Matt Caswell [Mon, 9 Jan 2017 17:29:44 +0000 (17:29 +0000)]
Mark a HelloRequest record as read if we ignore it
Otherwise the client will try to process it again. The second time around
it will try and move the record data into handshake fragment storage and
realise that there is no data left. At that point it marks it as read
anyway. However, it is a bug that we go around the loop a second time, so
we prevent that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2200)
(cherry picked from commit 290a0419f0c13a30fb3a1d1a279125c8aeafd17e)
Bernd Edlinger [Fri, 23 Dec 2016 13:35:16 +0000 (14:35 +0100)]
Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140
(cherry picked from commit c6d215e0d278fcd51ad474a3647b61e1b67290bb)
Rich Salz [Sun, 8 Jan 2017 17:50:52 +0000 (12:50 -0500)]
Rename "verify_cb" to SSL_verify_cb
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
(cherry picked from commit 3adc41dd22080c4161d8a2af98d7b29fdbb11915)
Rich Salz [Tue, 27 Dec 2016 20:00:06 +0000 (15:00 -0500)]
Doc nits: callback function typedefs
Enhance find-doc-nits to be better about finding typedefs for
callback functions. Fix all nits it now finds. Added some new
typedef names to ssl.h some of which were documented but did not
exist
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
(cherry picked from commit 121677b4875b08df99a48d20ab5c26f54782f21d)
Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
(cherry picked from commit b93ad05dba3e3d2ceb79799a883ae43d42ba16e2)
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
(cherry picked from commit 9c4319bd03f17fc87ae63b6231c87c678e5cabd1)
BIO_seek and BIO_tell can cause problems with evp_test.c on some platforms.
Avoid them by using a temporary memory BIO to store key PEM data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2183)
(cherry picked from commit 71f60ef3376144885384f2b1b3f00c3d54806f38)
Matt Caswell [Fri, 30 Dec 2016 17:12:11 +0000 (17:12 +0000)]
Provide some tests for the sig algs API
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
(cherry picked from commit f1b25aaed32f90b3309243d24353bf636c1c786b)
Matt Caswell [Fri, 30 Dec 2016 17:11:09 +0000 (17:11 +0000)]
Fix the SSL_set1_sigalgs() macro
This macro has a typo in it which makes it unusable. This issue was already
fixed in 1.0.2 in commit 75fdee04827, but the same fix was not applied to
other branches.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
(cherry picked from commit fb3ae0e830097a3a2a41a0ea82c7ad725f05a451)
Richard Levitte [Fri, 16 Dec 2016 10:18:47 +0000 (11:18 +0100)]
test/ssl_test: give up if both client and server wait on read
In some cases, both client and server end of the test can end up in
SSL_ERROR_WANT_READ and never get out of it, making the test spin.
Detect it and give up instead of waiting endlessly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)
(cherry picked from commit ceb6d746941063eccf7655c7709ba56ca117044b)
Richard Levitte [Fri, 16 Dec 2016 08:24:00 +0000 (09:24 +0100)]
e_afalg: Don't warn about kernel version when pedantic
When built with --strict-warnings and the Linux kernel headers don't
match the kernel version, the preprocessor warnings in
engines/afalg/e_afalg.c cause compilation errors. Use the macro
PEDANTIC to avoid those warnings in that case.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2095)
(cherry picked from commit 97043e46aa7083c787a1efd72ac31ca97ed41610)
Rich Salz [Mon, 28 Nov 2016 20:33:40 +0000 (15:33 -0500)]
CRL critical extension bugfix
More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1775)
(cherry picked from commit 2b40699082d1e5d0e94811542c4f0633ab2d5989)
Rich Salz [Mon, 12 Dec 2016 16:14:40 +0000 (11:14 -0500)]
Fix various doc nits.
Don't use regexps for section names, just strings: More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)
(cherry picked from commit 3dfda1a6363c0cf4efee94754a36c2d86be190c3)
Paul Hovey [Mon, 5 Dec 2016 22:17:11 +0000 (17:17 -0500)]
updated macro spacing for styling purposes
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
(cherry picked from commit 6974fca49d9d0b110c02c83a7bbe01907472ac5e)
Paul Hovey [Mon, 5 Dec 2016 21:57:25 +0000 (16:57 -0500)]
fix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
(cherry picked from commit 8bd62abe00b893573920a7a12769fb00bd8da234)
Benjamin Kaduk [Thu, 8 Dec 2016 18:01:31 +0000 (12:01 -0600)]
Restore the ERR_FATAL_ERROR() macro
Commit 0cd0a820abc6124cf8e176fa92d620a2abf9e419 removed this macro
along with many unused function and reason codes; ERR_FATAL_ERROR()
was not used in the tree, but did have external consumers.
Add it back to restore the API compatibility and avoid breaking
applications for no internal benefit.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2049)
(cherry picked from commit 036ba500f7886ca2e7231549fa574ec2cdd45cef)
Andy Polyakov [Fri, 9 Dec 2016 14:26:19 +0000 (15:26 +0100)]
perlasm/x86_64-xlate.pl: refine sign extension in ea package.
$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while,
relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But
this apparently changed in some version past minimally required 5.10,
and operation result became 0. Yet, it went unnoticed for another while,
because most perl package providers configure their packages with
-Duse64bitint option.
Markus Triska [Fri, 9 Dec 2016 17:07:09 +0000 (18:07 +0100)]
Fix reference to SSL_set_max_proto_version.
CLA: trivial Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2059)
(cherry picked from commit 2884c76a4e4c1f98d17a10e2d0f5dfc43e9cb04a)
Richard Levitte [Fri, 9 Dec 2016 22:32:09 +0000 (23:32 +0100)]
VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error
On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero... except on VMS, where this was
treated as an error. Change this to behave like the other platforms.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
(cherry picked from commit 18edbe6519bd5b738bf410b23f437df3005526e3)
Richard Levitte [Thu, 8 Dec 2016 10:16:37 +0000 (11:16 +0100)]
In UI_OpenSSL's open(), generate an error on unknown errno
TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not. This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)
(cherry picked from commit 4984448648f69ed4425df68900b1fd6f17c6c271)
Richard Levitte [Wed, 7 Dec 2016 21:44:47 +0000 (22:44 +0100)]
Add a test for the UI API
The best way to test the UI interface is currently by using an openssl
command that uses password_callback. The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
(cherry picked from commit 17ac8eaf611b588cca251ba63b187e7d9c7edb83)
Richard Levitte [Wed, 7 Dec 2016 15:36:44 +0000 (16:36 +0100)]
UI_process() didn't generate errors
Since there are many parts of UI_process() that can go wrong, it isn't
very helpful to only return -1 with no further explanation. With this
change, the error message will at least show which part went wrong.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2037)
(cherry picked from commit 0a687ab0a92d2d68289364a6e232028c229f44bb)
Matt Caswell [Wed, 23 Nov 2016 23:03:13 +0000 (23:03 +0000)]
Ensure we are in accept state in DTLSv1_listen
Calling SSL_set_accept_state() after DTLSv1_listen() clears the state, so
SSL_accept() no longer works. In 1.0.2 calling DTLSv1_listen() would set
the accept state automatically. We should still do that.
Beat Bolli [Fri, 18 Nov 2016 08:53:48 +0000 (09:53 +0100)]
Use consistent variable names
In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called
"loc", but the one used in the for loop is called "lastpos". Make the names match.
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1949)
Richard Levitte [Tue, 15 Nov 2016 08:56:20 +0000 (09:56 +0100)]
On x86 machines where the compiler supports -m32, use 'linux-x86'
The rationale is that the linux-x86 is the most likely config target
to evolve and should therefore be chosen when possible, while
linux-elf is mostly reserved for older Linux machines.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1924)
(cherry picked from commit 27a451e3739d8331b9c180b0373b88ab6c382409)
Richard Levitte [Tue, 15 Nov 2016 08:53:01 +0000 (09:53 +0100)]
Add a modern linux-x86 config target
'linux-x86' is similar to 'linux-x86_64' but uses -m32 rather than -m64.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1924)
(cherry picked from commit 7fbc0bfdd7a3c46bc7e36b191d11ab3853555a25)
Matt Caswell [Tue, 15 Nov 2016 16:31:26 +0000 (16:31 +0000)]
Remove a hack from ssl_test_old
ssl_test_old was reaching inside the SSL structure and changing the internal
BIO values. This is completely unneccessary, and was causing an abort in the
test when enabling TLSv1.3.
I also removed the need for ssl_test_old to include ssl_locl.h. This
required the addition of some missing accessors for SSL_COMP name and id
fields.
Rich Salz [Tue, 15 Nov 2016 23:54:28 +0000 (18:54 -0500)]
Check return value of some BN functions.
Factorise multiple bn_get_top(group->field) calls
Add missing checks on some conditional BN_copy return value
Add missing checks on some BN_copy return value
Add missing checks on a few bn_wexpand return value
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1626)
Rob Percival [Tue, 15 Nov 2016 10:42:57 +0000 (10:42 +0000)]
Add test for CT_POLICY_EVAL_CTX default time
Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized
to approximately the current time (as returned by time()) by default. This
prevents the addition of this field, and its verification during SCT
validation, from breaking existing code that calls SCT_validate directly.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit ebcb536858a271e8812fb9bbafbc0b825e5ece24)
Rob Percival [Mon, 12 Sep 2016 09:28:21 +0000 (10:28 +0100)]
Reword documentation for {SCT_CTX/CT_POLICY_EVAL_CTX}_set_time
Do not call the time "current", as a different time can be provided.
For example, a time slightly in the future, to provide tolerance for
CT logs with a clock that is running fast.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
(cherry picked from commit 1871a5aa8a538c2b8ac3d302c1e9e72867f5ee0f)
Richard Levitte [Mon, 29 Aug 2016 14:58:31 +0000 (16:58 +0200)]
Only build the body of e_padlock when there are lower level routines
engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the
lower level routines will be present. However, that's not always
true, for example for solaris-x86-cc, and that leads to build errors.
The better solution is to have configure detect if the lower level
padlock routines are being built, and define the macro PADLOCK_ASM if
they are, and use that macro in our C code.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1510)
(cherry picked from commit 7b176a549ea374fc9b64c3fa7f0812239528b696)
Richard Levitte [Mon, 14 Nov 2016 23:58:51 +0000 (00:58 +0100)]
Add a warning stipulating how things should be coded in ossl_init_base
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
(cherry picked from commit 8aa9cf7e655ae1e41f283fbf16dcc810970058a0)
Richard Levitte [Mon, 14 Nov 2016 22:53:45 +0000 (23:53 +0100)]
Stop init loops
Under certain circumstances, the libcrypto init code would loop,
causing a deadlock. This would typically happen if something in
ossl_init_base() caused an OpenSSL error, and the error stack routines
would recurse into the init code before the flag that ossl_init_base()
had been run was checked.
This change makes sure ossl_init_base isn't run once more of the base
is initiated.
Thanks to Dmitry Kostjuchenko for the idea.
Fixes Github issue #1899
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
(cherry picked from commit b7a7f39afeb4748b4c25dbccb8951711b8b70eaf)
prio openssl 1.1.0 seed_len < q was accepted and the seed argument was
then ignored. Now DSA_generate_parameters_ex() returns an error in such
a case but no error string.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1657)
(cherry picked from commit af5474126546b558b0e6f8be4bec4b70977e24b7)
The proposed fix is incorrect. It marks the "run_once" code as having
finished before it has. The intended semantics of run_once is that no
threads should proceed until the code has run exactly once. With this
change the "second" thread will think the run_once code has already been
run and will continue, even though it is still in progress. This could
result in a crash or other incorrect behaviour.
DK [Sun, 13 Nov 2016 12:48:15 +0000 (14:48 +0200)]
Fixed deadlock in CRYPTO_THREAD_run_once for Windows
Fixed deadlock in CRYPTO_THREAD_run_once() if call to init() is causing
a recursive call to CRYPTO_THREAD_run_once() again that is causing a hot
deadloop inside do { } while (result == ONCE_ININIT); section.
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1913)
Kurt Roeckx [Fri, 11 Nov 2016 20:41:50 +0000 (21:41 +0100)]
Cast to an unsigned type before negating
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in
type 'int64_t' (aka 'long'); cast to an unsigned type to negate this
value to itself