Commit Graph

20697 Commits

Author SHA1 Message Date
Andy Polyakov
e295d046dc Revert "Allow --strict-warnings with the icc compiler as well"
This reverts commit a610934c3b.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)
2017-08-30 15:02:39 +02:00
Jon Spillett
bc32673869 Implement Aria GCM/CCM Modes and TLS cipher suites
AEAD cipher mode implementation is based on that used for AES:

  https://tools.ietf.org/html/rfc5116

TLS GCM cipher suites as specified in:

  https://tools.ietf.org/html/rfc6209

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4287)
2017-08-30 12:33:53 +02:00
Jon Spillett
1c2ac29472 Fix potential null pointer dereference in ARIA implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4286)
2017-08-30 14:04:08 +10:00
Pauli
198c42f5af Move OPENSSL_CONF from e_os.h to cryptlib.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30 07:20:44 +10:00
Pauli
07016a8a31 Move e_os.h to be the very first include.
cryptilib.h is the second.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30 07:20:44 +10:00
Pauli
9590da2cd6 Remove the X_OK define, it is unused.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30 07:20:44 +10:00
Pauli
cd420b0b1f Move the REF_PRINT support from e_os.h to internal/refcount.h.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30 07:20:44 +10:00
Pauli
677963e5a4 e_os.h removal from other headers and source files.
Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and
ssl/ssl_locl.h).

Added e_os.h into the files that need it now.

Directly reference internal/nelem.h when required.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30 07:20:43 +10:00
Kurt Roeckx
58891025ef Make the global DRBGs static
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #4268
2017-08-28 23:16:26 +02:00
Kurt Roeckx
0b14a5b7cc Don't auto-instantiate a DRBG when trying to use it and it's not
The one creating the DRBG should instantiate it, it's there that we
know which parameters we should use to instantiate it.

This splits the rand init in two parts to avoid a deadlock
because when the global drbg is created it wands to call
rand_add on the global rand method.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #4268
2017-08-28 23:15:52 +02:00
Rich Salz
b23171744b Avoid out-of-bounds read
Fixes CVE 2017-3735

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4276)
2017-08-28 13:26:26 -04:00
Richard Levitte
302eba3f6d If 'tests' is disabled, then so should 'external-tests'
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4274)
2017-08-28 16:48:47 +02:00
Dr. Matthias St. Pierre
6969a3f49a DRBG: Remove 'randomness' buffer from 'RAND_DRBG'
The DRBG callbacks 'get_entropy()' and 'cleanup_entropy()' are designed
in such a way that the randomness buffer does not have to be allocated
by the calling function. It receives the address of a dynamically
allocated buffer from get_entropy() and returns this address to
cleanup_entropy(), where it is freed. If these two calls are properly
paired, the address can be stored in a stack local variable of the
calling function, so there is no need for having a 'randomness' member
(and a 'filled' member) in 'RAND_DRBG'.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4266)
2017-08-28 08:58:50 -04:00
Dr. Matthias St. Pierre
4871fa49cd RAND: Rename the RAND_poll_ex() callback and its typedef
With the introduction of RAND_poll_ex(), the `RAND_add()` calls were
replaced by meaningless cb(...). This commit changes the 'cb(...)'
calls back to 'rand_add(...)' calls by changing the signature as follows:

-int RAND_poll_ex(RAND_poll_fn cb, void *arg);
+int RAND_poll_ex(RAND_poll_cb rand_add, void *arg);

Changed the function typedef name to 'RAND_poll_cb' to emphasize the fact
that the function type represents a callback function.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4266)
2017-08-28 08:52:02 -04:00
Dr. Matthias St. Pierre
aa048aef0b DRBG: clarify difference between entropy counts and buffer lengths
Unlike the NIST DRBG standard, entropy counts are in bits and
buffer lengths are in bytes. This has lead to some confusion and
errors in the past, see my comment on PR 3789.

To clarify the destinction between entropy counts and buffer lengths,
a 'len' suffix has been added to all member names of RAND_DRBG which
represent buffer lengths:

-   {min,max}_{entropy,adin,nonce,pers}
+   {min,max}_{entropy,adin,nonce,pers}len

This change makes naming also more consistent, as can be seen in the
diffs, for example:

-    else if (adinlen > drbg->max_adin) {
+    else if (adinlen > drbg->max_adinlen) {

Also replaced all 'ent's by 'entropy's, following a suggestion of Paul Dale.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4266)
2017-08-28 08:52:02 -04:00
Rich Salz
b2db9c18b2 MSC_VER <= 1200 isn't supported; remove dead code
VisualStudio 6 and earlier aren't supported.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4263)
2017-08-27 11:35:39 -04:00
Rich Salz
32c1356302 Remove NO_DIRENT; it isn't used anywhere
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4261)
2017-08-25 19:45:21 -04:00
Richard Levitte
384cdd46a1 Fix guarding macro in include/internal/sockets.h
The guard was checked but never defined.  Also, rename it to reflect
that this is an internal header file, not a public one.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4254)
2017-08-25 23:59:30 +02:00
Richard Levitte
9a5d80cb5e Move more socket stuff
The socket stuff for DJGPP and VMS was only partially moved to
include/internal/sockets.h...

Remains vxWorks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4254)
2017-08-25 23:59:30 +02:00
Paul Yang
90862ab4b2 This part fixes braces around if-else.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4223)
2017-08-25 16:23:07 +01:00
Paul Yang
8686c47480 Fix coding style in crypto/rsa directory
this part contains only the return (x) fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4223)
2017-08-25 16:23:07 +01:00
Rich Salz
b5fe5dfbda Use strcpy instead of sprintf %s
Also use a local variable, collapse some code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4258)
2017-08-25 10:49:40 -04:00
Bernd Edlinger
3790a2f697 Clear secret stack values after use in the ED25519-functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4242)
2017-08-25 16:36:21 +02:00
Bernd Edlinger
78f1e4d0b0 Clear secret stack values after use in curve25519.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4242)
2017-08-25 16:36:21 +02:00
Matt Caswell
bf208d9501 Fix no-tls and no-tls1_2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4257)
2017-08-25 14:56:41 +01:00
Matt Caswell
ab78f89b2d Fix no-scrypt
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4252)
2017-08-25 14:54:28 +01:00
Richard Levitte
b379fe6cd0 NO_SYS_TYPES_H isn't defined anywhere, stop using it as a guard
This is a vestige from pre-1.1.0 OpenSSL

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4256)
2017-08-25 15:50:59 +02:00
Matt Caswell
0a8ddc17f5 Fix description of how to report a bug in INSTALL
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4259)
2017-08-25 14:16:20 +01:00
Matt Caswell
219b4643e4 Clarify the meaning of no-stdio in INSTALL
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4259)
2017-08-25 14:14:27 +01:00
Kazuki Yamaguchi
0afca8113e Do not lookup zero-length session ID
A condition was removed by commit 1053a6e2281d; presumably it was an
unintended change. Restore the previous behavior so the get_session_cb
won't be called with zero-length session ID.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4236)
2017-08-25 14:36:07 +02:00
Matt Caswell
0139ce7c92 Fix no-chacha and no-poly1305
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4251)
2017-08-25 11:34:08 +01:00
Matt Caswell
1b3011abb3 Ensure we exchange cookies in s_server even if SCTP is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4243)
2017-08-25 10:50:56 +01:00
Matt Caswell
a5e65f7c5e Don't run a CT specifc test if CT is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4245)
2017-08-25 10:37:22 +01:00
Meena Vyas
a610934c3b Allow --strict-warnings with the icc compiler as well
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4250)
2017-08-25 08:05:13 +02:00
Meena Vyas
bffa1ff8fb passed TARFILE="$(TARFILE)" NAME="$(NAME)" to tar target
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4249)
2017-08-25 08:01:09 +02:00
Pauli
da9b249fd9 Check range of test values using isascii before diving into the full
range of ctype functions.

Revert "Don't try to compare the ctype functions on values > 127"
This reverts commit 6ac589081b.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4225)
2017-08-25 07:56:35 +10:00
Richard Levitte
0f3ffbd158 apps/passwd.c: Make MD5 and SHA password making EBCDIC aware
This mimics the behaviour of DES_crypt, where the salt and password
are expected to be in EBCDIC when CHARSET_EBCDIC is defined, and are
converted internally to ASCII.  This is also done with the magic ID
string if it's not already ASCII.  The resulting output is entirely
built up of ASCII components and is converted back to EBCDIC at the
end.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4229)
2017-08-24 23:46:44 +02:00
Richard Levitte
17621bc2bc apps/passwd.c: Fix code layout
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4229)
2017-08-24 23:46:44 +02:00
Richard Levitte
16583e9179 apps/passwd.c: Don't disable MD5 and SHA when CHARSET_EBCDIC is defined
Fixes #4130

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4229)
2017-08-24 23:46:44 +02:00
Pauli
678c462e21 Check for EOF in ASCII conversions.
The C standard defines EOF as:

    ... an integer constant expression, with type int and a negative value...

This means a conforming implemenetation could define this as a one of the
printable characters.  This won't be a problem for ASCII.

A specific test case has been added for EOF.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4240)
2017-08-25 06:42:17 +10:00
Matt Caswell
f7d1d2a479 Fix enable-sctp
Commit b99fe5f4 broke SCTP. This fixes it again.

Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4244)
2017-08-24 13:20:01 +01:00
Matt Caswell
3733ce61a2 Add documentation for SRTP functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4205)
2017-08-24 09:34:51 +01:00
Dr. Stephen Henson
5e95c1efe6 Correct GCM docs.
Fix GCM documentation: the tag does not have to be supplied before
decrypting any data any more.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4231)
2017-08-23 23:54:51 +01:00
Rich Salz
a130950df9 Tweak wording to be more clear.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4234)
2017-08-23 17:33:27 -04:00
Kazuki Yamaguchi
c9b820aa3c Fix BN_print()
Fix a typo made in commit 27c6d63dad (#4202).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4235)
2017-08-24 01:28:15 +09:00
Rich Salz
9d951a7872 Move randomness to allocated buffer
Don't keep it in the DRBG object, just allocate/free as needed.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4226)
2017-08-22 22:02:57 -04:00
Pauli
27c6d63dad Improvement the formatting in bn_print.c
Movely removal of unnecessary brackets but some could be bugs addressed too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4202)
2017-08-23 07:42:22 +10:00
Rich Salz
0e97f1e1a7 (Re)move some things from e_os.h
Remove GETPID_IS_MEANINGLESS and osslargused.

Move socket-related things to new file internal/sockets.h; this is now
only needed by four(!!!) files.  Compiles should be a bit faster.
Remove USE_SOCKETS ifdef's

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4209)
2017-08-22 14:15:40 -04:00
Paul Yang
94e1f8ab5a Remove useless macros in apps/speed.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4221)
2017-08-22 13:22:16 -04:00
Rich Salz
bef7a81530 Use "" not <> on e_os.h include
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4220)
2017-08-22 11:07:56 -04:00