[openssl] master update

2021-08-11 Thread tomas 
The branch master has been updated
   via  3465ec99eab5803507b577d50dd0d598b852d825 (commit)
   via  73dadb9300bc54ac871209843faf797721f7ab88 (commit)
  from  0f70d6013435308ada5d0eb662b31f370b07ebd7 (commit)


- Log -
commit 3465ec99eab5803507b577d50dd0d598b852d825
Author: Todd Short 
Date:   Thu Aug 5 16:38:47 2021 -0400

Sort SSL_OP names in documentation

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16236)

commit 73dadb9300bc54ac871209843faf797721f7ab88
Author: Todd Short 
Date:   Thu Aug 5 16:29:37 2021 -0400

Add missing SSL_OP flags

Add missing SSL_OP flags. Correct the list of flags set by SSL_OP_ALL.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16236)

---

Summary of changes:
 doc/man3/SSL_CTX_set_options.pod | 289 +--
 1 file changed, 153 insertions(+), 136 deletions(-)

diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod
index df47e4dd03..dfd0c83afc 100644
--- a/doc/man3/SSL_CTX_set_options.pod
+++ b/doc/man3/SSL_CTX_set_options.pod
@@ -62,16 +62,11 @@ The following B options are available:
 
 =over 4
 
-=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+=item SSL_OP_CRYPTOPRO_TLSEXT_BUG
 
-Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
-OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-
-=item SSL_OP_DISABLE_TLSEXT_CA_NAMES
-
-Disable TLS Extension CA Names. You may want to disable it for security reasons
-or for compatibility with some Windows TLS implementations crashing when this
-extension is larger than 1024 bytes.
+Add server-hello extension from the early version of cryptopro draft
+when GOST ciphersuite is negotiated. Required for interoperability with 
CryptoPro
+CSP 3.x.
 
 =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
 
@@ -80,6 +75,11 @@ vulnerability affecting CBC ciphers, which cannot be handled 
by some
 broken SSL implementations.  This option has no effect for connections
 using other ciphers.
 
+=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+
+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
+OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
+
 =item SSL_OP_TLSEXT_PADDING
 
 Adds a padding extension to ensure the ClientHello size is never between
@@ -100,17 +100,20 @@ The following B options are available:
 
 =over 4
 
-=item SSL_OP_TLS_ROLLBACK_BUG
+=item SSL_OP_ALLOW_CLIENT_RENEGOTIATION
 
-Disable version rollback attack detection.
+Client-initiated renegotiation is disabled by default. Use
+this option to enable it.
 
-During the client key exchange, the client must send the same information
-about acceptable SSL/TLS protocol levels as during the first hello. Some
-clients violate this rule by adapting to the server's answer. (Example:
-the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
-only understands up to SSLv3. In this case the client must still use the
-same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
-to the server's answer and violate the version rollback protection.)
+=item SSL_OP_ALLOW_NO_DHE_KEX
+
+In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This 
means
+that there will be no forward secrecy for the resumed session.
+
+=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+
+Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
+servers. See the B section for more details.
 
 =item SSL_OP_CIPHER_SERVER_PREFERENCE
 
@@ -119,81 +122,103 @@ preferences. When not set, the SSL server will always 
follow the clients
 preferences. When set, the SSL/TLS server will choose following its
 own preferences.
 
-=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1,
-SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
+=item SSL_OP_CISCO_ANYCONNECT
 
-These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol
-versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS,
-respectively.
-As of OpenSSL 1.1.0, these options are deprecated, use
-L and
-L instead.
+Use Cisco's version identifier of DTLS_BAD_VER when establishing a DTLSv1
+connection. Only available when using the deprecated DTLSv1_client_method() 
API.
 
-=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-
-When performing renegotiation as a server, always start a new session
-(i.e., session resumption requests are only accepted in the initial
-handshake). This option is not needed for clients.
-
-=item SSL_OP_NO_COMPRESSION
-
-Do not use compression even if it is supported.
+=item SSL_OP_CLEANSE_PLAINTEXT
 
-=item SSL_OP_NO_QUERY_MTU
+By default TLS connections keep a copy of received plaintext
+application data in a static buffer until it

[openssl] master update

2021-08-11 Thread beldmit 
The branch master has been updated
   via  0f70d6013435308ada5d0eb662b31f370b07ebd7 (commit)
  from  12e055991e9d755c8a395f60abf97783795be626 (commit)


- Log -
commit 0f70d6013435308ada5d0eb662b31f370b07ebd7
Author: Tomas Mraz 
Date:   Tue Aug 10 14:51:21 2021 +0200

EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable

If key length is different from the existing key length and it is not
a settable parameter, raise an error.

Fixes #16277

Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/16279)

---

Summary of changes:
 crypto/evp/evp_enc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index e0f411aa06..519cab3f2b 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -986,8 +986,10 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int 
keylen)
 
 /* Check the cipher actually understands this parameter */
 if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher),
-OSSL_CIPHER_PARAM_KEYLEN) == NULL)
+OSSL_CIPHER_PARAM_KEYLEN) == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
 return 0;
+}
 
 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 
);
 ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);

[openssl] master update

2021-08-11 Thread tomas 
The branch master has been updated
   via  12e055991e9d755c8a395f60abf97783795be626 (commit)
   via  aa5098021be2df0fd33bd5e8b1325c49dc519433 (commit)
  from  c96670e59a702de71d572958ff60fda5f78637c2 (commit)


- Log -
commit 12e055991e9d755c8a395f60abf97783795be626
Author: Tomas Mraz 
Date:   Tue Aug 10 09:18:19 2021 +0200

dsatest: Properly detect failure in generate/sign/verify

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/16268)

commit aa5098021be2df0fd33bd5e8b1325c49dc519433
Author: Tomas Mraz 
Date:   Mon Aug 9 10:42:46 2021 +0200

Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen

Fixes #16261

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/16268)

---

Summary of changes:
 crypto/ffc/ffc_params_generate.c | 10 +++---
 test/dsatest.c   |  8 +---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 36b5a873a7..f0601e1644 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -1047,7 +1047,11 @@ int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX 
*libctx, FFC_PARAMS *params,
int type, size_t L, size_t N,
int *res, BN_GENCB *cb)
 {
-return ossl_ffc_params_FIPS186_2_gen_verify(libctx, params,
-FFC_PARAM_MODE_GENERATE,
-type, L, N, res, cb);
+if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params,
+  FFC_PARAM_MODE_GENERATE,
+  type, L, N, res, cb))
+return 0;
+
+ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1);
+return 1;
 }
diff --git a/test/dsatest.c b/test/dsatest.c
index 533fba1cbc..2d34ca4261 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -108,9 +108,11 @@ static int dsa_test(void)
 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
 goto end;
 
-DSA_generate_key(dsa);
-DSA_sign(0, str1, 20, sig, , dsa);
-if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))
+if (!TEST_true(DSA_generate_key(dsa)))
+goto end;
+if (!TEST_true(DSA_sign(0, str1, 20, sig, , dsa)))
+goto end;
+if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0))
 ret = 1;
 
  end:

[openssl] master update

2021-08-11 Thread tomas 
The branch master has been updated
   via  c96670e59a702de71d572958ff60fda5f78637c2 (commit)
  from  b4f1b7b65871de8f44228e77fc9ab2ac8b6d7918 (commit)


- Log -
commit c96670e59a702de71d572958ff60fda5f78637c2
Author: Tomas Mraz 
Date:   Tue Aug 10 09:00:22 2021 +0200

aes_v8_xts_encrypt is present only on 64bit arm builds

Fixes #16273

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16275)

---

Summary of changes:
 include/crypto/aes_platform.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
index f1b1d62549..015c3bd4ab 100644
--- a/include/crypto/aes_platform.h
+++ b/include/crypto/aes_platform.h
@@ -92,7 +92,7 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char 
*out, size_t len,
 #define HWAES_decrypt aes_v8_decrypt
 #define HWAES_cbc_encrypt aes_v8_cbc_encrypt
 #define HWAES_ecb_encrypt aes_v8_ecb_encrypt
-#if __ARM_MAX_ARCH__>=8
+#if __ARM_MAX_ARCH__>=8 && defined(__aarch64__)
 # define HWAES_xts_encrypt aes_v8_xts_encrypt
 # define HWAES_xts_decrypt aes_v8_xts_decrypt
 #endif

Coverity Scan: Analysis completed for OpenSSL-1.0.2

2021-08-11 Thread scan-admin 


Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D6u0m_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeG7DdGzAT35MBHM6lO23Zo6gafVLJ90OZ9-2F70KXAoWEoLSRmk5OWJOJ8b1gRZVd5gufUDe2I3tF7mp48f30dEgjqurjE4rKMh4FE2vz6DajGTMHWPh0KujIFryZ-2BttxPm-2BxZZxr73vMIYQBDZxaijAaV-2Fm-2FDw92m1qgPXWJGwsrUgbqX8aHvtjKDLuv0xaP0Cg-3D

Build ID: 401815

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

Coverity Scan: Analysis completed for openssl/openssl

2021-08-11 Thread scan-admin 


Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DWior_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHPIjnVeCokGFnWJBu3Nq5P-2BDwIQivRjS79Dg74KbZ9f-2FxmkVjGoeFTap1935c9vp-2F21n778nxJuWLN3beEQnXk2TvQTYvpfZwGRTCHPOFMdxZ-2BNUOhxPWOeIoM4fRT3B26ATk4YbAWT9Bv8-2FukqgTVnnuA-2FhEZu-2F66gwZgagWlVJurwE-2BUSNSqgkNJPGOUcOY-3D

Build ID: 401814

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

[openssl] master update

2021-08-11 Thread beldmit 
The branch master has been updated
   via  b4f1b7b65871de8f44228e77fc9ab2ac8b6d7918 (commit)
  from  ad2fc0bed4a111a5ff6803ee2ed0fee98db9d2f2 (commit)


- Log -
commit b4f1b7b65871de8f44228e77fc9ab2ac8b6d7918
Author: Dmitry Belyavskiy 
Date:   Wed Aug 4 15:40:24 2021 +0200

Omitted signature_algorithms extension alerts updated

Fixes #15484

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16217)

---

Summary of changes:
 ssl/t1_lib.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3579202c22..9345838f6a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3302,7 +3302,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
 if (!fatalerrs)
 return 1;
-SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
  SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
 return 0;
 }
@@ -3317,7 +3317,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
 if (i == sent_sigslen) {
 if (!fatalerrs)
 return 1;
-SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
  SSL_R_WRONG_SIGNATURE_TYPE);
 return 0;
 }

[openssl] master update

2021-08-11 Thread tomas 
The branch master has been updated
   via  ad2fc0bed4a111a5ff6803ee2ed0fee98db9d2f2 (commit)
  from  474294cb664c5ac5184b7fc1a3ef37214f1f2250 (commit)


- Log -
commit ad2fc0bed4a111a5ff6803ee2ed0fee98db9d2f2
Author: David Bohman 
Date:   Fri Aug 6 15:23:00 2021 -0700

MacOS: Add an include of 

The include is added before ,
as required by older releases of the macOS developer tools.

Fixes #16248

CLA: trivial

Reviewed-by: Shane Lontis 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16258)

---

Summary of changes:
 providers/implementations/rands/seeding/rand_unix.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/providers/implementations/rands/seeding/rand_unix.c 
b/providers/implementations/rands/seeding/rand_unix.c
index eab08a8150..5048383077 100644
--- a/providers/implementations/rands/seeding/rand_unix.c
+++ b/providers/implementations/rands/seeding/rand_unix.c
@@ -41,6 +41,7 @@
 # include 
 #endif
 #if defined(__APPLE__)
+# include 
 # include 
 #endif