| 4ff3df1 | Richard Levitte | 17 April 2018, 13:32:02 UTC | Prepare for 1.1.1-pre5 release Reviewed-by: Matt Caswell <matt@openssl.org> | 17 April 2018, 13:32:02 UTC |
| 2842813 | Richard Levitte | 17 April 2018, 13:18:40 UTC | Update copyright year Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5990) | 17 April 2018, 13:18:40 UTC |
| 6761890 | Richard Levitte | 17 April 2018, 13:06:00 UTC | OpenSSL 1.1.1-pre5: update CHANGES with recent user visible changes Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5989) | 17 April 2018, 13:14:42 UTC |
| b7fb239 | Dr. Matthias St. Pierre | 16 April 2018, 13:06:24 UTC | Revert "Add OPENSSL_VERSION_AT_LEAST" Fixes #5961 This reverts commit 3c5a61dd0f9d9a9eac098419bcaf47d1c296ca81. The macros OPENSSL_MAKE_VERSION() and OPENSSL_VERSION_AT_LEAST() contain errors and don't work as designed. Apart from that, their introduction should be held back until a decision has been mad about the future versioning scheme. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5968) | 16 April 2018, 16:43:52 UTC |
| 90b3a62 | Bernd Edlinger | 15 April 2018, 13:51:07 UTC | Remove mandatory generated files on VMS too Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5958) | 16 April 2018, 15:30:21 UTC |
| cf54d00 | Bernd Edlinger | 15 April 2018, 10:07:17 UTC | Remove mandatory generated files on windows too Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5958) | 16 April 2018, 15:30:21 UTC |
| 54f007a | Matt Caswell | 12 April 2018, 11:07:53 UTC | RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set. Based on an original patch by Billy Brumley CVE-2018-0737 Reviewed-by: Rich Salz <rsalz@openssl.org> | 16 April 2018, 15:14:57 UTC |
| b0a9793 | Bernd Edlinger | 13 April 2018, 21:24:01 UTC | Remove mandatory generated files too Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5951) | 15 April 2018, 06:13:38 UTC |
| 49bb4dd | Bernd Edlinger | 13 April 2018, 19:41:14 UTC | Fix cygwin make dependencies Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5951) | 15 April 2018, 06:13:37 UTC |
| 4442061 | Andy Polyakov | 12 April 2018, 08:05:22 UTC | TLSProxy/Proxy.pm: straighten inner loop termination logic. Original condition was susceptible to race condition... Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5933) | 14 April 2018, 18:00:04 UTC |
| de5b3a8 | Andy Polyakov | 11 April 2018, 21:16:52 UTC | TLSProxy/Proxy.pm: bind s_server to loopback interface. Bind even test/ssltest_old.c to loopback interface. This allows to avoid unnecessary alerts from Windows and Mac OS X firewalls. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5933) | 14 April 2018, 17:59:02 UTC |
| d47eb76 | Matthias Kraft | 12 April 2018, 10:25:27 UTC | openssl#5668: corrections after compiling with -qinfo=all:als. The ongoing discussion about casting or not in PR #5626 had me compiling again with above mentioned flags. Indeed the compiler had to say something about it and I did these changes to silence it again. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5943) | 14 April 2018, 11:28:31 UTC |
| 560096f | Richard Levitte | 13 April 2018, 14:23:58 UTC | make update Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5948) | 13 April 2018, 21:48:41 UTC |
| 5bc6bcf | Dr. Matthias St. Pierre | 10 April 2018, 08:22:52 UTC | DRBG: implement a get_nonce() callback Fixes #5849 In pull request #5503 a fallback was added which adds a random nonce of security_strength/2 bits if no nonce callback is provided. This change raised the entropy requirements form 256 to 384 bit, which can cause problems on some platforms (e.g. VMS, see issue #5849). The requirements for the nonce are given in section 8.6.7 of NIST SP 800-90Ar1: A nonce may be required in the construction of a seed during instantiation in order to provide a security cushion to block certain attacks. The nonce shall be either: a) A value with at least (security_strength/2) bits of entropy, or b) A value that is expected to repeat no more often than a (security_strength/2)-bit random string would be expected to repeat. Each nonce shall be unique to the cryptographic module in which instantiation is performed, but need not be secret. When used, the nonce shall be considered to be a critical security parameter. This commit implements a nonce of type b) in order to lower the entropy requirements during instantiation back to 256 bits. The formulation "shall be unique to the cryptographic module" above implies that the nonce needs to be unique among (with high probability) among all DRBG instances in "space" and "time". We try to achieve this goal by creating a nonce of the following form nonce = app-specific-data || high-resolution-utc-timestamp || counter Where || denotes concatenation. The application specific data can be something like the process or group id of the application. A utc timestamp is used because it increases monotonically, provided the system time is synchronized. This approach may not be perfect yet for a FIPS evaluation, but it should be good enough for the moment. This commit also harmonizes the implementation of the get_nonce() and the get_additional_data() callbacks and moves the platform specific parts from rand_lib.c into rand_unix.c, rand_win.c, and rand_vms.c. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5920) | 13 April 2018, 18:49:28 UTC |
| 0e3ecae | Bernd Edlinger | 13 April 2018, 16:48:06 UTC | Rework partial packet handling once more Address the concern that commit c53c2fec raised differently. The original direction of the traffic is encoded in bit 0 of the flight number. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5923) | 13 April 2018, 16:48:06 UTC |
| 1b9f41a | Richard Levitte | 26 March 2018, 09:08:12 UTC | test/recipes/test_genrsa.t : don't fail because of size limit changes There is a test to check that 'genrsa' doesn't accept absurdly low number of bits. Apart from that, this test is designed to check the working functionality of 'openssl genrsa', so instead of having a hard coded lower limit on the size key, let's figure out what it is. Partially fixes #5751 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5754) (cherry picked from commit ec46830f8a4ce62c0c8ee7677b1eb8e53ee16df1) | 13 April 2018, 15:45:22 UTC |
| a8ca496 | Richard Levitte | 13 April 2018, 08:14:40 UTC | Split the scrypt and RSA-PSS into man3 and man7 pages The scrypt and RSA-PSS documents were a mixture of section 3 and section 7 material. With pre-1.1.1 OpenSSL, this is understandable, since we had a different directory layout. With 1.1.1, we've moved to the typical man-page directory layout, and the documents need to be updated accordingly. Also, the scrypt document contained a description of EVP_PKEY_CTX_set1_pbe_pass(), which is a generic function rather than an scrypt specific function, and therefore should be documented separately. Fixes #5802 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5942) | 13 April 2018, 09:55:13 UTC |
| 76fd7a1 | Matt Caswell | 10 April 2018, 13:51:12 UTC | Add a test for SRP Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5925) | 13 April 2018, 08:37:39 UTC |
| 3fd5970 | Matt Caswell | 09 April 2018, 14:50:20 UTC | Add support for the SRP base64 alphabet Historically we used to implement standalone base64 code for SRP. This was replaced by commit 3d3f21aa with the standard base64 processing code. However, the SRP base64 code was designed to be compatible with other SRP libraries (notably libsrp, but also others) that use a variant of standard base64. Specifically a different alphabet is used and no padding '=' characters are used. Instead 0 padding is added to the front of the string. By changing to standard base64 we change the behaviour of the API which may impact interoperability. It also means that SRP verifier files created prior to 1.1.1 would not be readable in 1.1.1 and vice versa. Instead we expand our standard base64 processing with the capability to be able to read and generate the SRP base64 variant. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5925) | 13 April 2018, 08:37:38 UTC |
| c080461 | Matt Caswell | 09 April 2018, 14:06:50 UTC | Change SRP functions to use EVP_EncodeUpdate/EVP_DecodeUpdate functions Previously they were using EVP_EncodeBlock/EVP_DecodeBlock. These are low level functions that do not handle padding characters. This was causing the SRP code to fail. One side effect of using EVP_EncodeUpdate is that it inserts newlines which is not what we need in SRP so we add a flag to avoid that. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5925) | 13 April 2018, 08:37:38 UTC |
| 0320e8e | Richard Levitte | 13 April 2018, 06:19:54 UTC | Docs for OpenSSL_init_crypto: there is no way to specify another file The documentation erroneously stated that one can change the default configuration file name. Fixes #5939 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5941) | 13 April 2018, 08:24:18 UTC |
| b4c1950 | Andy Polyakov | 11 April 2018, 12:56:37 UTC | TLSProxy/Proxy.pm: handle "impossible" failure to connect to s_server. The failure is "impossible", because we have confirmation that s_server listens, yet Mac OS X fails to connect. This avoids 10 minutes timeout on Travis CI. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5907) | 13 April 2018, 08:14:27 UTC |
| 6b3e8b9 | Andy Polyakov | 08 April 2018, 12:44:59 UTC | TLSProxy/Proxy.pm: handle -1 as return value from waitpid. On rare occasion 's_server | perl -ne print' can complete before corresponding waitpid, which on Windows can results in -1 return value. This is not an error, don't treat it like one. Collect even return value from s_server. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5907) | 13 April 2018, 08:12:01 UTC |
| 362ff3c | Richard Levitte | 12 April 2018, 11:30:57 UTC | openssl rehash: use libcrypto variables for default dir X509_get_default_cert_dir_env() returns the default environment variable to check for certificate directories. X509_get_default_cert_dir() returns the default configured certificate directory. Use these instead of hard coding our own values, and thereby be more integrated with the rest of OpenSSL. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5937) | 12 April 2018, 13:34:58 UTC |
| adaf3cf | Richard Levitte | 12 April 2018, 11:30:21 UTC | openssl rehash: document -compat Fixes #5902 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5937) | 12 April 2018, 13:34:58 UTC |
| 18d1588 | Andy Polyakov | 11 April 2018, 08:11:07 UTC | Configurations/*.tmpl: refine build_all_generated. Purpose of build_all_generated is to execute all the rules that require perl, so that one can copy the tree to system with compiler but without perl. This commit removes last dependencies on perl. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5929) | 12 April 2018, 12:58:53 UTC |
| 0652e8a | Daniel Bevenius | 12 April 2018, 11:39:37 UTC | Clarify default section in config.pod This is a minor update which hopefully makes these particular lines read a little easier. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5938) | 12 April 2018, 11:39:37 UTC |
| ad5c205 | Andy Polyakov | 11 April 2018, 14:07:38 UTC | appveyor.yml: exercise build_all_generated. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5930) | 11 April 2018, 18:52:14 UTC |
| 6197bc7 | Richard Levitte | 11 April 2018, 13:49:19 UTC | .travis.yml: exercise build_all_generated Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5930) | 11 April 2018, 18:52:14 UTC |
| 8258975 | Richard Levitte | 11 April 2018, 11:13:22 UTC | Configuration: Simplify generating list of generated files in build file templates Computing the value of the GENERATED variable in the build file templates is somewhat overcomplicated, and because of possible duplication errors, changes are potentially error prone. Looking more closely at how this list is determined, it can be observed that the exact list of files to check is consistently available in all the values found in the %unified_info tables 'depends', 'sources' and 'shared_sources', and all that's needed is to filter those values so only those present as keys in the 'generate' table are left. This computation is also common for all build files, so due to its apparent complexity, we move it to common0.tmpl, with the result left in a global variable (@generated), to be consumed by all build file templates. common0.tmpl is included among the files to process when creating build files, but unlike common.tmpl, it comes first of all. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5930) | 11 April 2018, 18:52:14 UTC |
| c12a2d2 | Theo Buehler | 11 April 2018, 16:59:25 UTC | EVP_MD_CTX_cleanup replaced with EVP_MD_CTX_reset The EVP_MD_CTX_cleanup() function was merged into EVP_MD_CTX_reset() which is called by EVP_MD_CTX_free(). Adjust the documentation to say that the latter should be used to avoid leaking memory. CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5921) | 11 April 2018, 16:59:25 UTC |
| a8b2b52 | Daniel Bevenius | 11 April 2018, 16:57:31 UTC | Fix minor typos in Configurations/README Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5774) | 11 April 2018, 16:58:06 UTC |
| f7bef27 | Dr. Matthias St. Pierre | 29 March 2018, 23:07:00 UTC | Minor corrections for the RAND_DRBG API documentation - added some explaining text to a sentence that lost its context. - removed mention of per-ssl drbg - fix whitespace errors Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5804) | 11 April 2018, 16:56:03 UTC |
| 708a6a1 | Richard Levitte | 11 April 2018, 07:54:59 UTC | OpenSSL::Test: add data_dir() For test recipes that want to use the directory of the data directory or a subdirectory thereof, rather than just individual files. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5928) | 11 April 2018, 10:04:18 UTC |
| 63a65d1 | Dr. Matthias St. Pierre | 08 April 2018, 10:09:10 UTC | DRBG: fix memory leak on error in rand_drbg_get_entropy() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5918) | 10 April 2018, 08:33:17 UTC |
| 55bd917 | Andy Polyakov | 06 April 2018, 12:33:30 UTC | bio/b_addr.c: resolve HP-UX compiler warnings. The warning reads "[cast] may cause misaligned access". Even though this can be application-supplied pointer, misaligned access shouldn't happen, because structure type is "encoded" into data itself, and application would customarily pass correctly aligned pointer. But there is no harm in resolving the warning... Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5894) | 09 April 2018, 20:32:59 UTC |
| 3c3badc | Andy Polyakov | 08 April 2018, 12:00:03 UTC | Configurations/10-main.conf: further HP-UX cleanups/unifications. Reviewed-by: Rich Salz <rsalz@openssl.org> | 09 April 2018, 19:51:56 UTC |
| eb8e052 | Kunxian Xia | 09 April 2018, 12:38:51 UTC | Correct the equation for Y' in the comment of point_double function CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5908) | 09 April 2018, 12:38:51 UTC |
| a9b7a06 | Dr. Matthias St. Pierre | 02 April 2018, 20:37:30 UTC | Fix false positives of IS_*() macros for 8-bit ASCII characters Fixes #5778, #5840 The various IS_*() macros did not work correctly for 8-bit ASCII characters with the high bit set, because the CVT(a) preprocessor macro and'ed the given ASCII value with 0x7F, effectively folding the high value range 128-255 over the low value range 0-127. As a consequence, some of the IS_*() erroneously returned TRUE. This commit fixes the issue by adding range checks instead of cutting off high order bits using a mask. In order avoid multiple evaluation of macro arguments, most of the implementation was moved from macros into a static function is_keytype(). Thanks to Румен Петров for reporting and analyzing the UTF-8 parsing issue #5840. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5903) | 08 April 2018, 18:12:01 UTC |
| 5283e19 | Bernd Edlinger | 06 April 2018, 15:46:27 UTC | Fix the build_all_generated rule to include generated .map, .def and .opt files Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5900) | 08 April 2018, 15:20:01 UTC |
| ceaa389 | Andy Polyakov | 06 April 2018, 09:44:38 UTC | TLSProxy/Record.pm: remove dead condition and improve readability. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887) | 08 April 2018, 09:42:46 UTC |
| c53c2fe | Andy Polyakov | 06 April 2018, 09:33:16 UTC | TLSProxy/Proxy.pm: refine partial packet handling. Original logic was "if no records found *or* last one is truncated, then leave complete records in queue." Trouble is that if we don't pass on complete records and get complete packet in opposite direction, then queued records will go back to sender. In other words complete records should always be passed on. [Possible alternative would be to match direction in reconstruct_record.] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887) | 08 April 2018, 09:42:41 UTC |
| f69d050 | Andy Polyakov | 05 April 2018, 17:19:35 UTC | apps/{s_client.c|s_socket}.c: omit usleep calls. Even though removed calls were oiriginally added on Windows, problem they tried to mitigate is not Windows-specific. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887) | 08 April 2018, 09:42:35 UTC |
| dcf3d83 | Andy Polyakov | 05 April 2018, 16:59:36 UTC | apps/s_socket.c: disable the Nagle algorithm. Without TCP_NODELAY alerts risk to be dropped between shutdown and close. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887) | 08 April 2018, 09:42:30 UTC |
| 55fd5d3 | Andy Polyakov | 05 April 2018, 16:56:52 UTC | TLSProxy/Proxy.pm: harmonize inner loop with the way sockets are. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887) | 08 April 2018, 09:41:56 UTC |
| 6e30190 | Andy Polyakov | 24 March 2018, 20:05:05 UTC | Configurations/10-main.conf: clean up HP-UX targets and add magic macros. HP-UX provides sockets symbols with incompatible prototypes under same name. This caused problems in 64-bit builds. Additional macros force unambiguous symbols with unambiguous prototypes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5742) | 08 April 2018, 09:21:24 UTC |
| e14795f | Andy Polyakov | 24 March 2018, 19:54:09 UTC | config: fix hpux64-parisc2-gcc detection. hpux64-parisc2-gcc is chosen based on gcc's bitness, and it was overriden unconditionally. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5742) | 08 April 2018, 09:18:22 UTC |
| f5e3115 | Andy Polyakov | 24 March 2018, 19:45:43 UTC | test/asn1_time_test.c: make it work on 64-bit HP-UX. HP-UX gmtime fails with ERANGE past 19011213204552Z, so skip some tests. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5742) | 08 April 2018, 09:17:44 UTC |
| 2876872 | Rich Salz | 07 April 2018, 17:09:15 UTC | Updated to CONTRIBUTING to reflect GitHub, etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5889) | 07 April 2018, 17:09:15 UTC |
| 69b1500 | Kaoru Toda | 06 April 2018, 12:42:31 UTC | Duplicate code refactored add_attribute_object and add_DN_object have similar code, so move it into a common function build_data. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4566) | 06 April 2018, 12:42:31 UTC |
| e65c959 | Matt Caswell | 05 April 2018, 12:03:37 UTC | Add a note and better error if using Ed25519/Ed448 in dgst Fixes #5873 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5880) | 06 April 2018, 09:10:05 UTC |
| a6f5b11 | Matt Caswell | 05 April 2018, 11:33:34 UTC | Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA Adding support for these operations for the EdDSA implementations makes pkeyutl usable for signing/verifying for these algorithms. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5880) | 06 April 2018, 09:10:05 UTC |
| bbf27cd | Rich Salz | 06 April 2018, 02:55:28 UTC | Fix bugs in X509_NAME_ENTRY_set The wrong "set" field was incremented in the wrong place and would create a new RDN, not a multi-valued RDN. RDN inserts would happen after not before. Prepending an entry to an RDN incorrectly created a new RDN Anything which built up an X509_NAME could get a messed-up structure, which would then be "wrong" for anyone using that name. Thanks to Ingo Schwarze for extensive debugging and the initial fix (documented in GitHub issue #5870). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5882) | 06 April 2018, 02:55:28 UTC |
| 7de2b9c | Rich Salz | 05 April 2018, 19:13:55 UTC | Set error code if alloc returns NULL Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5886) | 05 April 2018, 19:13:55 UTC |
| 7757951 | Matt Caswell | 29 March 2018, 20:02:20 UTC | Update the genpkey documentation Fixes #5739 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5800) | 05 April 2018, 14:44:43 UTC |
| d54897c | Matt Caswell | 29 March 2018, 16:49:17 UTC | Pick a q size consistent with the digest for DSA param generation There are two undocumented DSA parameter generation options available in the genpkey command line app: dsa_paramgen_md and dsa_paramgen_q_bits. These can also be accessed via the EVP API but only by using EVP_PKEY_CTX_ctrl() or EVP_PKEY_CTX_ctrl_str() directly. There are no helper macros for these options. dsa_paramgen_q_bits sets the length of q in bits (default 160 bits). dsa_paramgen_md sets the digest that is used during the parameter generation (default SHA1). In particular the output length of the digest used must be equal to or greater than the number of bits in q because of this code: if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) goto err; if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) goto err; for (i = 0; i < qsize; i++) md[i] ^= buf2[i]; /* step 3 */ md[0] |= 0x80; md[qsize - 1] |= 0x01; if (!BN_bin2bn(md, qsize, q)) goto err; qsize here is the number of bits in q and evpmd is the digest set via dsa_paramgen_md. md and buf2 are buffers of length SHA256_DIGEST_LENGTH. buf2 has been filled with qsize bits of random seed data, and md is uninitialised. If the output size of evpmd is less than qsize then the line "md[i] ^= buf2[i]" will be xoring an uninitialised value and the random seed data together to form the least significant bits of q (and not using the output of the digest at all for those bits) - which is probably not what was intended. The same seed is then used as an input to generating p. If the uninitialised data is actually all zeros (as seems quite likely) then the least significant bits of q will exactly match the least significant bits of the seed. This problem only occurs if you use these undocumented and difficult to find options and you set the size of q to be greater than the message digest output size. This is for parameter generation only not key generation. This scenario is considered highly unlikely and therefore the security risk of this is considered negligible. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5800) | 05 April 2018, 14:44:24 UTC |
| 06d3b48 | Matt Caswell | 29 March 2018, 16:48:28 UTC | Don't crash if an unrecognised digest is used with dsa_paramgen_md Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5800) | 05 April 2018, 14:44:24 UTC |
| fdb8113 | Matt Caswell | 03 April 2018, 09:03:34 UTC | Document the change in the previous commit about loading the config file When libssl is initialised it will attempt to load any config file. This ensures any system_default configuration (as per https://github.com/openssl/openssl/pull/4848) is used. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5818) | 05 April 2018, 14:30:12 UTC |
| d8f031e | Matt Caswell | 30 March 2018, 18:19:56 UTC | Move the loading of the ssl_conf module to libcrypto The GOST engine needs to be loaded before we initialise libssl. Otherwise the GOST ciphersuites are not enabled. However the SSL conf module must be loaded before we initialise libcrypto. Otherwise we will fail to read the SSL config from a config file properly. Another problem is that an application may make use of both libcrypto and libssl. If it performs libcrypto stuff first and OPENSSL_init_crypto() is called and loads a config file it will fail if that config file has any libssl stuff in it. This commit separates out the loading of the SSL conf module from the interpretation of its contents. The loading piece doesn't know anything about SSL so this can be moved to libcrypto. The interpretation of what it means remains in libssl. This means we can load the SSL conf data before libssl is there and interpret it when it later becomes available. Fixes #5809 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5818) | 05 April 2018, 14:30:12 UTC |
| 4845aeb | Richard Levitte | 04 April 2018, 18:17:50 UTC | Change rand_pool_add[_end] prototypes to match Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5877) | 04 April 2018, 18:47:11 UTC |
| b791355 | Andy Polyakov | 01 April 2018, 16:18:46 UTC | rand/randfile.c: fix potential resource leak in RAND_load_file. Found by Coverity. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5834) | 04 April 2018, 18:27:59 UTC |
| 6228b1d | Andy Polyakov | 02 April 2018, 21:26:25 UTC | TLSProxy/Proxy.pm: switch to dynamic ports and overhaul. By asking for port 0, you get a free port dynamically assigned by OS. TLSProxy::Proxy now asks for 0 and asks s_server to do the same. The s_server's port is reported in "ACCEPT" line, which TLSProxy::Proxy parses and uses. Because the server port is now a random affair in TLSProxy::Proxy, it's no longer possible to change it with the method 'server_port', and it has become an accessor only. For the sake of orthogonality, so has the method 'server_addr'. Remove all fork calls on Windows, as fork is not to be trusted there. This naturally minimized amount of fork calls on POSIX systems, to 1. Sink s_server's output to 'perl -ne print' which ensures that output is written strictly in lines. This keeps TAP parser happy. Improve synchronization in -naccept +n cases by establishing next connection to s_server *after* s_client finishes instead of before it starts. Improve error handling and clean up some methods. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5843) | 04 April 2018, 18:24:26 UTC |
| 5540eb7 | Richard Levitte | 30 March 2018, 19:13:25 UTC | openssl s_server: print the accepting address and socket The line saying ACCEPT is extended with a space followed by the the address and port combination on which s_server accepts connections. The address is written in such a way that s_client should be able to accepts as argument for the '-connect' option. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5843) | 04 April 2018, 18:24:26 UTC |
| 8e2bec9 | Richard Levitte | 04 April 2018, 16:31:50 UTC | Remove ambiguity in rand_pool_add[_end] return value When these two functions returned zero, it could mean: 1. that an error occured. In their case, the error is an overflow of the pool, i.e. the correct response from the caller would be to stop trying to fill the pool. 2. that there isn't enought entropy acquired yet, i.e. the correct response from the caller would be to try and add more entropy to the pool. Because of this ambiguity, the returned zero turns out to be useless. This change makes the returned value more consistent. 1 means the addition of new entropy was successful, 0 means it wasn't. To know if the pool has been filled enough, the caller will have to call some other function, such as rand_pool_entropy_available(). Fixes #5846 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5876) | 04 April 2018, 18:14:51 UTC |
| dbcfd90 | Matt Caswell | 04 April 2018, 15:54:33 UTC | Add test/versions to gitignore Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5875) | 04 April 2018, 16:04:00 UTC |
| a53b5be | Matt Caswell | 03 April 2018, 14:31:38 UTC | Fix configuration of TLSv1.3 ciphersuites Configuration of TLSv1.3 ciphersuites wasn't working in some cases. Fixes #5740 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5855) | 04 April 2018, 15:17:26 UTC |
| 034cb87 | Matt Caswell | 03 April 2018, 11:31:53 UTC | Add some tests for configuring the TLSv1.3 ciphersuites Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5855) | 04 April 2018, 15:17:26 UTC |
| d3f9268 | Richard Levitte | 04 April 2018, 13:23:30 UTC | Don't use CPP in Configurations/unix-Makefile.tmpl We started using $(CPP) instead of $(CC) -E, with the assumption that CPP would be predefined. This is, however, not always true, and rather depends on the 'make' implementation. Furthermore, on platforms where CPP=cpp or something else other than '$(CC) -E', there's a risk that it won't understand machine specific flags that we pass to it. So it turns out that trying to use $(CPP) was a mistake, and we therefore revert that use back to using $(CC) -E directly. Fixes #5867 Note: this affects config targets that use Alpha, ARM, IA64, MIPS, s390x or SPARC assembler modules. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5872) | 04 April 2018, 14:44:45 UTC |
| d8fa932 | cedral | 04 April 2018, 12:54:47 UTC | Visual Studio 2017 debug build warning error on 32 bit build Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5799) | 04 April 2018, 12:54:47 UTC |
| 6b49b30 | Bernd Edlinger | 03 April 2018, 21:47:10 UTC | Prevent a possible recursion in ERR_get_state and fix the problem that was pointed out in commit aef84bb4efbddfd95d042f3f5f1d362ed7d4faeb differently. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5863) | 04 April 2018, 12:50:50 UTC |
| 284f4f6 | Bernd Edlinger | 04 April 2018, 12:45:49 UTC | Don't use getenv for critical functions when run as setuid/setgid Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5856) | 04 April 2018, 12:45:49 UTC |
| dc55e4f | David Benjamin | 28 March 2018, 16:21:45 UTC | Fix a bug in ecp_nistp224.c. felem_neg does not produce an output within the tight bounds suitable for felem_contract. This affects build configurations which set enable-ec_nistp_64_gcc_128. point_double and point_add, in the non-z*_is_zero cases, tolerate and fix up the wider bounds, so this only affects point_add calls where the other point is infinity. Thus it only affects the final addition in arbitrary-point multiplication, giving the wrong y-coordinate. This is a no-op for ECDH and ECDSA, which only use the x-coordinate of arbitrary-point operations. Note: ecp_nistp521.c has the same issue in that the documented preconditions are violated by the test case. I have not addressed this in this PR. ecp_nistp521.c does not immediately produce the wrong answer; felem_contract there appears to be a bit more tolerant than its documented preconditions. However, I haven't checked the point_add property above holds. ecp_nistp521.c should either get this same fix, to be conservative, or have the bounds analysis and comments reworked for the wider bounds. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5779) | 03 April 2018, 20:09:20 UTC |
| b2b4dfc | Pecio | 19 March 2018, 08:34:35 UTC | Enabled OneCore Conf for Console Apps (removed nonUniversal API) Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5625) | 03 April 2018, 16:39:22 UTC |
| fc1d73b | Richard Levitte | 03 April 2018, 14:33:55 UTC | VMS: stricter acquisition of entropy for the pool Fail harshly (in debug builds) when rand_pool_acquire_entropy isn't delivering the required amount of entropy. In release builds, this produces an error with details. We also take the opportunity to modernise the types used. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5857) | 03 April 2018, 16:24:41 UTC |
| cdb10ba | Rich Salz | 03 April 2018, 15:31:16 UTC | Set error code on alloc failures Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842) | 03 April 2018, 15:31:16 UTC |
| 29f484d | Matt Caswell | 29 March 2018, 09:45:42 UTC | Fix some errors in the mem leaks docs Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5794) | 03 April 2018, 15:17:34 UTC |
| bcc6371 | Matt Caswell | 29 March 2018, 08:17:11 UTC | Fix a text canonicalisation bug in CMS Where a CMS detached signature is used with text content the text goes through a canonicalisation process first prior to signing or verifying a signature. This process strips trailing space at the end of lines, converts line terminators to CRLF and removes additional trailing line terminators at the end of a file. A bug in the canonicalisation process meant that some characters, such as form-feed, were incorrectly treated as whitespace and removed. This is contrary to the specification (RFC5485). This fix could mean that detached text data signed with an earlier version of OpenSSL 1.1.0 may fail to verify using the fixed version, or text data signed with a fixed OpenSSL may fail to verify with an earlier version of OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data and use the "-binary" flag (for the "cms" command line application) or set the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()). Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5790) | 03 April 2018, 14:52:31 UTC |
| 1518c55 | Bernd Edlinger | 02 April 2018, 08:54:52 UTC | Change the "offset too large" message to more generic wording Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5826) | 03 April 2018, 14:02:17 UTC |
| 21db0e1 | Bernd Edlinger | 02 April 2018, 08:35:29 UTC | Remove an unnecessary cast in the param to BUF_MEM_grow Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5826) | 03 April 2018, 14:02:17 UTC |
| 16e1eea | Bernd Edlinger | 02 April 2018, 07:13:49 UTC | Fix range checks with -offset and -length in asn1parse Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5826) | 03 April 2018, 14:02:17 UTC |
| 18ada95 | Bernd Edlinger | 01 April 2018, 09:02:39 UTC | Use strtol instead of atoi in asn1parse Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5826) | 03 April 2018, 14:02:17 UTC |
| b998745 | Bernd Edlinger | 31 March 2018, 22:46:49 UTC | Improve diagnostics for invalid arguments in asn1parse -strparse Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5826) | 03 April 2018, 14:02:16 UTC |
| 752837e | Bernd Edlinger | 31 March 2018, 19:09:32 UTC | Fix a crash in the asn1parse command Thanks to Sem Voigtländer for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5826) | 03 April 2018, 14:02:16 UTC |
| 4f090f7 | Bernd Edlinger | 02 April 2018, 15:20:04 UTC | Use gnu_printf format attribute to minimise MinGW warnings Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5839) | 03 April 2018, 14:00:01 UTC |
| f4b076e | Matt Caswell | 03 April 2018, 13:26:16 UTC | Prepare for 1.1.1-pre5-dev Reviewed-by: Richard Levitte <levitte@openssl.org> | 03 April 2018, 13:26:16 UTC |
| facdcba | Matt Caswell | 03 April 2018, 13:24:18 UTC | Prepare for 1.1.1-pre4 release Reviewed-by: Richard Levitte <levitte@openssl.org> | 03 April 2018, 13:24:18 UTC |
| ba50543 | Matt Caswell | 03 April 2018, 13:07:02 UTC | Fix CHANGES Fix the last release version number in CHANGES Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5852) | 03 April 2018, 13:07:02 UTC |
| c4d3c19 | Matt Caswell | 03 April 2018, 12:57:12 UTC | Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5851) | 03 April 2018, 12:57:12 UTC |
| 4cffafe | Kurt Roeckx | 03 November 2017, 19:59:16 UTC | Use the private RNG for data that is not public Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Fixes: #4641 GH: #4665 | 02 April 2018, 20:22:43 UTC |
| 1238caa | Alexandre Perrin | 02 April 2018, 11:15:31 UTC | Documentation typo fix in EVP_EncryptInit.pod Remove duplicate declaration of `EVP_CIPHER_key_length` in the synopsis. CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5792) | 02 April 2018, 11:16:12 UTC |
| d53df3d | Illya Gerasymchuk | 02 April 2018, 11:13:19 UTC | fix typo in x509 documentation Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5829) | 02 April 2018, 11:13:19 UTC |
| 0e34f37 | Daniel Bevenius | 01 April 2018, 14:17:52 UTC | Remove import/use of File::Spec::Function It looks like the usage of these functions were removed in in commit 0a4edb931b883b9973721ae012e60c028387dd50 ("Unified - adapt the generation of cpuid, uplink and buildinf to use GENERATE"). This commit removes the import/use of File::Spec::Functions module as it is no longer needed by crypto/build.info. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5832) | 01 April 2018, 20:41:04 UTC |
| 2cc8fe1 | Richard Levitte | 01 April 2018, 15:41:16 UTC | Windows builds: remove over-quotation of LIBZ macro The LIBZ macro definition was already quoted in BASE_windows, then got quotified once more in windows-makefile.tmpl. That's a bit too much quotations, ending up with the compiler being asked to define the macro |"LIBZ=\"ZLIB1\""| (no, not the macro LIBZ with the value "ZLIB1"). This is solved by removing the extra quoting in BASE_windows. Along with this, change the quotation of macro definitions and include file specification, so we end up with things like -I"QuotedPath" and -D"Macro=\"some weird value\"" rather than "-IQuotedPath" and "-DMacro=\"some weird value\"". Fixes #5827 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5833) | 01 April 2018, 20:39:18 UTC |
| 2a70d65 | Kurt Roeckx | 03 March 2018, 22:19:03 UTC | Make sure we use a nonce when a nonce is required If a nonce is required and the get_nonce callback is NULL, request 50% more entropy following NIST SP800-90Ar1 section 9.1. Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5503 | 01 April 2018, 19:11:26 UTC |
| 2f6f913 | Kurt Roeckx | 31 March 2018, 12:43:01 UTC | Update documentation on how to close a connection Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> GH: #5823 | 01 April 2018, 19:07:06 UTC |
| 094925d | Daniel Bevenius | 31 March 2018, 22:29:12 UTC | Fix minor typo in comment in Configure Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5825) | 31 March 2018, 22:29:40 UTC |
| 5585c84 | Bernd Edlinger | 30 March 2018, 18:03:37 UTC | Remove -Wmisleading-indentation from gcc devteam warning options because this one is enabled by default anyways Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5817) | 31 March 2018, 15:00:54 UTC |
| 26db324 | Bernd Edlinger | 30 March 2018, 17:17:39 UTC | Fix a gcc-8 warning -Wcast-function-type Casting to the generic function type "void (*)(void)" prevents the warning. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5816) | 31 March 2018, 14:58:06 UTC |
| efe749c | Richard Levitte | 26 March 2018, 09:00:05 UTC | Refuse to run test_cipherlist unless shared library matches build test/cipherlist_test.c is an internal consistency check, and therefore requires that the shared library it runs against matches what it was built for. test/recipes/test_cipherlist.t is made to refuse running unless library version and build version match. This adds a helper program test/versions.c, that simply displays the library and the build version. Partially fixes #5751 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5753) (cherry picked from commit cde87deafa7486f26bdf954867a6d72ca4ea06e7) | 31 March 2018, 14:40:07 UTC |
| f91e026 | Bernd Edlinger | 29 March 2018, 09:27:29 UTC | Fix a possible crash in BN_from_montgomery_word Thanks to Darovskikh Andrei for for reporting this issue. Fixes: #5785 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5793) | 31 March 2018, 14:31:37 UTC |
