oweals/openssl.git
7 years agoAdd documentation for the storeutl app
Richard Levitte [Tue, 13 Dec 2016 12:47:13 +0000 (13:47 +0100)]
Add documentation for the storeutl app

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoAdd documentation for STORE functions
Richard Levitte [Tue, 13 Dec 2016 12:46:53 +0000 (13:46 +0100)]
Add documentation for STORE functions

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoengine app: print out information on STORE loaders and STORE FILE handlers
Richard Levitte [Sun, 11 Dec 2016 06:06:13 +0000 (07:06 +0100)]
engine app: print out information on STORE loaders and STORE FILE handlers

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoSTORE: add ENGINE information to loaders
Richard Levitte [Sun, 11 Dec 2016 06:02:06 +0000 (07:02 +0100)]
STORE: add ENGINE information to loaders

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoTest that storeutl with a directory path works as expected
Richard Levitte [Tue, 7 Feb 2017 15:30:31 +0000 (16:30 +0100)]
Test that storeutl with a directory path works as expected

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoSTORE 'file' scheme loader: Add directory listing capability
Richard Levitte [Tue, 7 Feb 2017 15:19:40 +0000 (16:19 +0100)]
STORE 'file' scheme loader: Add directory listing capability

This has it recognised when the given path is a directory.  In that
case, the file loader will give back a series of names, all as URI
formatted as possible given the incoming URI.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoSTORE 'file' scheme loader: Add handler for encrypted PKCS#8 data
Richard Levitte [Sat, 11 Feb 2017 00:18:29 +0000 (01:18 +0100)]
STORE 'file' scheme loader: Add handler for encrypted PKCS#8 data

Add a separate handler for encrypted PKCS#8 data.  This uses the new
restart functionality.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoSTORE 'file' scheme loader: refactor file_load to support decoding restart
Richard Levitte [Sat, 11 Feb 2017 00:17:50 +0000 (01:17 +0100)]
STORE 'file' scheme loader: refactor file_load to support decoding restart

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoSTORE: Add a OSSL_STORE_INFO type to help support file handler restarts
Richard Levitte [Thu, 8 Dec 2016 13:28:42 +0000 (14:28 +0100)]
STORE: Add a OSSL_STORE_INFO type to help support file handler restarts

Some containers might very simply decode into something new that
deserves to be considered as new (embedded) data.  With the help of a
special OSSL_STORE_INFO type, make that new data available to the
loader functions so they can start over.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoSTORE tests: add PKCS#12 tests
Richard Levitte [Mon, 5 Dec 2016 14:13:01 +0000 (15:13 +0100)]
STORE tests: add PKCS#12 tests

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoSTORE 'file' scheme loader: add support for the PKCS#12 container
Richard Levitte [Sat, 11 Feb 2017 00:16:07 +0000 (01:16 +0100)]
STORE 'file' scheme loader: add support for the PKCS#12 container

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoSTORE 'file' scheme loader: add support for containers
Richard Levitte [Mon, 5 Dec 2016 22:15:58 +0000 (23:15 +0100)]
STORE 'file' scheme loader: add support for containers

Containers are objects that are containers for a bunch of other
objects with types we recognise but aren't readable in a stream.  Such
containers are read and parsed, and their content is cached, to be
served one object at a time.

This extends the FILE_HANDLER type to include a function to destroy
the cache and a function to simulate the EOF check.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoAdd a test that checks the store utility
Richard Levitte [Sat, 19 Nov 2016 19:24:17 +0000 (20:24 +0100)]
Add a test that checks the store utility

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoAdd a simple store utility command
Richard Levitte [Sat, 19 Nov 2016 18:38:23 +0000 (19:38 +0100)]
Add a simple store utility command

This command can be used to view the contents of any supported type of
information fetched from a URI, and output them in PEM format.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoAdd a STORE loader for the "file" scheme
Richard Levitte [Mon, 28 Nov 2016 16:30:21 +0000 (17:30 +0100)]
Add a STORE loader for the "file" scheme

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoMake it possible to peek at BIO data through BIO_f_buffer()
Richard Levitte [Fri, 18 Nov 2016 17:18:37 +0000 (18:18 +0100)]
Make it possible to peek at BIO data through BIO_f_buffer()

This is needed for the upcoming "file" scheme STORE loader.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoMake asn1_d2i_read_bio accessible from STORE
Richard Levitte [Fri, 18 Nov 2016 17:17:20 +0000 (18:17 +0100)]
Make asn1_d2i_read_bio accessible from STORE

This is needed for the upcoming "file" scheme STORE loader.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoAdd the STORE module
Richard Levitte [Thu, 8 Dec 2016 14:51:31 +0000 (15:51 +0100)]
Add the STORE module

This STORE module adds the following functionality:

- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
  that accesses a URI and helps loading the supported objects (PKEYs,
  CERTs and CRLs for the moment) from it.
- An opaque type OSSL_STORE_INFO that holds information on each loaded
  object.
- A few functions to retrieve desired data from a OSSL_STORE_INFO
  reference.
- Functions to register and unregister loaders for different URI
  schemes.  This enables dynamic addition of loaders from applications
  or from engines.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoMake it possible to refer to ERR_R_UI_LIB
Richard Levitte [Tue, 6 Dec 2016 03:29:08 +0000 (04:29 +0100)]
Make it possible to refer to ERR_R_UI_LIB

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

7 years agoUpdates following review of SSL_export_key_material() changes
Matt Caswell [Wed, 28 Jun 2017 16:18:27 +0000 (17:18 +0100)]
Updates following review of SSL_export_key_material() changes

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)

7 years agoUpdate the SSL_export_keying_material() documentation for TLSv1.3
Matt Caswell [Tue, 27 Jun 2017 15:32:40 +0000 (16:32 +0100)]
Update the SSL_export_keying_material() documentation for TLSv1.3

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)

7 years agoAdd an SSL_export_keying_material() test
Matt Caswell [Tue, 27 Jun 2017 15:28:25 +0000 (16:28 +0100)]
Add an SSL_export_keying_material() test

There aren't any test vectors for this, so all we do is test that both
sides of the communication create the same result for different protocol
versions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)

7 years agoUpdate SSL_export_keying_material() for TLSv1.3
Matt Caswell [Tue, 27 Jun 2017 13:57:15 +0000 (14:57 +0100)]
Update SSL_export_keying_material() for TLSv1.3

Fixes #3680

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)

7 years agoFix sample code
Greg Zaverucha [Wed, 28 Jun 2017 00:38:25 +0000 (17:38 -0700)]
Fix sample code

Fix memory leak in sample encryption code and check return value of
fopen.

CLA: trivial

Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3790)

7 years agocrypto/mem.c: on Windows, use rand() instead of random()
Richard Levitte [Tue, 27 Jun 2017 09:25:03 +0000 (11:25 +0200)]
crypto/mem.c: on Windows, use rand() instead of random()

Windows doesn't provide random().  In this particular case, our
requirements on the quality of randomness isn't high, so we don't
need to care how good randomness rand() does or doesn't provide.

Fixes #3778

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3779)

7 years agossl_session_dup() missing ext.alpn_session
Todd Short [Mon, 26 Jun 2017 13:21:20 +0000 (09:21 -0400)]
ssl_session_dup() missing ext.alpn_session

Properly copy ext.alpn_session in ssl_session_dup()
Use OPENSSL_strndup() as that's used in ssl_asn1.c

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3770)

7 years agoAdd dependency on apps/progs.h for test/uitest.o
Richard Levitte [Wed, 28 Jun 2017 12:39:20 +0000 (14:39 +0200)]
Add dependency on apps/progs.h for test/uitest.o

uitest.o depends on apps.h which depends on progs.h, which is
dynamically generated, so we need to explicitely add a dependency
between uitest.o and progs.h for the latter to be generated in time.

Fixed #3793

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3794)

7 years agotest/uitest.c's pem_password_cb returned 1 instead of the password length
Richard Levitte [Wed, 28 Jun 2017 11:01:29 +0000 (13:01 +0200)]
test/uitest.c's pem_password_cb returned 1 instead of the password length

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3791)

7 years agoUI_UTIL_wrap_read_pem_callback: make sure to terminate the string received
Richard Levitte [Wed, 28 Jun 2017 09:17:24 +0000 (11:17 +0200)]
UI_UTIL_wrap_read_pem_callback: make sure to terminate the string received

The callback we're wrapping around may or may not return a
NUL-terminated string.  Let's ensure it is.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3791)

7 years agoDocument the added devcrypto engine in CHANGES
Richard Levitte [Wed, 21 Jun 2017 20:03:29 +0000 (22:03 +0200)]
Document the added devcrypto engine in CHANGES

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)

7 years agoComment on the lack of documentation for asymmetric ciphers
Richard Levitte [Thu, 11 May 2017 10:52:47 +0000 (12:52 +0200)]
Comment on the lack of documentation for asymmetric ciphers

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)

7 years agoAdapt for BSD cryptodev.h differences
Richard Levitte [Tue, 18 Apr 2017 06:51:51 +0000 (08:51 +0200)]
Adapt for BSD cryptodev.h differences

The BSD cryptodev.h doesn't have things like COP_FLAG_WRITE_IV and
COP_FLAG_UPDATE.  In that case, we need to implement that
functionality ourselves.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)

7 years agoAdd new /dev/crypto engine
Richard Levitte [Fri, 24 Mar 2017 15:19:00 +0000 (16:19 +0100)]
Add new /dev/crypto engine

Based on cryptodev-linux

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)

7 years agoAdd the common error ERR_R_OPERATION_FAIL
Richard Levitte [Tue, 27 Jun 2017 14:05:12 +0000 (16:05 +0200)]
Add the common error ERR_R_OPERATION_FAIL

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)

7 years agoUse randomness not entropy
Rich Salz [Mon, 26 Jun 2017 16:02:57 +0000 (12:02 -0400)]
Use randomness not entropy

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3773)

7 years agoFix return-value checks in OCSP_resp_get1_id()
Benjamin Kaduk [Mon, 26 Jun 2017 17:05:09 +0000 (12:05 -0500)]
Fix return-value checks in OCSP_resp_get1_id()

Commit db17e43d882ecde217e1dce4a2b8c76c3ed134bf added the function
but would improperly report success if the underlying dup operation
failed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3775)

7 years agoutil/mkerr.pl: avoid getting an annoying warning about negative count
Richard Levitte [Tue, 27 Jun 2017 11:47:22 +0000 (13:47 +0200)]
util/mkerr.pl: avoid getting an annoying warning about negative count

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3781)

7 years agoutil/mkerr.pl: allow module names prefixed with OSSL_ or OPENSSL_
Richard Levitte [Tue, 27 Jun 2017 11:34:17 +0000 (13:34 +0200)]
util/mkerr.pl: allow module names prefixed with OSSL_ or OPENSSL_

To make sure that our symbols don't clash with other libraries, we
claim the namespaces OSSL and OPENSSL.  Because C doesn't provide
namespaces, the only solution is to have them as prefixes on symbols,
thus we allow OSSL_ and OPENSSL_ as prefixes.

These namespace prefixes are optional for the foreseeable future, and
will only be used for new modules as needed on a case by case basis,
until further notice.

For extra safety, there's an added requirement that module names -
apart from the namespace prefix - be at least 2 characters long.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3781)

7 years agoRename static global "lock" to "obj_lock"
Rich Salz [Mon, 26 Jun 2017 18:04:02 +0000 (14:04 -0400)]
Rename static global "lock" to "obj_lock"

Breaks djgpp, masks a common kernel function name.
Thanks to Gisle Vanem for pointing this out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3776)

7 years agoChange to check last return value of BN_CTX_get
Paul Yang [Thu, 22 Jun 2017 10:52:29 +0000 (18:52 +0800)]
Change to check last return value of BN_CTX_get

To make it consistent in the code base

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3749)

7 years agoFix return value checking for BIO_sock_init
Paul Yang [Sun, 25 Jun 2017 17:09:46 +0000 (01:09 +0800)]
Fix return value checking for BIO_sock_init

BIO_sock_init returns '-1' on error, not '0', so it's needed to check
explicitly istead of using '!'.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3766)

7 years agoFix inaccurate comments in bn_prime.c
Paul Yang [Sun, 25 Jun 2017 03:49:19 +0000 (11:49 +0800)]
Fix inaccurate comments in bn_prime.c

As well as a coding style nit is fixed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3763)

7 years agotsget.in: remove call of WWW::Curl::Easy::global_cleanup
Richard Levitte [Sun, 25 Jun 2017 20:06:25 +0000 (22:06 +0200)]
tsget.in: remove call of WWW::Curl::Easy::global_cleanup

This function is undocumented, but similarly named functions (such as
'curl_global_cleanup') are documented as internals that should not be
called by scripts.

Fixes #3765

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3768)

7 years agoFix no-dsa build again
Benjamin Kaduk [Sun, 25 Jun 2017 02:46:36 +0000 (21:46 -0500)]
Fix no-dsa build again

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3762)

7 years agoAdd tests for deprecated sigalgs with TLS 1.3 ClientHellos
Benjamin Kaduk [Wed, 26 Apr 2017 20:17:57 +0000 (15:17 -0500)]
Add tests for deprecated sigalgs with TLS 1.3 ClientHellos

Test for each of DSA, SHA1, and SHA224.

Use the symbolic names for SignatureScheme comparisons just added.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3326)

7 years agoFix no-dsa build
Benjamin Kaduk [Thu, 27 Apr 2017 15:32:30 +0000 (10:32 -0500)]
Fix no-dsa build

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3326)

7 years agoAdd constants for TLS 1.3 SignatureScheme values
Benjamin Kaduk [Thu, 27 Apr 2017 14:46:07 +0000 (09:46 -0500)]
Add constants for TLS 1.3 SignatureScheme values

Put them into the TLSProxy::Message namespace along with the extension
type constants.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3326)

7 years agoDisallow DSA/SHA1/etc. for pure TLS 1.3 ClientHellos
Benjamin Kaduk [Mon, 24 Apr 2017 23:20:33 +0000 (18:20 -0500)]
Disallow DSA/SHA1/etc. for pure TLS 1.3 ClientHellos

In draft-ietf-tls-tls13-20 Appendix B we find that:

   This section describes protocol types and constants.  Values listed
   as _RESERVED were used in previous versions of TLS and are listed
   here for completeness.  TLS 1.3 implementations MUST NOT send them
   but might receive them from older TLS implementations.

Similarly, in section 4.2.3 we see:

   Legacy algorithms  Indicates algorithms which are being deprecated
      because they use algorithms with known weaknesses, specifically
      SHA-1 which is used in this context with either with RSA using
      RSASSA-PKCS1-v1_5 or ECDSA.  These values refer solely to
      signatures which appear in certificates (see Section 4.4.2.2) and
      are not defined for use in signed TLS handshake messages.
      Endpoints SHOULD NOT negotiate these algorithms but are permitted
      to do so solely for backward compatibility.  Clients offering
      these values MUST list them as the lowest priority (listed after
      all other algorithms in SignatureSchemeList).  TLS 1.3 servers
      MUST NOT offer a SHA-1 signed certificate unless no valid
      certificate chain can be produced without it (see
      Section 4.4.2.2).

However, we are currently sending the SHA2-based DSA signature schemes
and many SHA1-based schemes, which is in contradiction with the specification.

Because TLS 1.3 support will appear in OpenSSL 1.1, we are bound by
stability requirements to continue to offer the DSA signature schemes
and the deprecated hash algorithms.  at least until OpenSSL 1.2.
However, for pure TLS 1.3 clients that do not offer lower TLS versions,
we can be compliant.  Do so, and leave a note to revisit the issue when
we are permitted to break with sacred historical tradition.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3326)

7 years agosha/asm/keccak1600-mmx.pl: optimize for Atom and add comparison data.
Andy Polyakov [Wed, 21 Jun 2017 13:29:53 +0000 (15:29 +0200)]
sha/asm/keccak1600-mmx.pl: optimize for Atom and add comparison data.

Curiously enough out-of-order Silvermont benefited most from
optimization, 33%. [Originally mentioned "anomaly" turned to be
misreported frequency scaling problem. Correct results were
collected under older kernel.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3739)

7 years agoAdd sha/asm/keccak1600-mmx.pl, x86 MMX module.
Andy Polyakov [Wed, 21 Jun 2017 13:25:52 +0000 (15:25 +0200)]
Add sha/asm/keccak1600-mmx.pl, x86 MMX module.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3739)

7 years agoFix a memory leak in the new TAP filter BIO
Matt Caswell [Fri, 23 Jun 2017 17:18:21 +0000 (18:18 +0100)]
Fix a memory leak in the new TAP filter BIO

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3760)

7 years agoFix travis clang-3.9 builds
Matt Caswell [Fri, 23 Jun 2017 12:58:49 +0000 (13:58 +0100)]
Fix travis clang-3.9 builds

Something environmental changed in travis so that it started preferring
the ubuntu clang-3.9 version instead of the llvm.org one. This breaks the
sanitiser based builds. This change forces travis to de-prioritise the
ubuntu clang packages.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3759)

7 years agoFix another EVP_DigestVerify() instance
Matt Caswell [Fri, 23 Jun 2017 10:40:47 +0000 (11:40 +0100)]
Fix another EVP_DigestVerify() instance

Following on from the previous commit this fixes another instance where
we need to treat a -ve return from EVP_DigestVerify() as a bad signature.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3756)

7 years agoTreat all failures from EVP_DigestVerify() as a bad signature
Matt Caswell [Fri, 23 Jun 2017 10:29:04 +0000 (11:29 +0100)]
Treat all failures from EVP_DigestVerify() as a bad signature

Prior to 72ceb6a we treated all failures from the call to
EVP_DigestVerifyFinal() as if it were a bad signature, and failures in
EVP_DigestUpdate() as an internal error. After that commit we replaced
this with the one-shot function EVP_DigestVerify() and treated a 0 return
as a bad signature and a negative return as an internal error. However,
some signature errors can be negative (e.g. according to the docs if the
form of the signature is wrong). Therefore we should treat all <=0
returns as a bad signature.

This fixes a boringssl test failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3756)

7 years agoFix the constant time 64 test
Matt Caswell [Fri, 23 Jun 2017 09:10:51 +0000 (10:10 +0100)]
Fix the constant time 64 test

We were adding more tests than we had data for due to use of
sizeof instead of OSSL_NELEM. I also changed the 8 bit tests
for consistency, although they were already working.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3755)

7 years agoRemove uses of the TEST_check macro.
Pauli [Thu, 22 Jun 2017 04:00:55 +0000 (14:00 +1000)]
Remove uses of the TEST_check macro.

This macro aborts the test which prevents later tests from executing.  It also
bypasses the test framework output functionality.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3750)

7 years agoFix OBJ_create() to tolerate a NULL sn and ln
Matt Caswell [Thu, 22 Jun 2017 14:25:26 +0000 (15:25 +0100)]
Fix OBJ_create() to tolerate a NULL sn and ln

In 1.0.2 and before OBJ_create() allowed the sn or ln parameter to be NULL.
Commit 52832e47 changed that so that it crashed if they were NULL.

This was causing problems with the built-in config oid module. If a long
name was provided OBJ_create() is initially called with a NULL ln and
therefore causes a crash.

Fixes #3733

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3753)

7 years agoFix tls1_generate_master_secret
Alexey Komnin [Thu, 22 Jun 2017 06:45:17 +0000 (09:45 +0300)]
Fix tls1_generate_master_secret

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3751)

7 years agoFix the names of ChaCha20-Poly1305 cipher suites in t1_trce.c.
David Benjamin [Thu, 22 Jun 2017 03:36:19 +0000 (23:36 -0400)]
Fix the names of ChaCha20-Poly1305 cipher suites in t1_trce.c.

Per RFC 7905, the cipher suite names end in "_SHA256". The original
implementation targeted the -03 draft, but there was a -04 draft right
before the RFC was published to make the names consistent.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3748)

7 years agoTAP line filter BIO.
Pauli [Wed, 21 Jun 2017 23:35:08 +0000 (09:35 +1000)]
TAP line filter BIO.

This is an implementation of a BIO filter that produce TAP compatible output
for the test framework.  The current test indentation level is honoured.

The test output functions have been modified to not attempt to indent
their output and to not include the leading '#' character.

The filter is applied to bio_err only.  bio_out is left unchanged, although
tests using bio_out have been modified to use bio_err instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3732)

7 years agoConfigure: give config targets the possibility to enable or disable features
Richard Levitte [Wed, 21 Jun 2017 22:47:49 +0000 (00:47 +0200)]
Configure: give config targets the possibility to enable or disable features

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3745)

7 years agoRemove duplicate see also reference to BIO_s_mem.
Pauli [Tue, 20 Jun 2017 01:27:02 +0000 (11:27 +1000)]
Remove duplicate see also reference to BIO_s_mem.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3731)

7 years agoAdd OCSP_resp_get1_id() accessor
Sascha Steinbiss [Tue, 8 Nov 2016 09:16:45 +0000 (10:16 +0100)]
Add OCSP_resp_get1_id() accessor

Adding a get1 style accessor as brought up in mailing list post
https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.html

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1876)

7 years agoAvoid compiler complaining
Paul Yang [Wed, 21 Jun 2017 16:31:26 +0000 (00:31 +0800)]
Avoid compiler complaining

initialize some local variables

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3741)

7 years agoAdd documentation for the SSL_export_keying_material() function
Matt Caswell [Wed, 21 Jun 2017 12:55:02 +0000 (13:55 +0100)]
Add documentation for the SSL_export_keying_material() function

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3735)

7 years agosha/asm/sha512p8-ppc.pl: add POWER8 performance data.
Andy Polyakov [Sun, 18 Jun 2017 12:58:52 +0000 (14:58 +0200)]
sha/asm/sha512p8-ppc.pl: add POWER8 performance data.

[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3705)

7 years agoAdd Keccak-1600 modules for PPC64 and POWER8.
Andy Polyakov [Sat, 17 Jun 2017 11:46:29 +0000 (13:46 +0200)]
Add Keccak-1600 modules for PPC64 and POWER8.

[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3705)

7 years agoFix DTLS failure when used in a build which has SCTP enabled
Matt Caswell [Tue, 20 Jun 2017 15:36:30 +0000 (16:36 +0100)]
Fix DTLS failure when used in a build which has SCTP enabled

The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with
the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately
due to this clash, this wasn't the case. The BIO ended up going into peek
mode and was continually reading the same data over and over - throwing it
away as a replay.

Fixes #3723

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3724)

7 years agoPSK related tweaks based on review feedback
Matt Caswell [Wed, 21 Jun 2017 11:17:30 +0000 (12:17 +0100)]
PSK related tweaks based on review feedback

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoUse constants rather than macros for the cipher bytes in the apps
Matt Caswell [Wed, 21 Jun 2017 10:58:10 +0000 (11:58 +0100)]
Use constants rather than macros for the cipher bytes in the apps

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd some tests for the new TLSv1.3 PSK code
Matt Caswell [Tue, 20 Jun 2017 13:26:00 +0000 (14:26 +0100)]
Add some tests for the new TLSv1.3 PSK code

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoFix some bugs in the TLSv1.3 PSK code
Matt Caswell [Tue, 20 Jun 2017 13:25:38 +0000 (14:25 +0100)]
Fix some bugs in the TLSv1.3 PSK code

Found while developing the PSK tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoMake the input parameters for SSL_SESSION_set1_master_key const
Matt Caswell [Tue, 20 Jun 2017 13:24:39 +0000 (14:24 +0100)]
Make the input parameters for SSL_SESSION_set1_master_key const

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoDocument SSL_set_psk_find_session_callback() and SSL_CTX equivalent
Matt Caswell [Mon, 19 Jun 2017 14:03:43 +0000 (15:03 +0100)]
Document SSL_set_psk_find_session_callback() and SSL_CTX equivalent

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoDocument SSL_set_psk_use_session_callback() and SSL_CTX equivalent
Matt Caswell [Fri, 16 Jun 2017 15:27:33 +0000 (16:27 +0100)]
Document SSL_set_psk_use_session_callback() and SSL_CTX equivalent

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoTweak the client side PSK callback
Matt Caswell [Fri, 16 Jun 2017 15:26:25 +0000 (16:26 +0100)]
Tweak the client side PSK callback

Ensure that we properly distinguish between successful return (PSK
provided), successful return (no PSK provided) and failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd documentation for SSL_CTX_set_psk_use_session_callback()
Matt Caswell [Fri, 16 Jun 2017 13:30:10 +0000 (14:30 +0100)]
Add documentation for SSL_CTX_set_psk_use_session_callback()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoDocument SSL_CIPHER_get_handshake_digest()
Matt Caswell [Wed, 14 Jun 2017 13:27:53 +0000 (14:27 +0100)]
Document SSL_CIPHER_get_handshake_digest()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoDocument SSL_SESSION_set_protocol_version()
Matt Caswell [Wed, 14 Jun 2017 12:58:29 +0000 (13:58 +0100)]
Document SSL_SESSION_set_protocol_version()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoDocument SSL_SESSION_set1_master_key()
Matt Caswell [Wed, 14 Jun 2017 09:37:25 +0000 (10:37 +0100)]
Document SSL_SESSION_set1_master_key()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd documentation for SSL_SESSION_set_cipher()
Matt Caswell [Tue, 13 Jun 2017 14:27:50 +0000 (15:27 +0100)]
Add documentation for SSL_SESSION_set_cipher()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoFix no-psk
Matt Caswell [Tue, 13 Jun 2017 13:28:45 +0000 (14:28 +0100)]
Fix no-psk

Broken through previous PSK related commits

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd the ability to set a TLSv1.3 PSK via just the key bytes
Matt Caswell [Mon, 12 Jun 2017 18:12:13 +0000 (19:12 +0100)]
Add the ability to set a TLSv1.3 PSK via just the key bytes

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd SSL_SESSION_set_protocol_version()
Matt Caswell [Mon, 12 Jun 2017 18:40:11 +0000 (19:40 +0100)]
Add SSL_SESSION_set_protocol_version()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd SSL_SESSION_set_cipher()
Matt Caswell [Mon, 12 Jun 2017 18:12:04 +0000 (19:12 +0100)]
Add SSL_SESSION_set_cipher()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd SSL_SESSION_set1_master_key()
Matt Caswell [Mon, 12 Jun 2017 17:38:30 +0000 (18:38 +0100)]
Add SSL_SESSION_set1_master_key()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd the ability to use a server side TLSv1.3 external PSK in s_server
Matt Caswell [Mon, 12 Jun 2017 17:26:09 +0000 (18:26 +0100)]
Add the ability to use a server side TLSv1.3 external PSK in s_server

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd the ability to use a client side TLSv1.3 external PSK in s_client
Matt Caswell [Mon, 12 Jun 2017 15:57:06 +0000 (16:57 +0100)]
Add the ability to use a client side TLSv1.3 external PSK in s_client

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd a function to get the handshake digest for an SSL_CIPHER
Matt Caswell [Mon, 12 Jun 2017 15:56:15 +0000 (16:56 +0100)]
Add a function to get the handshake digest for an SSL_CIPHER

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd public API functions for setting TLSv1.3 PSK callbacks
Matt Caswell [Mon, 12 Jun 2017 14:59:00 +0000 (15:59 +0100)]
Add public API functions for setting TLSv1.3 PSK callbacks

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd TLSv1.3 client side external PSK support
Matt Caswell [Mon, 12 Jun 2017 12:30:21 +0000 (13:30 +0100)]
Add TLSv1.3 client side external PSK support

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd TLSv1.3 server side external PSK support
Matt Caswell [Mon, 12 Jun 2017 08:18:24 +0000 (09:18 +0100)]
Add TLSv1.3 server side external PSK support

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

7 years agoAdd ecstress test
Rich Salz [Fri, 16 Jun 2017 20:55:19 +0000 (16:55 -0400)]
Add ecstress test

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3720)

7 years agoAdd sha/asm/keccak1600-c64x.pl
Andy Polyakov [Sat, 17 Jun 2017 18:29:52 +0000 (20:29 +0200)]
Add sha/asm/keccak1600-c64x.pl

[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3708)

7 years agoAdd constant-time 64
Rich Salz [Tue, 20 Jun 2017 19:21:21 +0000 (15:21 -0400)]
Add constant-time 64

Standardize comments.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3727)

7 years agoUse EVP_PKEY_X25519, EVP_PKEY_ED25519 instead of NIDs where appropriate.
Dr. Stephen Henson [Tue, 20 Jun 2017 15:32:44 +0000 (16:32 +0100)]
Use EVP_PKEY_X25519, EVP_PKEY_ED25519 instead of NIDs where appropriate.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)

7 years agoUpdate test config file
Dr. Stephen Henson [Sat, 17 Jun 2017 16:15:11 +0000 (17:15 +0100)]
Update test config file

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)

7 years agoAdd Ed25519 TLS 1.3 and 1.2 tests
Dr. Stephen Henson [Wed, 14 Jun 2017 23:34:20 +0000 (00:34 +0100)]
Add Ed25519 TLS 1.3 and 1.2 tests

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)

7 years agoAdd Ed25519 EE certificates
Dr. Stephen Henson [Wed, 14 Jun 2017 15:37:48 +0000 (16:37 +0100)]
Add Ed25519 EE certificates

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)

7 years agoEd25519 support for mkcert.sh
Dr. Stephen Henson [Wed, 14 Jun 2017 15:37:06 +0000 (16:37 +0100)]
Ed25519 support for mkcert.sh

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)