Matt Caswell [Thu, 24 Nov 2016 18:02:12 +0000 (18:02 +0000)]
Continue the extensions refactor
Add support for construction of extensions
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 16:59:48 +0000 (16:59 +0000)]
Refactor ClientHello extension parsing
This builds on the work started in
1ab3836b3 and extends is so that
each extension has its own identified parsing functions, as well as an
allowed context identifying which messages and protocols it is relevant for.
Subsequent commits will do a similar job for the ServerHello extensions.
This will enable us to have common functions for processing extension blocks
no matter which of the multiple messages they are received from. In TLSv1.3
a number of different messages have extension blocks, and some extensions
have moved from one message to another when compared to TLSv1.2.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 11:14:56 +0000 (11:14 +0000)]
Verify that extensions are used in the correct context
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 11:13:35 +0000 (11:13 +0000)]
Add some missing extensions to SSL_extension_supported()
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 17:38:31 +0000 (17:38 +0000)]
Move tls_collect_extensions() into a separate file
Subsequent commits will pull other extensions code into this file.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 15:20:22 +0000 (15:20 +0000)]
Add EncryptedExtensions message
At this stage the message is just empty. We need to fill it in with
extension data.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 7 Nov 2016 13:50:43 +0000 (13:50 +0000)]
Send and Receive a TLSv1.3 format ServerHello
There are some minor differences in the format of a ServerHello in TLSv1.3.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Wed, 7 Dec 2016 19:28:43 +0000 (20:28 +0100)]
UI_OpenSSL()'s session opener fails on MacOS X
If on a non-tty stdin, TTY_get() will fail with errno == ENODEV.
We didn't catch that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2039)
Richard Levitte [Thu, 8 Dec 2016 10:16:37 +0000 (11:16 +0100)]
In UI_OpenSSL's open(), generate an error on unknown errno
TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not. This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)
Richard Levitte [Thu, 8 Dec 2016 00:27:31 +0000 (01:27 +0100)]
Make sure that password_callback exercises UI
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
Richard Levitte [Wed, 7 Dec 2016 21:44:47 +0000 (22:44 +0100)]
Add a test for the UI API
The best way to test the UI interface is currently by using an openssl
command that uses password_callback. The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
Richard Levitte [Wed, 7 Dec 2016 15:36:44 +0000 (16:36 +0100)]
UI_process() didn't generate errors
Since there are many parts of UI_process() that can go wrong, it isn't
very helpful to only return -1 with no further explanation. With this
change, the error message will at least show which part went wrong.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2037)
Kurt Roeckx [Sat, 3 Dec 2016 15:57:04 +0000 (16:57 +0100)]
Also set the CXXFLAG to the user supplied flags
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2025
Kurt Roeckx [Sat, 3 Dec 2016 13:37:16 +0000 (14:37 +0100)]
travis: Use no-shared for the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION targets
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2025
Matt Caswell [Mon, 5 Dec 2016 10:27:04 +0000 (10:27 +0000)]
Change various repeated wr[someindex]/pkt[someindex] references to a pointer
Improves the readability of the code, and reduces the liklihood of errors.
Also made a few minor style changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 2 Dec 2016 11:10:16 +0000 (11:10 +0000)]
Various style fixes from the TLSv1.3 record changes review
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 2 Dec 2016 11:09:16 +0000 (11:09 +0000)]
Change various repeated rr[someindex] references to a pointer
Improves the readability of the code, and reduces the liklihood of errors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 1 Dec 2016 10:20:59 +0000 (10:20 +0000)]
Ensure compressdata is always initialised
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 21 Nov 2016 17:11:51 +0000 (17:11 +0000)]
Add a TLS1.3 TODO for the msg callback
At the moment the msg callback only received the record header with the
outer record type in it. We never pass the inner record type - we probably
need to at some point.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 21 Nov 2016 16:22:00 +0000 (16:22 +0000)]
Add more TLS1.3 record tests
Add some tests for the new record construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 18 Nov 2016 23:44:09 +0000 (23:44 +0000)]
Update the record layer to use TLSv1.3 style record construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 18 Nov 2016 17:06:14 +0000 (17:06 +0000)]
Convert TLS Record receipt to use PACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 18 Nov 2016 16:35:46 +0000 (16:35 +0000)]
Convert TLS record construction to use WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 18 Nov 2016 16:34:01 +0000 (16:34 +0000)]
Add an ability to find out the current write location from a WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Dukhovni [Fri, 25 Nov 2016 05:38:04 +0000 (00:38 -0500)]
Restore last-resort expired untrusted intermediate issuers
Reviewed-by: Matt Caswell <matt@openssl.org>
Kurt Roeckx [Fri, 2 Dec 2016 18:49:34 +0000 (19:49 +0100)]
Run a some tests with -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
The fuzzers use -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, and actually
get different results based on that. We should have at least some
targets that actually fully use the fuzz corpora.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Fri, 2 Dec 2016 18:34:54 +0000 (19:34 +0100)]
Make the fuzzers more reproducible
We want to be in the same global state each time we come in
FuzzerTestOneInput(). There are various reasons why we might not be that
include:
- Initialization that happens on first use. This is mostly the
RUN_ONCE() things, or loading of error strings.
- Results that get cached. For instance a stack that is sorted, RSA
blinding that has been set up, ...
So I try to trigger as much as possible in FuzzerInitialize(), and for
things I didn't find out how to trigger this it needs to happen in
FuzzerTestOneInput().
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Fri, 2 Dec 2016 18:26:31 +0000 (19:26 +0100)]
Move libfuzzer sanitizer options to README
This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Sat, 19 Nov 2016 16:50:33 +0000 (17:50 +0100)]
CMS fuzzer: also use id2
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Sat, 19 Nov 2016 16:20:34 +0000 (17:20 +0100)]
Make the random number generator predictable when fuzzing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Sat, 19 Nov 2016 16:15:43 +0000 (17:15 +0100)]
Use 8bit-counters when using libfuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Sat, 19 Nov 2016 20:00:21 +0000 (21:00 +0100)]
bndiv fuzzer: move new and free calls to the init and cleanup function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Sat, 19 Nov 2016 18:26:19 +0000 (19:26 +0100)]
bignum fuzzer: move new and free calls to the init and cleanup function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Sat, 19 Nov 2016 16:24:39 +0000 (17:24 +0100)]
asn1parse: create the out bio during init, free it during cleanup
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Sat, 19 Nov 2016 16:13:10 +0000 (17:13 +0100)]
Add a FuzzerClean() function
This allows to free everything we allocated, so we can detect memory
leaks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Sat, 19 Nov 2016 16:12:11 +0000 (17:12 +0100)]
FuzzerInitialize always exists
There was a time it could be NULL, but that was changed to always have it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Kurt Roeckx [Sat, 19 Nov 2016 16:10:35 +0000 (17:10 +0100)]
Fix formatting of fuzzers
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
Matt Caswell [Thu, 1 Dec 2016 13:24:09 +0000 (13:24 +0000)]
Fix a typo in bio_read_intern
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 30 Nov 2016 10:57:10 +0000 (10:57 +0000)]
Make refdata in tls13encryptest static
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Wed, 30 Nov 2016 10:53:57 +0000 (10:53 +0000)]
Convert tls13encryptiontest so that we pass around a pointer not an index
We also split the long string literals into 3 to avoid problems where we
go over the 509 character limit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 29 Nov 2016 23:27:27 +0000 (23:27 +0000)]
Fix some style issues in the TLSv1.3 nonce construction code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 22 Nov 2016 10:12:55 +0000 (10:12 +0000)]
Fix a double free in tls13encryptiontest
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 21 Nov 2016 17:26:22 +0000 (17:26 +0000)]
Fix a travis compilation error
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 17 Nov 2016 22:58:46 +0000 (22:58 +0000)]
Add a test for TLSv1.3 encryption using the new nonce construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 17 Nov 2016 18:00:17 +0000 (18:00 +0000)]
Use the TLSv1.3 nonce construction
This updates the record layer to use the TLSv1.3 style nonce construciton.
It also updates TLSProxy and ossltest to be able to recognise the new
layout.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 29 Nov 2016 09:49:04 +0000 (09:49 +0000)]
Fix mac-then-encrypt test with enable-tls1_3
Commit
b3618f44 added a test for mac-then-encrypt. However the test fails
when running with "enable-tls1_3". The problem is that the test creates a
connection, which ends up being TLSv1.3. However it also restricts the
ciphers to a single mac-then-encrypt ciphersuite that is not TLSv1.3
compatible so the connection aborts and the test fails. Mac-then-encrypt
is not relevant to TLSv1.3, so the test should disable that protocol
version.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 23:03:13 +0000 (23:03 +0000)]
Ensure we are in accept state in DTLSv1_listen
Calling SSL_set_accept_state() after DTLSv1_listen() clears the state, so
SSL_accept() no longer works. In 1.0.2 calling DTLSv1_listen() would set
the accept state automatically. We should still do that.
Fixes #1989
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Mon, 28 Nov 2016 17:26:05 +0000 (12:26 -0500)]
Make bntest be (mostly) file-based.
Test suite used from boring, written by David Benjamin.
Test driver converted from C++ to C.
Added a Perl program to check the testsuite file.
Extensive review feedback incorporated (thanks folks).
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Fri, 25 Nov 2016 16:05:30 +0000 (17:05 +0100)]
Test mac-then-encrypt
Verify that the encrypt-then-mac negotiation is handled
correctly. Additionally, when compiled with no-asm, this test ensures
coverage for the constant-time MAC copying code in
ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
well but it's nevertheless better to have an explicit handshake test
for mac-then-encrypt.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Dr. Stephen Henson [Tue, 22 Nov 2016 22:07:16 +0000 (22:07 +0000)]
add CMS SHA1 signing test
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 22 Nov 2016 21:59:21 +0000 (21:59 +0000)]
Fix ctrl operation for SHA1/MD5SHA1.
This makes S/MIME and CMS signing in MIME format for SHA1 work again.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Sun, 20 Nov 2016 20:52:41 +0000 (21:52 +0100)]
INSTALL: clarify 386 and no-sse2 options.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Sun, 20 Nov 2016 22:38:12 +0000 (23:38 +0100)]
modes/ctr128.c: fix false carry in counter increment procedure.
GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Sun, 20 Nov 2016 22:32:24 +0000 (23:32 +0100)]
test/evptests.txt: add regression test for false carry in ctr128.c.
GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Mon, 21 Nov 2016 14:15:52 +0000 (15:15 +0100)]
bn/asm/ppc-mont.pl: signal no-op in 32-bit bit build.
The bug was introduced in
80d27cdb84985c697f8fabb7649abf1f54714d13,
one too many instructions was removed. It went unnoticed, because
new subroutine introduced in previous commit is called in real-life
RSA/DSA/DH cases, while original code is called only in rare tests.
The bug was caught in test_fuzz.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Kurt Roeckx [Thu, 24 Nov 2016 17:51:23 +0000 (18:51 +0100)]
coveralls: Use gcov-5 since we build it using gcc-5
Reviewed-by: Emilia Käsper <emilia@openssl.org>
GH: #2003
Matt Caswell [Thu, 24 Nov 2016 09:22:49 +0000 (09:22 +0000)]
Fix a bogus uninit var warning
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 09:19:04 +0000 (09:19 +0000)]
Fix a warning about an uninit var
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Wed, 9 Nov 2016 16:25:35 +0000 (17:25 +0100)]
Run BoringSSL tests on Travis
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 22:55:13 +0000 (22:55 +0000)]
Fix a missing function prototype in AFALG engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 22:12:56 +0000 (22:12 +0000)]
Fix missing NULL checks in key_share processing
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 22:12:40 +0000 (22:12 +0000)]
Fix missing NULL checks in CKE processing
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 13:56:15 +0000 (13:56 +0000)]
Use ClientHello.legacy_version for the RSA pre-master no matter what
Don't use what is in supported_versions for the RSA pre-master
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 13:55:35 +0000 (13:55 +0000)]
Fix some defines in ossl_shim
ossl_shim had some TLS1.3 defines that are now in ssl.h so need to be
removed.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 16:09:30 +0000 (16:09 +0000)]
Fix a double ;; causing a travis failure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 16:06:46 +0000 (16:06 +0000)]
Fix an uninit variable usage
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 17 Nov 2016 11:12:20 +0000 (11:12 +0000)]
Update tls13secretstest to use the new simpler test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 15:38:32 +0000 (15:38 +0000)]
Fix some style issues with TLSv1.3 state machine PR
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 21 Nov 2016 12:10:35 +0000 (12:10 +0000)]
Fix some style issues identified during review
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 21 Nov 2016 13:24:50 +0000 (13:24 +0000)]
Fix SSL_IS_TLS13(s)
The SSL_IS_TLS13() macro wasn't quite right. It would come back with true
in the case where we haven't yet negotiated TLSv1.3, but it could be
negotiated.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 15 Nov 2016 14:53:37 +0000 (14:53 +0000)]
Extend test_tls13messages
Add various different handshake types that are possible.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 15 Nov 2016 14:22:29 +0000 (14:22 +0000)]
Add an s_server capability to read an OCSP Response from a file
Current s_server can only get an OCSP Response from an OCSP responder. This
provides the capability to instead get the OCSP Response from a DER encoded
file.
This should make testing of OCSP easier.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 15 Nov 2016 13:26:12 +0000 (13:26 +0000)]
Add a test for the TLSv1.3 state machine
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 15 Nov 2016 11:09:25 +0000 (11:09 +0000)]
Fix some TLSProxy warnings
After the client processes the server's initial flight in TLS1.3 it may
respond with either an encrypted, or an unencrypted alert. We needed to
teach TLSProxy about this so that it didn't issue spurious warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 15 Nov 2016 10:30:34 +0000 (10:30 +0000)]
Ensure unexpected messages are handled consistently
In one case we weren't always sending an unexpected message alert if we
don't get what we expect.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 15 Nov 2016 10:13:09 +0000 (10:13 +0000)]
Ensure the end of first server flight processing is done
There is a set of miscellaneous processing for OCSP, CT etc at the end of
the ServerDone processing. In TLS1.3 we don't have a ServerDone, so this
needs to move elsewhere.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 11 Nov 2016 16:22:19 +0000 (16:22 +0000)]
Fix the tests following the state machine changes for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 11 Nov 2016 00:20:19 +0000 (00:20 +0000)]
Create the Finished message payload
The previous commit had a dummy payload for the Finished data. This commit
fills it in with a real value.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Wed, 9 Nov 2016 14:06:12 +0000 (14:06 +0000)]
Update state machine to be closer to TLS1.3
This is a major overhaul of the TLSv1.3 state machine. Currently it still
looks like TLSv1.2. This commit changes things around so that it starts
to look a bit less like TLSv1.2 and bit more like TLSv1.3.
After this commit we have:
ClientHello
+ key_share ---->
ServerHello
+key_share
{CertificateRequest*}
{Certificate*}
{CertificateStatus*}
<---- {Finished}
{Certificate*}
{CertificateVerify*}
{Finished} ---->
[ApplicationData] <---> [Application Data]
Key differences between this intermediate position and the final TLSv1.3
position are:
- No EncryptedExtensions message yet
- No server side CertificateVerify message yet
- CertificateStatus still exists as a separate message
- A number of the messages are still in the TLSv1.2 format
- Still running on the TLSv1.2 record layer
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 8 Nov 2016 23:20:31 +0000 (23:20 +0000)]
Implement tls13_change_cipher_state()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 8 Nov 2016 16:10:21 +0000 (16:10 +0000)]
Remove old style NewSessionTicket from TLSv1.3
TLSv1.3 has a NewSessionTicket message, but it is *completely* different to
the TLSv1.2 one and may as well have been called something else. This commit
removes the old style NewSessionTicket from TLSv1.3. We will have to add the
new style one back in later.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Tue, 22 Nov 2016 09:31:12 +0000 (09:31 +0000)]
Fix EXTMS error introduced by commit
94ed2c6
Commit
94ed2c6 dropped a ! operator by mistake, which causes extended
master secret connections to fail. This puts in back.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Tue, 22 Nov 2016 10:22:16 +0000 (11:22 +0100)]
Clarify what X509_NAME_online does with the given buffer and size
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1980)
Kurt Roeckx [Mon, 21 Nov 2016 21:15:11 +0000 (22:15 +0100)]
Add missing -zdelete for some linux arches
b6d5ba1a9f004d637acac18ae3519fe063b6b5e1 forgot to update some linux arches.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1977
Todd Short [Thu, 17 Nov 2016 16:56:47 +0000 (11:56 -0500)]
Skipping tests in evp_test leaks memory
When configured with "no-mdc2 enable-crypto-mdebug" the evp_test
will leak memory due to skipped tests, and error out.
Also fix a skip condition
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1968)
Kurt Roeckx [Tue, 15 Nov 2016 17:58:52 +0000 (18:58 +0100)]
Make SSL_read and SSL_write return the old behaviour and document it.
This reverts commit
4880672a9b41a09a0984b55e219f02a2de7ab75e.
Fixes: #1903
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #1931
Dr. Stephen Henson [Sat, 19 Nov 2016 21:52:34 +0000 (21:52 +0000)]
Add test to check EVP_PKEY method ordering.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Robert Scheck [Thu, 17 Nov 2016 23:01:28 +0000 (00:01 +0100)]
Avoid warnings like unused enum value (as suggested by Rich Salz)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1945)
Robert Scheck [Thu, 17 Nov 2016 20:08:49 +0000 (21:08 +0100)]
Shift inside of switch back one level (code style change, as requested by Rich Salz)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1945)
Robert Scheck [Thu, 17 Nov 2016 16:16:50 +0000 (17:16 +0100)]
Add LMTP support (RFC 2033) to s_client ("-starttls lmtp")
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1945)
Beat Bolli [Fri, 18 Nov 2016 08:47:50 +0000 (09:47 +0100)]
Use consistent variable names in example
In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called
"loc", but the one used in the for loop is called "lastpos". Make the names match.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1949)
Beat Bolli [Fri, 18 Nov 2016 09:17:28 +0000 (10:17 +0100)]
Update the location of the pod files
CLA: trivial
Since
99d63d4 ("Move manpages to man[1357] structure.", 2016-10-26), the location
of the pod files has changed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1951)
Kurt Roeckx [Sat, 3 Sep 2016 19:27:30 +0000 (21:27 +0200)]
Fix name of "locked" variable
It's called with 0 when it's already locked, with 1 when it's not.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1500
Kurt Roeckx [Sat, 27 Aug 2016 14:01:08 +0000 (16:01 +0200)]
Add support for reference counting using C11 atomics
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1500
Dr. Stephen Henson [Thu, 17 Nov 2016 13:17:28 +0000 (13:17 +0000)]
Support MSBLOB format if RC4 is disabled
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Sun, 13 Nov 2016 21:32:09 +0000 (22:32 +0100)]
sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case.
In non-__KERNEL__ context 32-bit-style __ARMEB__/__ARMEL__ macros were
set in arm_arch.h, which is shared between 32- and 64-bit builds. Since
it's not included in __KERNEL__ case, we have to adhere to official
64-bit pre-defines, __AARCH64EB__/__AARCH64EL__.
[If we are to share more code, it would need similar adjustment.]
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 16 Nov 2016 10:22:38 +0000 (10:22 +0000)]
Fix missing SSL_IS_TLS13(s) usage
We should use the macro for testing if we are using TLSv1.3 rather than
checking s->version directly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Nicola Tuveri [Fri, 7 Oct 2016 14:23:17 +0000 (17:23 +0300)]
Handle "int_ctx_new:unsupported algorithm" error
Calling EVP_PKEY_CTX_new_id(curve_NID, NULL) causes an error for most
curves that are implemented through the EC low-level API, and in the
last commit we call it for every curve to avoid treating X25519 as a
special case.
Last commit code already handles correctly this failure, but does not
remove these events from the thread error queue, thus some
false-positive warnings are printed at the end of execution.
This commit ensures that the error queue is clean, without flushing
other errors.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
Nicola Tuveri [Fri, 7 Oct 2016 13:24:22 +0000 (16:24 +0300)]
Do not handle R_EC_X25519 as a special case
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
Nicola Tuveri [Fri, 7 Oct 2016 11:59:32 +0000 (14:59 +0300)]
Remove leftover KDF pointer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)