oweals/openssl.git
8 years agoSend alert for bad DH CKE
Dr. Stephen Henson [Fri, 22 Jul 2016 14:55:38 +0000 (15:55 +0100)]
Send alert for bad DH CKE

RT#4511

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix OOB read in TS_OBJ_print_bio().
Dr. Stephen Henson [Thu, 21 Jul 2016 14:24:16 +0000 (15:24 +0100)]
Fix OOB read in TS_OBJ_print_bio().

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoSSL tests: compress generated output a little
Emilia Kasper [Thu, 21 Jul 2016 17:19:07 +0000 (19:19 +0200)]
SSL tests: compress generated output a little

Don't emit duplicate server/client sections when they are
identical. Instead, just point to the same section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake boolean SSL test conf values case-insensitive
Emilia Kasper [Thu, 21 Jul 2016 14:32:07 +0000 (16:32 +0200)]
Make boolean SSL test conf values case-insensitive

Undo review mistake: I changed the wrong strcmp in a previous pull
request. Add test.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoClarify digest change in HMAC_Init_ex()
Dr. Stephen Henson [Tue, 19 Jul 2016 17:40:14 +0000 (18:40 +0100)]
Clarify digest change in HMAC_Init_ex()

RT#4603

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd mask for newly created symlink.
Dr. Stephen Henson [Fri, 22 Jul 2016 00:09:52 +0000 (01:09 +0100)]
Add mask for newly created symlink.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoCheck suffixes properly.
Dr. Stephen Henson [Fri, 22 Jul 2016 00:09:04 +0000 (01:09 +0100)]
Check suffixes properly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agouse correct name for duplicate
Dr. Stephen Henson [Thu, 21 Jul 2016 15:23:48 +0000 (16:23 +0100)]
use correct name for duplicate

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoHave load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result
Richard Levitte [Wed, 20 Jul 2016 15:52:35 +0000 (17:52 +0200)]
Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoVMS: Rearrange installation targets for shared libraries
Richard Levitte [Thu, 21 Jul 2016 10:33:23 +0000 (12:33 +0200)]
VMS: Rearrange installation targets for shared libraries

The way it was implemented before this change, the shared libraries
were installed twice.  On a file system that supports file
generations, that's a waste.  Slightly rearranging the install targets
solves the problem.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoTest client-side resumption
Emilia Kasper [Thu, 21 Jul 2016 12:04:00 +0000 (14:04 +0200)]
Test client-side resumption

Add tests for resuming with a different client version.

This happens in reality when clients persist sessions on disk through
upgrades.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd all publicly avaiable asn1 types to the asn1 fuzzer.
Kurt Roeckx [Sun, 17 Jul 2016 09:34:23 +0000 (11:34 +0200)]
Add all publicly avaiable asn1 types to the asn1 fuzzer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1331

8 years agoCast to an unsigned type before negating
Kurt Roeckx [Sun, 17 Jul 2016 13:28:09 +0000 (15:28 +0200)]
Cast to an unsigned type before negating

llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in type
'long'; cast to an unsigned type to negate this value to itself

Found using afl

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1325

8 years agoCheck for errors allocating the error strings.
Kurt Roeckx [Tue, 12 Jul 2016 13:50:06 +0000 (15:50 +0200)]
Check for errors allocating the error strings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330

8 years agoDon't allocate r/s in DSA_SIG and ECDSA_SIG
Dr. Stephen Henson [Tue, 19 Jul 2016 17:57:15 +0000 (18:57 +0100)]
Don't allocate r/s in DSA_SIG and ECDSA_SIG

To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().

RT#4590

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoInstall shared libraries in runtime install
Richard Levitte [Tue, 19 Jul 2016 11:24:57 +0000 (13:24 +0200)]
Install shared libraries in runtime install

On non-Windows platforms, shared libraries are both development and
runtime files.  We only installed them as development files, this
makes sure they get installed as runtime files as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoVMS: fix typo, shared libraries have the extension .EXE, not .OLB
Richard Levitte [Tue, 19 Jul 2016 11:24:26 +0000 (13:24 +0200)]
VMS: fix typo, shared libraries have the extension .EXE, not .OLB

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoNever expose ssl->bbio in the public API.
Matt Caswell [Fri, 17 Jun 2016 12:59:59 +0000 (13:59 +0100)]
Never expose ssl->bbio in the public API.

This is adapted from BoringSSL commit 2f87112b963.

This fixes a number of bugs where the existence of bbio was leaked in the
public API and broke things.

- SSL_get_wbio returned the bbio during the handshake. It must always return
  the BIO the consumer configured. In doing so, some internal accesses of
  SSL_get_wbio should be switched to ssl->wbio since those want to see bbio.

- The logic in SSL_set_rfd, etc. (which I doubt is quite right since
  SSL_set_bio's lifetime is unclear) would get confused once wbio got
  wrapped. Those want to compare to SSL_get_wbio.

- If SSL_set_bio was called mid-handshake, bbio would get disconnected and
  lose state. It forgets to reattach the bbio afterwards. Unfortunately,
  Conscrypt does this a lot. It just never ended up calling it at a point
  where the bbio would cause problems.

- Make more explicit the invariant that any bbio's which exist are always
  attached. Simplify a few things as part of that.

RT#4572

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSSL test framework: port resumption tests
Emilia Kasper [Tue, 5 Jul 2016 17:06:23 +0000 (19:06 +0200)]
SSL test framework: port resumption tests

Systematically test every server-side version downgrade or upgrade.

Client version upgrade or downgrade could be tested analogously but will
be done in a later change.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agofix crypto-mdebug build
Dr. Stephen Henson [Wed, 20 Jul 2016 01:57:23 +0000 (02:57 +0100)]
fix crypto-mdebug build

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix if/for/while( in docs
FdaSilvaYY [Tue, 28 Jun 2016 22:19:46 +0000 (00:19 +0200)]
Fix if/for/while( in docs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)

8 years agoFix a few if(, for(, while( inside code.
FdaSilvaYY [Tue, 28 Jun 2016 22:18:50 +0000 (00:18 +0200)]
Fix a few if(, for(, while( inside code.

Fix some indentation at the same time

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)

8 years agoRemove reduntant X509_STORE_CTX_set_verify_cb declaration
Hannes Magnusson [Tue, 12 Jul 2016 21:33:25 +0000 (14:33 -0700)]
Remove reduntant X509_STORE_CTX_set_verify_cb declaration

f0e0fd51fd8307f6eae64862ad9aaea113f1177a added X509_STORE_CTX_set_verify_cb
with a typedef'd argument, making the original one redundant.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoSimplify buffer limit checking, and reuse BIO_snprintf returned value.
FdaSilvaYY [Tue, 5 Jul 2016 17:48:23 +0000 (19:48 +0200)]
Simplify buffer limit checking, and reuse BIO_snprintf returned value.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoCode factorisation and simplification
FdaSilvaYY [Thu, 19 May 2016 06:39:47 +0000 (08:39 +0200)]
Code factorisation and simplification

Fix some code indentation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoFix double calls to strlen
FdaSilvaYY [Mon, 9 May 2016 16:42:58 +0000 (18:42 +0200)]
Fix double calls to strlen

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoSimplify code related to tmp_email_dn.
FdaSilvaYY [Sun, 29 May 2016 22:30:52 +0000 (00:30 +0200)]
Simplify code related to tmp_email_dn.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoUse more X509_REQ_get0_pubkey & X509_get0_pubkey
FdaSilvaYY [Wed, 6 Apr 2016 22:20:11 +0000 (00:20 +0200)]
Use more X509_REQ_get0_pubkey & X509_get0_pubkey

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoOCSP_request_add0_id() inconsistent error return
Todd Short [Tue, 5 Jul 2016 13:59:29 +0000 (09:59 -0400)]
OCSP_request_add0_id() inconsistent error return

There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed

This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289)

8 years agoSanity check in ssl_get_algorithm2().
Dr. Stephen Henson [Tue, 19 Jul 2016 15:03:10 +0000 (16:03 +0100)]
Sanity check in ssl_get_algorithm2().

RT#4600

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSend alert on CKE error.
Dr. Stephen Henson [Tue, 19 Jul 2016 15:53:26 +0000 (16:53 +0100)]
Send alert on CKE error.

RT#4610

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoResolve over command syntax error which causes 'make install' to fail
Coty Sutherland [Thu, 14 Jul 2016 12:52:52 +0000 (08:52 -0400)]
Resolve over command syntax error which causes 'make install' to fail

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1312)

8 years agoDocument the slight change in CRYPTO_mem_ctrl()
Richard Levitte [Tue, 19 Jul 2016 19:48:52 +0000 (21:48 +0200)]
Document the slight change in CRYPTO_mem_ctrl()

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoDocument the slight change in ERR_get_next_error_library()
Richard Levitte [Tue, 19 Jul 2016 19:33:02 +0000 (21:33 +0200)]
Document the slight change in ERR_get_next_error_library()

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agomake update
Richard Levitte [Tue, 19 Jul 2016 19:01:11 +0000 (21:01 +0200)]
make update

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoChange all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
Richard Levitte [Tue, 19 Jul 2016 17:42:11 +0000 (19:42 +0200)]
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead

That way, we have a way to check if the init function was successful
or not.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoDefine a few internal macros for easy use of run_once functions
Richard Levitte [Tue, 19 Jul 2016 17:38:57 +0000 (19:38 +0200)]
Define a few internal macros for easy use of run_once functions

Because pthread_once() takes a function taking no argument and
returning nothing, and we want to be able to check if they're
successful, we define a few internal macros to get around the issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoRT4593: Add space after comma (doc nits)
Rich Salz [Tue, 19 Jul 2016 13:27:53 +0000 (09:27 -0400)]
RT4593: Add space after comma (doc nits)

Update find-doc-nits to find errors in SYNOPSIS (the most common
place where they were missing).

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix forgotten goto
Richard Levitte [Tue, 19 Jul 2016 13:20:00 +0000 (15:20 +0200)]
Fix forgotten goto

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix building with no-cms
Matt Caswell [Mon, 18 Jul 2016 19:59:30 +0000 (20:59 +0100)]
Fix building with no-cms

The new fuzzing code broke no-cms

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoConvert the last uses of sockaddr in apps/* to use BIO_ADDR instead
Richard Levitte [Tue, 19 Jul 2016 11:52:26 +0000 (13:52 +0200)]
Convert the last uses of sockaddr in apps/* to use BIO_ADDR instead

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix two bugs in clienthello processing
Emilia Kasper [Mon, 4 Jul 2016 18:32:28 +0000 (20:32 +0200)]
Fix two bugs in clienthello processing

- Always process ALPN (previously there was an early return in the
  certificate status handling)
- Don't send a duplicate alert. Previously, both
  ssl_check_clienthello_tlsext_late and its caller would send an
  alert. Consolidate alert sending code in the caller.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSSL test framework: port NPN and ALPN tests
Emilia Kasper [Mon, 4 Jul 2016 18:16:14 +0000 (20:16 +0200)]
SSL test framework: port NPN and ALPN tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoCleanup after sk_push fail
mrpre [Sat, 2 Jul 2016 03:49:43 +0000 (11:49 +0800)]
Cleanup after sk_push fail

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1281)

8 years agoUpdate error codes following tls_process_key_exchange() refactor
Matt Caswell [Fri, 8 Jul 2016 14:48:26 +0000 (15:48 +0100)]
Update error codes following tls_process_key_exchange() refactor

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoTidy up tls_process_key_exchange()
Matt Caswell [Fri, 8 Jul 2016 14:41:36 +0000 (15:41 +0100)]
Tidy up tls_process_key_exchange()

After the refactor of tls_process_key_exchange(), this commit tidies up
some loose ends.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out ECDHE from tls_process_key_exchange()
Matt Caswell [Fri, 8 Jul 2016 14:26:13 +0000 (15:26 +0100)]
Split out ECDHE from tls_process_key_exchange()

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the ECDHE aspects.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out DHE from tls_process_key_exchange()
Matt Caswell [Fri, 8 Jul 2016 14:08:50 +0000 (15:08 +0100)]
Split out DHE from tls_process_key_exchange()

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the DHE aspects.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out SRP from tls_process_key_exchange()
Matt Caswell [Fri, 8 Jul 2016 13:55:56 +0000 (14:55 +0100)]
Split out SRP from tls_process_key_exchange()

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the SRP aspects.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out the PSK preamble from tls_process_key_exchange()
Matt Caswell [Fri, 8 Jul 2016 11:44:53 +0000 (12:44 +0100)]
Split out the PSK preamble from tls_process_key_exchange()

The tls_process_key_exchange() function is too long. This commit starts
the process of splitting it up by moving the PSK preamble code to a
separate function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoMove the PSK preamble for tls_process_key_exchange()
Matt Caswell [Fri, 8 Jul 2016 11:20:42 +0000 (12:20 +0100)]
Move the PSK preamble for tls_process_key_exchange()

The function tls_process_key_exchange() is too long. This commit moves
the PSK preamble processing out to a separate function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoNarrow scope of locals vars in tls_process_key_exchange()
Matt Caswell [Fri, 8 Jul 2016 11:18:18 +0000 (12:18 +0100)]
Narrow scope of locals vars in tls_process_key_exchange()

Narrow the scope of the local vars in preparation for split up this
function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoAdd more session tests
Matt Caswell [Mon, 13 Jun 2016 14:10:18 +0000 (15:10 +0100)]
Add more session tests

Add some more tests for sessions following on from the previous commit
to ensure the callbacks are called when appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoRemove sessions from external cache, even if internal cache not used.
Matt Caswell [Mon, 13 Jun 2016 10:24:15 +0000 (11:24 +0100)]
Remove sessions from external cache, even if internal cache not used.

If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't
removing sessions from the external cache, e.g. if an alert occurs the
session is supposed to be automatically removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoHave the Travis builds do a "make update"
Richard Levitte [Tue, 19 Jul 2016 09:58:26 +0000 (11:58 +0200)]
Have the Travis builds do a "make update"

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agomake update
Richard Levitte [Tue, 19 Jul 2016 09:50:42 +0000 (11:50 +0200)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFixup a few SSLerr calls in ssl/statem/
Richard Levitte [Tue, 19 Jul 2016 09:50:31 +0000 (11:50 +0200)]
Fixup a few SSLerr calls in ssl/statem/

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFixup collision between SSL_F_TLS_PROCESS_SKE and SSL_F_TLS_PROCESS_CKE macros
Richard Levitte [Tue, 19 Jul 2016 09:49:51 +0000 (11:49 +0200)]
Fixup collision between SSL_F_TLS_PROCESS_SKE and SSL_F_TLS_PROCESS_CKE macros

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoCheck and print out boolean type properly.
Dr. Stephen Henson [Mon, 18 Jul 2016 22:59:39 +0000 (23:59 +0100)]
Check and print out boolean type properly.

If underlying type is boolean don't check field is NULL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRefactor Identity Hint handling
Matt Caswell [Mon, 18 Jul 2016 12:49:38 +0000 (13:49 +0100)]
Refactor Identity Hint handling

Don't call strncpy with strlen of the source as the length. Don't call
strlen multiple times. Eventually we will want to replace this with a proper
PACKET style handling (but for construction of PACKETs instead of just
reading them as it is now). For now though this is safe because
PSK_MAX_IDENTITY_LEN will always fit into the destination buffer.

This addresses an OCAP Audit issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix up error codes after splitting up tls_construct_key_exchange()
Matt Caswell [Fri, 8 Jul 2016 11:27:30 +0000 (12:27 +0100)]
Fix up error codes after splitting up tls_construct_key_exchange()

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSome tidy ups after the CKE construction refactor
Matt Caswell [Fri, 8 Jul 2016 10:09:02 +0000 (11:09 +0100)]
Some tidy ups after the CKE construction refactor

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out SRP CKE construction into a separate function
Matt Caswell [Fri, 8 Jul 2016 09:43:59 +0000 (10:43 +0100)]
Split out SRP CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the SRP
code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out GOST CKE construction into a separate function
Matt Caswell [Fri, 8 Jul 2016 09:07:55 +0000 (10:07 +0100)]
Split out GOST CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the GOST
code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out DHE CKE construction into a separate function
Matt Caswell [Fri, 8 Jul 2016 08:51:02 +0000 (09:51 +0100)]
Split out DHE CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the ECDHE
code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out DHE CKE construction into a separate function
Matt Caswell [Fri, 8 Jul 2016 08:42:07 +0000 (09:42 +0100)]
Split out DHE CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the DHE
code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out CKE construction PSK pre-amble and RSA into a separate function
Matt Caswell [Thu, 7 Jul 2016 13:42:27 +0000 (14:42 +0100)]
Split out CKE construction PSK pre-amble and RSA into a separate function

The tls_construct_client_key_exchange() function is too long. This splits
out the construction of the PSK pre-amble into a separate function as well
as the RSA construction.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoNarrow the scope of local variables in tls_construct_client_key_exchange()
Matt Caswell [Thu, 7 Jul 2016 11:47:07 +0000 (12:47 +0100)]
Narrow the scope of local variables in tls_construct_client_key_exchange()

This is in preparation for splitting up this over long function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix bug with s2n et al macros
Matt Caswell [Thu, 7 Jul 2016 14:51:17 +0000 (15:51 +0100)]
Fix bug with s2n et al macros

The parameters should have parens around them when used.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoErrors fix up following break up of CKE processing
Matt Caswell [Wed, 6 Jul 2016 10:02:32 +0000 (11:02 +0100)]
Errors fix up following break up of CKE processing

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoRemove the f_err lable from tls_process_client_key_exchange()
Matt Caswell [Wed, 6 Jul 2016 09:53:29 +0000 (10:53 +0100)]
Remove the f_err lable from tls_process_client_key_exchange()

The f_err label is no longer needed so it can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out GOST from process CKE code
Matt Caswell [Wed, 6 Jul 2016 09:51:18 +0000 (10:51 +0100)]
Split out GOST from process CKE code

Continuing from the previous commits, this splits out the GOST code into
a separate function from the process CKE code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out ECDHE from process CKE code
Matt Caswell [Wed, 6 Jul 2016 09:33:32 +0000 (10:33 +0100)]
Split out ECDHE from process CKE code

Continuing from the previous commits, this splits out the ECDHE code into
a separate function from the process CKE code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out DHE from process CKE code
Matt Caswell [Wed, 6 Jul 2016 09:22:51 +0000 (10:22 +0100)]
Split out DHE from process CKE code

Continuing from the previous commit, this splits out the DHE code into
a separate function from the process CKE code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSplit out PSK preamble and RSA from process CKE code
Matt Caswell [Wed, 6 Jul 2016 08:55:31 +0000 (09:55 +0100)]
Split out PSK preamble and RSA from process CKE code

The tls_process_client_key_exchange() function is far too long. This
splits out the PSK preamble processing, and the RSA processing into
separate functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoReduce the scope of some variables in tls_process_client_key_exchange()
Matt Caswell [Wed, 6 Jul 2016 08:24:33 +0000 (09:24 +0100)]
Reduce the scope of some variables in tls_process_client_key_exchange()

In preparation for splitting this function up into smaller functions this
commit reduces the scope of some of the variables to only be in scope for
the algorithm specific parts. In some cases that makes the error handling
more verbose than it needs to be - but we'll clean that up in a later
commit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoDon't make a difference between building test programs and other programs
Richard Levitte [Fri, 8 Jul 2016 15:58:36 +0000 (17:58 +0200)]
Don't make a difference between building test programs and other programs

This adds a new target 'build_programs' and makes 'build_apps' and
'build_tests' aliases for it, for backward compatibility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUse _NO_INST in some build.info files
Richard Levitte [Fri, 8 Jul 2016 12:52:51 +0000 (14:52 +0200)]
Use _NO_INST in some build.info files

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdapt the build files to the new "install" hash table
Richard Levitte [Fri, 8 Jul 2016 12:52:09 +0000 (14:52 +0200)]
Adapt the build files to the new "install" hash table

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoDocument the _NO_INST variants
Richard Levitte [Fri, 8 Jul 2016 12:51:23 +0000 (14:51 +0200)]
Document the _NO_INST variants

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agobuild.info: implement PROGRAM_NO_INST, and dito for ENGINES, SCRIPTS, LIBS
Richard Levitte [Fri, 8 Jul 2016 12:28:58 +0000 (14:28 +0200)]
build.info: implement PROGRAM_NO_INST, and dito for ENGINES, SCRIPTS, LIBS

PROGRAM_NO_INST, ENGINES_NO_INST, SCRIPTS_NO_INST and LIBS_NO_INST are
to be used to specify program, engines, scripts and libraries that are
not to be installed in the system.  Fuzzers, test programs, that sort
of things are of the _NO_INST type, for example.

For the benefit of build file templates and other templates that use
data from configdata.pm, a new hash table $unified_info{install} is
created.  It contains a set of subhashes, one for each type of
installable, each having an array of file names as values.  For
example, it can look like this:

    "install" =>
        {
            "engines" =>
                [
                    "engines/afalg/afalg",
                    "engines/capi",
                    "engines/dasync",
                    "engines/padlock",
                ],
            "libraries" =>
                [
                    "libcrypto",
                    "libssl",
                ],
            "programs" =>
                [
                    "apps/openssl",
                ],
            "scripts" =>
                [
                    "apps/CA.pl",
                    "apps/tsget",
                    "tools/c_rehash",
                ],
        },

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix print of ASN.1 BIGNUM type.
Dr. Stephen Henson [Mon, 18 Jul 2016 16:52:56 +0000 (17:52 +0100)]
Fix print of ASN.1 BIGNUM type.

The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix formatting in statem_srvr.c based on review feedback
Matt Caswell [Mon, 18 Jul 2016 13:17:42 +0000 (14:17 +0100)]
Fix formatting in statem_srvr.c based on review feedback

Also elaborated a comment based on feedback.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoEnsure Travis tests SSLv3
Matt Caswell [Fri, 15 Jul 2016 09:46:01 +0000 (10:46 +0100)]
Ensure Travis tests SSLv3

Switch on Travis testing of SSLv3.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoTry and make the transition tests for CKE message clearer
Matt Caswell [Fri, 15 Jul 2016 09:36:42 +0000 (10:36 +0100)]
Try and make the transition tests for CKE message clearer

The logic testing whether a CKE message is allowed or not was a little
difficult to follow. This tries to clean it up.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoSimplify key_exchange_expected() logic
Matt Caswell [Fri, 15 Jul 2016 09:04:11 +0000 (10:04 +0100)]
Simplify key_exchange_expected() logic

The static function key_exchange_expected() used to return -1 on error.
Commit 361a119127 changed that so that it can never fail. This means that
some tidy up can be done to simplify error handling in callers of that
function.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoFix client auth test_ssl_new failures when enabling/disabling protocols
Matt Caswell [Wed, 22 Jun 2016 22:22:00 +0000 (23:22 +0100)]
Fix client auth test_ssl_new failures when enabling/disabling protocols

If configuring for anything other than the default TLS protocols then
test failures were occuring.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoMake sure we call ssl3_digest_cached_records() when necessary
Matt Caswell [Wed, 22 Jun 2016 13:37:57 +0000 (14:37 +0100)]
Make sure we call ssl3_digest_cached_records() when necessary

Having received a ClientKeyExchange message instead of a Certificate we
know that we are not going to receive a CertificateVerify message. This
means we can free up the handshake_buffer. However we better call
ssl3_digest_cached_records() instead of just freeing it up, otherwise we
later try and use it anyway and a core dump results. This could happen,
for example, in SSLv3 where we send a CertificateRequest but the client
sends no Certificate message at all. This is valid in SSLv3 (in TLS
clients are required to send an empty Certificate message).

Found using the BoringSSL test suite.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoFix SSLv3 alert if no Client Ceritifcate sent after a request for one
Matt Caswell [Wed, 22 Jun 2016 18:43:46 +0000 (19:43 +0100)]
Fix SSLv3 alert if no Client Ceritifcate sent after a request for one

In TLS if the server sends a CertificateRequest and the client does not
provide one, if the server cannot continue it should send a
HandshakeFailure alert. In SSLv3 the same should happen, but instead we
were sending an UnexpectedMessage alert. This is incorrect - the message
isn't unexpected - it is valid for the client not to send one - its just
that we cannot continue without one.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoFix SSLv3 ClientAuth alert checking
Matt Caswell [Wed, 22 Jun 2016 18:41:03 +0000 (19:41 +0100)]
Fix SSLv3 ClientAuth alert checking

In TLS during ClientAuth if the CA is not recognised you should get an
UnknownCA alert. In SSLv3 this does not exist and you should get a
BadCertificate alert.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoFix Client Auth tests
Matt Caswell [Wed, 22 Jun 2016 15:34:26 +0000 (16:34 +0100)]
Fix Client Auth tests

The Client Auth tests were not correctly setting the Protocol, so that this
aspect had no effect. It was testing the same thing lots of times for
TLSv1.2 every time.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoPrepare the client certificate earlier
Matt Caswell [Wed, 22 Jun 2016 13:31:32 +0000 (14:31 +0100)]
Prepare the client certificate earlier

Move the preparation of the client certificate to be post processing work
after reading the CertificateRequest message rather than pre processing
work prior to writing the Certificate message. As part of preparing the
client certificate we may discover that we do not have one available. If
we are also talking SSLv3 then we won't send the Certificate message at
all. However, if we don't discover this until we are about to send the
Certificate message it is too late and we send an empty one anyway. This
is wrong for SSLv3.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoFix mingw build
Matt Caswell [Mon, 18 Jul 2016 09:29:46 +0000 (10:29 +0100)]
Fix mingw build

Mingw builds on Travis were failing because INT_MAX was undeclared.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix strict-warnings build
Matt Caswell [Mon, 18 Jul 2016 09:28:45 +0000 (10:28 +0100)]
Fix strict-warnings build

The i2d_SCT_LIST function is declared as __owur, therefore we need to check
the result or a --strict-warnings build will fail.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoaes/asm/aesfx-sparcv9.pl: switch to fshiftorx to improve single-block
Andy Polyakov [Sun, 3 Jul 2016 14:53:14 +0000 (16:53 +0200)]
aes/asm/aesfx-sparcv9.pl: switch to fshiftorx to improve single-block
and short-input performance.

[Fix bug in misaligned output handling.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSPARC assembly pack: enforce V8+ ABI constraints.
Andy Polyakov [Fri, 1 Jul 2016 16:10:10 +0000 (18:10 +0200)]
SPARC assembly pack: enforce V8+ ABI constraints.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoevp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9.
Andy Polyakov [Sat, 23 Apr 2016 17:22:53 +0000 (19:22 +0200)]
evp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoaes/asm/aesfx-sparcv9.pl: add "teaser" CBC and CTR subroutines.
Andy Polyakov [Sat, 23 Apr 2016 17:21:18 +0000 (19:21 +0200)]
aes/asm/aesfx-sparcv9.pl: add "teaser" CBC and CTR subroutines.

[Also optimize aligaddr usage in single-block subroutines.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agofuzzers: print and convert it back
Kurt Roeckx [Sat, 16 Jul 2016 11:41:33 +0000 (13:41 +0200)]
fuzzers: print and convert it back

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1323

8 years agoReturn error when trying to print invalid ASN1 integer
Kurt Roeckx [Sat, 16 Jul 2016 14:56:54 +0000 (16:56 +0200)]
Return error when trying to print invalid ASN1 integer

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1322