_select_cb() as a proxy
to attempt to determine whether the application has configured a list
of supported protocols. However, there may be cases in which an
application's architecture leads it to supply an alpn_select_cb() but
have that callback be configured to take no action on connections that
do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from
the callback would be the natural way to do so. Unfortunately, the
aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as
indicative of no overlap and terminated the connection; this change
supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the
callback. In effect, it provides a way for a callback to obtain the
behavior that would have occurred if no callback was registered at
all, which was not possible prior to this change.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3158)
(cherry picked from commit 8313a787d770ac1d7ddafcbc41b13e7fb5841eae)
Andy Polyakov [Fri, 7 Apr 2017 20:30:13 +0000 (22:30 +0200)]
e_os.h: omit PRIu64.
PRIu64 is error-prone with BIO_printf, so introduce and stick to custom
platform-neutral macro. 'll' allows to print 64-bit values on *all*
supported platforms, but it's problematic with -Wformat -Werror. Hence
use 'l' in identifiable LP64 cases.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3148)
Andy Polyakov [Fri, 7 Apr 2017 18:26:59 +0000 (20:26 +0200)]
bio/b_print.c: drop dependency on BN config.
This might seem controversial, but it doesn't actually affect anything.
Or rather it doesn't make worse cases when it was problematic [with code
additions to 1.1.0]. One of such rare cases is 32-bit PA-RISC target
with *vendor* compiler.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3148)
Richard Levitte [Fri, 7 Apr 2017 14:26:10 +0000 (16:26 +0200)]
Fix rand_lib.c for no-engine configuration
When configured no-engine, we still refered to rand_engine_lock.
Rework the lock init code to avoid that.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3145)
(cherry picked from commit 2f881d2d9065342454fe352eac9e835cefa0ba90)
Richard Levitte [Thu, 6 Apr 2017 13:58:38 +0000 (15:58 +0200)]
Don't try to clean up RAND from ENGINE
This is especially harmful since OPENSSL_cleanup() has already called
the RAND cleanup function
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3137)
(cherry picked from commit 789a2b6250d5e05dfde6ce259e79ef8c172c9f3f)
Richard Levitte [Thu, 6 Apr 2017 09:30:03 +0000 (11:30 +0200)]
Make getting and setting the RAND default method thread safe
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3137)
(cherry picked from commit 87975cfa91c3f06a52f2550ed2ef632644be6dde)
Qin Long [Tue, 4 Apr 2017 17:08:16 +0000 (01:08 +0800)]
e_os2.h: Refine OSSL_SSIZE definition under UEFI environment
Under UEFI build environment, we may encounter the OSSL_SSIZE macro
re-definition error in e_os2.h if any module call OpenSSL API directly
by including "openssl/xxxx.h" (caused by the predefined _WIN32/_WIN64
macro, which should have been un-defined under OPENSSL_SYS_UEFI).
Though it's not one recommended usage, this patch could still eliminate
the possible build issue by refining the OSSL_SSIZE definition under
OPENSSL_SYS_UEFI.
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3121)
Richard Levitte [Thu, 6 Apr 2017 08:24:55 +0000 (10:24 +0200)]
In rand_cleanup_int(), don't go creating a default method
If no default method was yet given, RAND_get_rand_method() will set it
up. Doing so just to clean it away seems pretty silly, so instead,
use the default_RAND_meth variable directly.
This also clears a possible race condition where this will try to init
things, such as ERR or ENGINE when in the middle of a OPENSSL_cleanup.
Fixes #3128
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3136)
(cherry picked from commit 5006b37b31c5a520c3065048bd8aba8cc3ff128d)
Matt Caswell [Mon, 27 Mar 2017 15:11:11 +0000 (16:11 +0100)]
Fix a possible integer overflow in long_c2i
Credit to OSS-Fuzz for finding this.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)
Richard Levitte [Thu, 30 Mar 2017 11:33:33 +0000 (13:33 +0200)]
Convert SSL_SESSION_ASN1 to use size specific integers
This increases portability of SSL_SESSION files between architectures
where the size of |long| may vary. Before this, SSL_SESSION files
produced on a 64-bit long architecture may break on a 32-bit long
architecture.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)
Andy Polyakov [Sat, 1 Apr 2017 13:28:28 +0000 (15:28 +0200)]
crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.
It seems to be problematic to probe processor capabilities with SIGILL
on MacOS X. The problem should be limited to cases when application code
is debugged, but crashes were reported even during normal execution...
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0bd93bbe4ae60e5f318b298bfe617e468a7b71d0)
Andy Polyakov [Fri, 31 Mar 2017 12:37:10 +0000 (14:37 +0200)]
Configure: use 5.10.0, don't require...
Configure started with 'require 5.10.0', but if executed by older perl
it failed with "might be runaway multi-line // string" instead of
naturally expected "Perl v5.10.0 required--this is only v5.x.y".
The man pages for ciphers, s_client and s_server mention the tls1_3
option but it is not implemented in the 1.1.0 branch. Thus remove it to
avoid confusion.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3099)
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3079)
Steven Collison [Tue, 28 Mar 2017 16:02:37 +0000 (09:02 -0700)]
doc: Add missing options in s_{server,client}
These were added to the help in ad775e04f6dab but not the pods.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3065)
(cherry picked from commit 254b58fd7335fa3c58e2535d46658109ffd8bdcd)
Matt Caswell [Fri, 24 Mar 2017 16:01:50 +0000 (16:01 +0000)]
Provide documentation for missing SSL_SESSION_* functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3052)
(cherry picked from commit b31db50528ccfd493b3be73f55c53f4606943d28)
Richard Levitte [Sun, 26 Mar 2017 18:01:44 +0000 (20:01 +0200)]
In err_cleanup(), cleanup the thread local storage too
Fixes #3033
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3035)
(cherry picked from commit 165f1c3ef39680471339d21b9f6c12ea86b4a26a)
Even though Apple refers to Procedure Call Standard for ARM Architecture
(AAPCS), they apparently adhere to custom version that doesn't follow
stack alignment constraints in the said standard. [Why or why? If it's
vendor lock-in thing, then it would be like worst spot ever.] And since
bsaes-armv7 relied on standard alignment, it became problematic to
execute the code on iOS.
Bernd Edlinger [Fri, 24 Mar 2017 08:03:54 +0000 (09:03 +0100)]
Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3023)
Zack Williams [Sat, 18 Mar 2017 01:43:53 +0000 (18:43 -0700)]
"any" instead of "and"
The "and" should be an "any"
Fixed in LibreSSL's docs: http://man.openbsd.org/man5/x509v3.cnf.5#Subject_alternative_name
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2980)
(cherry picked from commit a41815f05e71009d2a5148bd30b70f47186ed66b)
Ian Spence [Fri, 17 Mar 2017 02:06:52 +0000 (19:06 -0700)]
Fix function documentation
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2972)
(cherry picked from commit f5fd3848fe5033534b92d2d18ed6fbd16741a0a2)
Andy Polyakov [Wed, 22 Mar 2017 09:51:25 +0000 (10:51 +0100)]
bn/asm/sparcv9-mont.pl: fix squaring code path.
This module is used only with odd input lengths, i.e. not used in normal
PKI cases, on contemporary processors. The problem was "illuminated" by
fuzzing tests.
Rich Salz [Thu, 23 Mar 2017 17:04:52 +0000 (13:04 -0400)]
Look for comma before - in POD pages
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3021)
(cherry picked from commit 3ba4dac67a63c2d2589d46095d989b301cd62650)
Andy Polyakov [Mon, 20 Mar 2017 11:47:08 +0000 (12:47 +0100)]
modes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors.
One could have fixed the problem by arranging 64-bit alignment of
EVP_AES_OCB_CTX.aad_buf in evp/e_aes.c, but CRYPTO_ocb128_aad
prototype doesn't imply alignment and we have to honour it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2994)
David Benjamin [Tue, 21 Mar 2017 04:27:35 +0000 (00:27 -0400)]
Remove duplicate X509_OBJECT free function.
These two functions do the same thing.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3001)
(cherry picked from commit b6ef12c4baa3a2c1ff0e3ac71270588dfcfe8cbd)
Richard Levitte [Wed, 15 Mar 2017 01:40:55 +0000 (02:40 +0100)]
Rework how protocol specific ciphers in 80-test_ssl_old.t are picked out
The code to do this incorrectly assumed that the protocol version
could be used as a valid cipher suite for the 'openssl cipher'
command. While this is true in some cases, that isn't something to be
trusted. Replace that assumption with code that takes the full
'openssl ciphers' command output and parses it to find the ciphers we
look for.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2956)
(cherry picked from commit 9ea6d56d044a95459e563abdc85aed26149e6ee9)
Richard Levitte [Mon, 20 Mar 2017 20:31:02 +0000 (21:31 +0100)]
Fix decoding of ASN.1 LONG and ZLONG items
LONG and ZLONG items (which are OpenSSL private special cases of
ASN1_INTEGER) are encoded into DER with padding if the leading octet
has the high bit set, where the padding can be 0x00 (for positive
numbers) or 0xff (for negative ones).
When decoding DER to LONG or ZLONG, the padding wasn't taken in
account at all, which means that if the encoded size with padding
is one byte more than the size of long, decoding fails. This change
fixes that issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3000)
Rich Salz [Mon, 20 Mar 2017 20:25:22 +0000 (16:25 -0400)]
Document BIO_printf family
Also fix an error in UI_STRING (typo; wrong case).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2999)
(cherry picked from commit 2ca2e9175d54dc66a66fe2a51ff5dd9b3bc899dc)
Bernd Edlinger [Mon, 20 Mar 2017 17:52:44 +0000 (18:52 +0100)]
Fix the error handling in CRYPTO_dup_ex_data.
Fix a strict aliasing issue in ui_dup_method_data.
Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2997)
Péter Budai [Tue, 11 Oct 2016 17:26:23 +0000 (19:26 +0200)]
Fixed PKCS5_PBKDF2_HMAC() to adhere to the documentation.
The documentation of this function states that the password parameter
can be NULL. However, the implementation returns an error in this case
due to the inner workings of the HMAC_Init_ex() function.
With this change, NULL password will be treated as an empty string and
PKCS5_PBKDF2_HMAC() no longer fails on this input.
I have also added two new test cases that tests the handling of the
special values NULL and -1 of the password and passlen parameters,
respectively.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1692)
(cherry picked from commit fa013b65241dfed9b7d9e10e0adfedc9869c797e)
Matt Caswell [Fri, 17 Mar 2017 10:21:25 +0000 (10:21 +0000)]
Fix no-dtls builds
Commits f2ff1432f in master and 14d4d7eda in 1.1.0 broke the no-dtls build
by moving the position of a "#endif" for OPENSSL_NO_DTLS in a change
which is otherwise unrelated to DTLS. This puts it back to where it was.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2974)
(cherry picked from commit 9998b32cb63b0bdd3d014abfa1d70e9a2c20a283)
Paul Yang [Thu, 16 Mar 2017 09:05:30 +0000 (17:05 +0800)]
Fix typo in ASYNC_WAIT_CTX_new.pod doc
For the function that get the changed fds, it should be
'ASYNC_WAIT_CTX_get_changed_fds()' instead of 'ASYNC_WAIT_CTX_fds_have_changed()'.
CLA: trivial
Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2967)
Richard Levitte [Tue, 14 Mar 2017 21:22:17 +0000 (22:22 +0100)]
VMS: throw away [.util]shareable_image_wrap.c.in and add replacement scripts
[.util]shareable_image_wrap.c.in was never useful because lib$spawn()
insisted on combining stdout and stderr into one.
Instead, we introduce two scripts that create and destroy a temporary
environment where the local shareable images become available,
[.util]local_shlib.com and [.util]unlocal_shlib.com.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2948)
Richard Levitte [Mon, 13 Mar 2017 20:25:37 +0000 (21:25 +0100)]
Better way to recognise mingw64 in config script
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2922)
(cherry picked from commit 41bee3e8fb749504f21f78dbf3eca85e5b84820b)
Exteneded feature flags were not pulled on AMD processors, as result
a number of extensions were effectively masked on Ryzen. Original fix
for x86_64cpuid.pl addressed this problem, but messed up processor
vendor detection. This fix moves extended feature detection past
basic feature detection where it belongs. 32-bit counterpart is
harmonized too.
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 1aed5e1ac28790cc915ad03e86e2d5e896a4ea13)
Richard Levitte [Mon, 13 Mar 2017 08:09:43 +0000 (09:09 +0100)]
Recognise mingw64 in config script
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2914)
(cherry picked from commit 57cb3385b109ff66f7cb0b81ad3a89543bfd6f68)
projects / openssl / log