Commit Graph

215 Commits

Author SHA1 Message Date
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Rich Salz
6943335e3e Make secure-memory be a config option
Adding support for "no-secure-memory" was simple, a one-liner.
Fixing all the "ifdef OPENSSL_SECURE_MEMORY" to be "ifndef NO_xxx"
was a bit more work.  My original goof, for not following the OpenSSL
pattern "ifndef NO_" used everywhere else.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11023)
2020-02-14 15:18:27 +01:00
Rich Salz
fc56cd3368 Remove unused HAS_LFN_SUPPORT
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10959)
2020-02-07 14:44:48 +10:00
Dr. Matthias St. Pierre
01036e2afb Move random-related defines from e_os.h to rand_unix.c
Fixes #10049

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10050)
2019-10-19 00:04:27 +02:00
Pauli
89e5aaa1d7 Fix typo in comment
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10105)
2019-10-06 13:39:01 +10:00
Dr. Matthias St. Pierre
ae4186b004 Fix header file include guard names
Make the include guards consistent by renaming them systematically according
to the naming conventions below

For the public header files (in the 'include/openssl' directory), the guard
names try to match the path specified in the include directives, with
all letters converted to upper case and '/' and '.' replaced by '_'. For the
private header files files, an extra 'OSSL_' is added as prefix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:26:36 +02:00
Pauli
280cc01808 Don't include the DEVRANDOM being seeded logic on Android.
It lacks exposure of the `shm*` functions and should prefer the GETRANDOM
source.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9735)
2019-08-30 08:01:34 +10:00
Pauli
3a5777501a Start up DEVRANDOM entropy improvement for older Linux devices.
Improve handling of low entropy at start up from /dev/urandom by waiting for
a read(2) call on /dev/random to succeed.  Once one such call has succeeded,
a shared memory segment is created and persisted as an indicator to other
processes that /dev/urandom is properly seeded.

This does not fully prevent against attacks weakening the entropy source.
An attacker who has control of the machine early in its boot sequence
could create the shared memory segment preventing detection of low entropy
conditions.  However, this is no worse than the current situation.

An attacker would also be capable of removing the shared memory segment
and causing seeding to reoccur resulting in a denial of service attack.
This is partially mitigated by keeping the shared memory alive for the
duration of the process's existence.  Thus, an attacker would not only need
to have called call shmctl(2) with the IPC_RMID command but the system
must subsequently enter a state where no instances of libcrypto exist in
any process.  Even one long running process will prevent this attack.

The System V shared memory calls used here go back at least as far as
Linux kernel 2.0.  Linux kernels 4.8 and later, don't have a reliable way
to detect that /dev/urandom has been properly seeded, so a failure is raised
for this case (i.e. the getentropy(2) call has already failed).

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9595)
2019-08-20 16:10:49 +10:00
Rich Salz
6b10d29c1a Remove NextStep support
Because of that we can remove OPENSSL_UNISTD and some other
macros from e_os2.h and opensslconf.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9204)
2019-07-01 13:32:46 -04:00
Dr. Matthias St. Pierre
a08714e181 Revert the DEVRANDOM_WAIT feature
The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b87f0
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.

It turned out that this change had negative side effects on
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.

Fixes #9078

This partially reverts commit 38023b87f0.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9084)
2019-06-09 09:48:49 +02:00
Klotz, Tobias
61783db5b5 Use vxRandLib for VxWorks7
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8023)
2019-05-02 23:32:44 +02:00
Bernd Edlinger
596521f488 Limit DEVRANDOM_WAIT to linux
Fixes #8416

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8428)
2019-03-07 22:36:31 +01:00
Bernd Edlinger
38023b87f0 Fix seeding from random device w/o getrandom syscall
Use select to wait for /dev/random in readable state,
but do not actually read anything from /dev/random,
use /dev/urandom first.

Use linux define __NR_getrandom instead of the
glibc define SYS_getrandom, in case the kernel headers
are more current than the glibc headers.

Fixes #8215

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8251)
2019-03-01 18:28:11 +01:00
Matt Caswell
71b1ceffc4 Make sure build_SYS_str_reasons() preserves errno
This function can end up being called during ERR_get_error() if we are
initialising. ERR_get_error() must preserve errno since it gets called via
SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are
supposed to inspect errno.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)
2018-12-10 10:17:43 +00:00
Richard Levitte
402dd5585e Following the license change, modify the boilerplates in last few
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7836)
2018-12-06 15:40:33 +01:00
Dr. Matthias St. Pierre
8529b15642 test/secmemtest: test secure memory only if it is implemented
Fixes #7322

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7351)
2018-10-05 12:19:48 +02:00
agnosticdev
46d085096c typo-fixes: miscellaneous typo fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7277)
2018-09-21 23:55:22 +02:00
Nicola Tuveri
34446a8524 Remove __cplusplus preamble from internal headers
These headers are internal and never exposed to a cpp compiler, hence no
need for the preamble.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6554)
2018-06-22 12:24:59 +02:00
Matt Caswell
0d66475908 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-27 13:59:42 +00:00
Rich Salz
77376c0507 Remove OSSLzu, and fix the one place that used it.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5439)
2018-02-23 16:49:59 -05:00
Patrick Steuer
fb9163ba4d e_os.h: add prandom and hwrng to the list of random devices on s390x.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4534)
2017-10-22 22:56:18 +02:00
Pauli
4cff10dcbf struct timeval include guards
Move struct timeval includes into e_os.h (where the Windows ones were).
Enaure that the include is guarded canonically.

Refer #4271

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4312)
2017-09-01 09:55:43 +10:00
Pauli
198c42f5af Move OPENSSL_CONF from e_os.h to cryptlib.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30 07:20:44 +10:00
Pauli
07016a8a31 Move e_os.h to be the very first include.
cryptilib.h is the second.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30 07:20:44 +10:00
Pauli
cd420b0b1f Move the REF_PRINT support from e_os.h to internal/refcount.h.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30 07:20:44 +10:00
Rich Salz
b2db9c18b2 MSC_VER <= 1200 isn't supported; remove dead code
VisualStudio 6 and earlier aren't supported.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4263)
2017-08-27 11:35:39 -04:00
Rich Salz
32c1356302 Remove NO_DIRENT; it isn't used anywhere
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4261)
2017-08-25 19:45:21 -04:00
Richard Levitte
9a5d80cb5e Move more socket stuff
The socket stuff for DJGPP and VMS was only partially moved to
include/internal/sockets.h...

Remains vxWorks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4254)
2017-08-25 23:59:30 +02:00
Richard Levitte
b379fe6cd0 NO_SYS_TYPES_H isn't defined anywhere, stop using it as a guard
This is a vestige from pre-1.1.0 OpenSSL

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4256)
2017-08-25 15:50:59 +02:00
Rich Salz
0e97f1e1a7 (Re)move some things from e_os.h
Remove GETPID_IS_MEANINGLESS and osslargused.

Move socket-related things to new file internal/sockets.h; this is now
only needed by four(!!!) files.  Compiles should be a bit faster.
Remove USE_SOCKETS ifdef's

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4209)
2017-08-22 14:15:40 -04:00
Rich Salz
176db6dc51 Use "" not <> for internal/ includes
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4217)
2017-08-22 09:54:20 -04:00
Pauli
b99fe5f492 Remove tests dependence on e_os.h
Apart from ssltest_old.c, the test suite relied on e_os.h for the
OSSL_NELEM macro and nothing else.

The ssltest_old.c also requires EXIT and some socket macros.

Create a new header to define the OSSL_NELEM macro and use that instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4186)
2017-08-18 09:50:25 +10:00
FdaSilvaYY
a303e9a6a8 fix some typos
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)
2017-08-16 10:36:34 -04:00
FdaSilvaYY
2e38091c14 Fix two MSVC warnings in apps.c
warning C4996: 'fileno': The POSIX name for this item is deprecated.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)
2017-08-16 10:36:34 -04:00
Matt Caswell
67dc995eaf Move ossl_assert
Move the definition of ossl_assert() out of e_os.h which is intended for OS
specific things. Instead it is moved into internal/cryptlib.h.

This also changes the definition to remove the (int) cast.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4073)
2017-08-03 10:48:00 +01:00
Rich Salz
f367ac2b26 Use randomness not entropy
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3773)
2017-06-27 12:14:49 -04:00
Bernd Edlinger
26dc47f3c4 Add parentheses around macro argument of OSSL_NELEM.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3039)
2017-06-20 13:49:43 -04:00
Matt Caswell
98d132cf6a Add a macro for testing assertion in both debug and production builds
If we have an assert then in a debug build we want an abort() to occur.
In a production build we want the function to return an error.

This introduces a new macro to assist with that. The idea is to replace
existing use of OPENSSL_assert() with this new macro. The problem with
OPENSSL_assert() is that it aborts() on an assertion failure in both debug
and production builds. It should never be a library's decision to abort a
process (we don't get to decide when to kill the life support machine or
the nuclear reactor control system). Additionally if an attacker can
cause a reachable assert to be hit then this can be a source of DoS attacks
e.g. see CVE-2017-3733, CVE-2015-0293, CVE-2011-4577 and CVE-2002-1568.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3496)
2017-05-22 13:54:31 +01:00
Andy Polyakov
5f5840139e e_os.h: drop now-redundant PRIu64 [and fix OSSLzu].
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3083)
2017-03-30 19:34:24 +02:00
Qin Long
cff55b90e9 Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags
Add OPENSSL_SYS_UEFI to remove unused syslog and uid stuffs for
more clean UEFI build.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2961)
2017-03-29 07:35:59 +02:00
Rich Salz
43708c1545 Move PRIu64, OSSLzu to e_os.h
Those macros are private, not public.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3044)
2017-03-28 08:43:48 -04:00
Kurt Roeckx
43c564170c Use memcmp() instead of CRYPTO_memcmp() when fuzzing
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2633
2017-03-19 14:34:07 +01:00
Kurt Roeckx
d913a0557f Revert "Use memcmp() instead of CRYPTO_memcmp() when fuzzing"
This reverts commit 3aad8e1870.

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2686
2017-02-20 18:54:39 +01:00
Kurt Roeckx
3aad8e1870 Use memcmp() instead of CRYPTO_memcmp() when fuzzing
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2633
2017-02-19 14:00:13 +01:00
Richard Levitte
b8f304f70d Change default directory for the .rnd file on Windows and VMS
The previous change for Windows wasn't quite right.  Corrected to use
%HOME%, %USERPROFILE% and %SYSTEMPROFILE%, in that order.

Also adding the default home for VMS, SYS$LOGIN:

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-20 11:06:40 +02:00
Mat
8d95ca36e6 Fix strdup macro redefinition
This fixes the following error when the CRT debug heap (crtdbg.h) is used:
e_os.h(476): warning C4005: 'strdup': macro redefinition
C:\Program Files (x86)\Windows Kits\10\Include\10.0.10586.0\ucrt\crtdbg.h(319): note: see previous definition of 'strdup'
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1137)
2016-05-30 09:51:31 -04:00
Richard Levitte
7233bea263 Remove internal functions OPENSSL_strcasecmp and OPENSSL_strncasecmp
Their only reason to exist was that they didn't exist in VMS before
version 7.0.  We do not support such old versions any more.

However, for the benefit of systems that don't get strings.h included
by string.h, we include the former in e_os.h.

RT#4458

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-28 02:15:04 +02:00
Richard Levitte
dc6b5c7beb Handle Visual C warning about non-standard function names.
Visual C version from version 2003 complain about certain function
names, for example:

    apps\apps.c(2572) : warning C4996: 'open': The POSIX name for this item is deprecated. Instead, use the ISO C++ conformant name: _open. See online help for details.

This adds preprocessor aliases for them in e_os.h.

Additionally, crypto/conf/conf_lib.c needs to include e_os.h to catch
those aliases.

RT#4488
RT#4489

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-26 00:48:23 +02:00
Andy Polyakov
6c4be50a5d Move Haiku configuration to separate config file to denote
the fact that it's community-supported target.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-19 22:39:52 +02:00
Rich Salz
b6cff313cb Manual fixes after copyright consolidation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 17:38:18 -04:00