Kurt Roeckx [Sat, 23 Sep 2017 12:49:03 +0000 (14:49 +0200)]
Use curve_id not the nid
Found by OSS-Fuzz and the tests
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #4410
Dr. Stephen Henson [Sat, 23 Sep 2017 00:03:16 +0000 (01:03 +0100)]
Remove dhparam from SSL_CONF list.
Avoid duplicate assertion by removing dhparam from SSL_CONF parameter list:
dhparam is handled manually by s_server.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4408)
Pichulin Dmitrii [Fri, 22 Sep 2017 08:41:04 +0000 (11:41 +0300)]
Fix 'key' option in s_server can be in ENGINE keyform
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4405)
Dr. Stephen Henson [Fri, 22 Sep 2017 15:06:52 +0000 (16:06 +0100)]
Store groups as uint16_t
Instead of storing supported groups in on-the-wire format store
them as parsed uint16_t values. This simplifies handling of groups
as the values can be directly used instead of being converted.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4406)
Andy Polyakov [Thu, 21 Sep 2017 20:47:12 +0000 (22:47 +0200)]
Configure: add -Wmisleading-indentation to strict warnings flags.
The warning flag in question was added in GCC version 6, hence
addition has to be conditional.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4401)
David Benjamin [Mon, 18 Sep 2017 20:51:56 +0000 (16:51 -0400)]
Guard against DoS in name constraints handling.
This guards against the name constraints check consuming large amounts
of CPU time when certificates in the presented chain contain an
excessive number of names (specifically subject email names or subject
alternative DNS names) and/or name constraints.
Name constraints checking compares the names presented in a certificate
against the name constraints included in a certificate higher up in the
chain using two nested for loops.
Move the name constraints check so that it happens after signature
verification so peers cannot exploit this using a chain with invalid
signatures. Also impose a hard limit on the number of name constraints
check loop iterations to further mitigate the issue.
Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4393)
Dr. Matthias St. Pierre [Thu, 21 Sep 2017 13:26:42 +0000 (15:26 +0200)]
Cleanup whitespace in ssl_lib.c (tabs to spaces)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4383)
Patrick Steuer [Wed, 20 Sep 2017 22:10:16 +0000 (00:10 +0200)]
Fix strict-warnings build
Compilation failed due to -Werror=misleading-indentation.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4395)
Andy Polyakov [Mon, 18 Sep 2017 14:30:28 +0000 (16:30 +0200)]
Configure: unify clang's -Qunused-arguments option treatment.
Detect clang even if it's disguised, e.g. cross-compiler or invoked by
explicit path name, and add the option based on that.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4383)
Benjamin Kaduk [Thu, 21 Sep 2017 12:18:10 +0000 (07:18 -0500)]
Reenable s_server -dhparam option
This option was lost when converting to a table-driven option parser
in commit
7e1b7485706c2b11091b5fa897fe496a2faa56cc.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4398)
Dr. Stephen Henson [Thu, 14 Sep 2017 14:23:25 +0000 (15:23 +0100)]
Add RSA-PSS certificate type TLS tests
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4368)
Dr. Stephen Henson [Thu, 14 Sep 2017 12:51:39 +0000 (13:51 +0100)]
Add RSA-PSS test certificates
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4368)
Dr. Stephen Henson [Thu, 14 Sep 2017 13:48:39 +0000 (14:48 +0100)]
Allow use of RSA-PSS certificates in TLS 1.2
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4368)
Dr. Stephen Henson [Thu, 14 Sep 2017 13:53:52 +0000 (14:53 +0100)]
Allow RSA certificates to be used for RSA-PSS
Allo RSA certificate to be used for RSA-PSS signatures: this needs
to be explicit because RSA and RSA-PSS certificates are now distinct
types.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4368)
Dr. Stephen Henson [Wed, 13 Sep 2017 12:53:03 +0000 (13:53 +0100)]
Add RSA-PSS key certificate type.
Recognise RSA-PSS certificate algorithm and add a new certificate
type.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4368)
David Benjamin [Mon, 18 Sep 2017 19:58:41 +0000 (15:58 -0400)]
Fix overflow in c2i_ASN1_BIT_STRING.
c2i_ASN1_BIT_STRING takes length as a long but uses it as an int. Check
bounds before doing so. Previously, excessively large inputs to the
function could write a single byte outside the target buffer. (This is
unreachable as asn1_ex_c2i already uses int for the length.)
Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4385)
Pauli [Mon, 18 Sep 2017 02:17:18 +0000 (12:17 +1000)]
Stack sorting safety
Use the defined typechecking stack method to sort the compression methods stack
rather than using the generic function and apply type casts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4382)
Pauli [Sun, 17 Sep 2017 20:52:13 +0000 (06:52 +1000)]
Null pointer used.
Address coverity report of null pointer being dereferenced.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4381)
Christian Heimes [Thu, 14 Sep 2017 07:28:39 +0000 (09:28 +0200)]
Provide getters for min/max proto version
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new
API to set the minimum and maximum protocol version for SSL_CTX with
TLS_method(). Add getters to introspect the configured versions:
int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
int SSL_get_min_proto_version(SSL *ssl);
int SSL_get_max_proto_version(SSL *ssl);
NOTE: The getters do not resolv the version in case when the minimum or
maxium version are configured as '0' (meaning auto-select lowest and
highst version number).
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4364)
Pauli [Thu, 14 Sep 2017 23:05:43 +0000 (09:05 +1000)]
Avoid signed vs unsigned comparison error.
Introduced by #4372
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4374)
Pauli [Thu, 14 Sep 2017 22:01:42 +0000 (08:01 +1000)]
Add explanatory comment about fitting into a size_t.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4373)
Pauli [Thu, 14 Sep 2017 21:52:32 +0000 (07:52 +1000)]
Remote unrequited casts
Also use strndup instead of a malloc/memcpy pair.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4372)
Rich Salz [Thu, 14 Sep 2017 20:13:53 +0000 (16:13 -0400)]
Replace malloc+strcpy with strdup
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4371)
Rich Salz [Thu, 14 Sep 2017 20:13:00 +0000 (16:13 -0400)]
Fix function name in ECerr call
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4371)
Benjamin Kaduk [Thu, 14 Sep 2017 15:23:20 +0000 (10:23 -0500)]
Fix no-ec no-dh build
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4369)
Paul Yang [Thu, 14 Sep 2017 06:19:30 +0000 (14:19 +0800)]
Fix doc nits
[to be squashed]
[skip ci]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4356)
Paul Yang [Mon, 11 Sep 2017 15:15:55 +0000 (23:15 +0800)]
Support EVP_PKEY_meth_remove and pmeth internal cleanup
1. make app pkey methods cleanup internal
2. add EVP_PKEY_meth_remove
Fixes travis-ci failure in #4337
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4356)
Pauli [Thu, 14 Sep 2017 00:05:22 +0000 (10:05 +1000)]
Ensure that the requested memory size cannot exceed the limit imposed by a
size_t variable.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4357)
Pauli [Mon, 11 Sep 2017 23:18:17 +0000 (09:18 +1000)]
Manually revert "Ensure allocation size fits into size_t"
This reverts commit
cc9c56894606fdf324933cd8090d9a54d967bf5b for the file
pbe_scrypt.c instead of scrypt.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4357)
Pauli [Mon, 11 Sep 2017 23:13:12 +0000 (09:13 +1000)]
Revert "Reuse strndup(), simplify code"
This reverts commit
1caaea133873d549fa52fbf265298d2d35442477.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4357)
Pauli [Mon, 11 Sep 2017 23:13:00 +0000 (09:13 +1000)]
Revert "GH614: Use memcpy()/strdup() when possible"
This reverts commit
a89c9a0d855bce735116acfe147b24e386f566ba.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4357)
Benjamin Kaduk [Wed, 13 Sep 2017 19:42:51 +0000 (14:42 -0500)]
Fix typo in comment
The peek result is now called 'err', not just 'e'.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4362)
Paul Yang [Mon, 4 Sep 2017 14:02:59 +0000 (22:02 +0800)]
Support key check in EVP interface
A new method is added to EVP_PKEY_METH as:
int (*check) (EVP_PKEY_CTX *ctx);
and to EVP_PKEY_ASN1_METHOD as:
int (*pkey_check) (EVP_PKEY_CTX *ctx);
This is used to check the validity of a specific key.
The order of calls is:
EVP_PKEY_check -> pmeth.check -> ameth.pkey_check.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4337)
Rich Salz [Tue, 12 Sep 2017 13:03:40 +0000 (09:03 -0400)]
Always use $ as shell prompt in example
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4359)
Richard Levitte [Tue, 12 Sep 2017 06:02:02 +0000 (08:02 +0200)]
Document the recursive option
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4336)
Richard Levitte [Mon, 4 Sep 2017 13:42:01 +0000 (15:42 +0200)]
Add a recursive option to 'openssl storeutl'
Simply put, any NAME type OSS_STORE_INTO is a new object that can be
looked into, and potentially lead to a whole tree of data to dive
into. The recursive option allows someone to view the whole tree and
its data in one go.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4336)
Richard Levitte [Tue, 12 Sep 2017 05:47:05 +0000 (07:47 +0200)]
Disable the EGD seeding meachanism when stdio is disabled
crypto/rand/rand_egd.c makes extensive use of stdio functions. When
they are disabled, it makes sense to disable egd as well.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4358)
Andy Polyakov [Sun, 10 Sep 2017 19:43:48 +0000 (21:43 +0200)]
rsa/rsa_pmeth.c: recognize SHA3 as supported RSA digest.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Sun, 10 Sep 2017 19:42:43 +0000 (21:42 +0200)]
evp/m_sha3.c: wire SHA3 to rsaEncryption.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Sun, 10 Sep 2017 19:41:14 +0000 (21:41 +0200)]
objects/obj_xref.txt: cross-reference SHA3 and rsaEncryption.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Sun, 10 Sep 2017 19:38:32 +0000 (21:38 +0200)]
objects/objects.txt: fix RSA-SHA3-284 typo.
Reviewed-by: Richard Levitte <levitte@openssl.org>
multics [Sun, 10 Sep 2017 13:02:07 +0000 (21:02 +0800)]
Update rsautl.pod for typo
Fixes the typo
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4354)
FdaSilvaYY [Mon, 11 Sep 2017 03:33:37 +0000 (23:33 -0400)]
SSL Trace improvements
A fix formatting fixes.
SSL Trace: internal constification
- static trace tables
- trace methods arguments
SSL Trace: enhance error message when tracing an invalid extension packet
... instead of just "Message length parse error!".
SSL trace: add Maximum-Fragment-Length TLS extension log support
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4353)
Andy Polyakov [Fri, 8 Sep 2017 09:50:57 +0000 (11:50 +0200)]
sha/asm/keccak1600-armv8.pl: fix return value buglet and ...
... script data load.
On related note an attempt was made to merge rotations with logical
operations. I mean as we know, ARM ISA has merged rotate-n-logical
instructions which can be used here. And they were used to improve
keccak1600-armv4 performance. But not here. Even though this approach
resulted in improvement on Cortex-A53 proportional to reduction of
amount of instructions, ~8%, it didn't exactly worked out on
non-Cortex cores. Presumably because they break merged instructions
to separate μ-ops, which results in higher *operations* count. X-Gene
and Denver went ~20% slower and Apple A7 - 40%. The optimization was
therefore dismissed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
David Benjamin [Thu, 7 Sep 2017 22:53:05 +0000 (18:53 -0400)]
Introduce named constants for the ClientHello callback.
It is otherwise unclear what all the magic numbers mean.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4349)
David Benjamin [Thu, 7 Sep 2017 22:41:52 +0000 (18:41 -0400)]
Fix test documentation.
The instructions don't work.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4349)
David Benjamin [Thu, 7 Sep 2017 22:39:40 +0000 (18:39 -0400)]
Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb.
"Early callback" is a little ambiguous now that early data exists.
Perhaps "ClientHello callback"?
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4349)
Richard Levitte [Sat, 1 Jul 2017 10:39:51 +0000 (12:39 +0200)]
Add UI functions to set result with explicit length and to retrieve the length
This allows completely arbitrary passphrases to be entered, including
NUL bytes.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3821)
xemdetia [Tue, 18 Jul 2017 17:57:25 +0000 (13:57 -0400)]
Document default section and library configuration
It is talked around but not explicitly stated in one part of the
documentation that you should put library configuration lines at the
start of the configuration file.
CLA: trivial
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3959)
Matt Caswell [Mon, 4 Sep 2017 10:20:27 +0000 (11:20 +0100)]
Allow an endpoint to read the alert data before closing the socket
If an alert gets sent and then we close the connection immediately with
data still in the input buffer then a TCP-RST gets sent. Some OSs
immediately abandon data in their input buffer if a TCP-RST is received -
meaning the alert data itself gets ditched. Sending a TCP-FIN before the
TCP-RST seems to avoid this.
This was causing test failures in MSYS2 builds.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4333)
Rich Salz [Sun, 3 Sep 2017 15:33:34 +0000 (11:33 -0400)]
Fix error handling/cleanup
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4326)
Benjamin Kaduk [Thu, 7 Sep 2017 18:21:56 +0000 (13:21 -0500)]
Fix test_client_hello with no-tls1_2_method
The extensions not sent when TLS 1.2 is not used caused the message
length to be 109, which is less than the 127 threshold needed
to activate the F5 workaround. Add another 20 bytes of dummy ALPN
data do push it over the threshold.
Also, fix the definition of the (unused) local macro indicating
the threshold.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4346)
Benjamin Kaduk [Wed, 30 Aug 2017 19:57:27 +0000 (14:57 -0500)]
Restore historical behavior for absent ServerHello extensions
In OpenSSL 1.1.0, when there were no extensions added to the ServerHello,
we did not write the extension data length bytes to the end of the
ServerHello; this is needed for compatibility with old client implementations
that do not support TLS extensions (such as the default configuration of
OpenSSL 0.9.8). When ServerHello extension construction was converted
to the new extensions framework in commit
7da160b0f46d832dbf285cb0b48ae56d4a8b884d, this behavior was inadvertently
limited to cases when SSLv3 was negotiated (and similarly for ClientHellos),
presumably since extensions are not defined at all for SSLv3. However,
extensions for TLS prior to TLS 1.3 have been defined in separate
RFCs (6066, 4366, and 3546) from the TLS protocol specifications, and as such
should be considered an optional protocol feature in those cases.
Accordingly, be conservative in what we send, and skip the extensions block
when there are no extensions to be sent, regardless of the TLS/SSL version.
(TLS 1.3 requires extensions and can safely be treated differently.)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4296)
Rich Salz [Tue, 5 Sep 2017 21:21:38 +0000 (17:21 -0400)]
Add checks for alloc failing.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4341)
Alfred E. Heggestad [Wed, 6 Sep 2017 06:30:00 +0000 (08:30 +0200)]
add callback handler for setting DTLS timer interval
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4011)
Richard Levitte [Tue, 5 Sep 2017 10:42:58 +0000 (12:42 +0200)]
Fix OSSL_STORE's 'file' loader: make sure peekbuf is initialised
This quiets down complaints about the use of uninitialised memory
[extended tests]
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4340)
Matt Caswell [Mon, 4 Sep 2017 07:45:12 +0000 (08:45 +0100)]
Don't use ciphersuites for inflating the ClientHello in clienthellotest
clienthellotest tries to fill out the size of the ClientHello by adding
extra ciphersuites in order to test the padding extension. This is
unreliable because they are very dependent on configuration options. If we
add too much data the test will fail! We were already also adding some dummy
ALPN protocols to pad out the size, and it turns out that this is sufficient
just in itself, so drop the extra ciphersuites.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4331)
Matt Caswell [Mon, 4 Sep 2017 07:44:02 +0000 (08:44 +0100)]
Don't attempt to add a zero length padding extension
The padding extension should always be at least 1 byte long
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4331)
Richard Levitte [Mon, 4 Sep 2017 10:47:12 +0000 (12:47 +0200)]
Fix 90-test_store.t: using config() requires OpenSSL::Test::Utils
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4332)
Pauli [Sun, 3 Sep 2017 20:38:16 +0000 (06:38 +1000)]
Fix an include location problem in the extrended tests.
[extended tests]
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4327)
Richard Levitte [Fri, 1 Sep 2017 20:42:49 +0000 (22:42 +0200)]
OSSL_STORE: Avoid testing with URIs on the mingw command line
Some URIs get "mistreated" (converted) by the MSYS run-time.
Unfortunately, avoiding this conversion doesn't help either.
http://www.mingw.org/wiki/Posix_path_conversion
Fixes #4314
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4322)
Rich Salz [Sat, 2 Sep 2017 20:12:12 +0000 (16:12 -0400)]
Fix doc-nits from previous commit
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4325)
Andy Polyakov [Thu, 31 Aug 2017 20:48:03 +0000 (22:48 +0200)]
config: get "stty technique" working again on MacOS X.
Addresses GH#2167.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4311)
Andy Polyakov [Fri, 1 Sep 2017 21:13:28 +0000 (23:13 +0200)]
test/run_tests.pl: don't use Module::Load::Conditional.
Ironically enough not all installations get Module::Load::Conditional
installed by default... [It's a bit half-hearted, because such
installations are likely to lack more stuffi that is needed, but
nevertheless, it proved to be helpful.]
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4323)
Rich Salz [Sat, 2 Sep 2017 13:35:50 +0000 (09:35 -0400)]
Less documentation for deprecated API
Deprecated functions are still documented.
Put HISTORY after SEE ALSO; add HISTORY to BN_zero
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3746)
Richard Levitte [Fri, 1 Sep 2017 20:15:13 +0000 (22:15 +0200)]
Fix OpenSSL::Test::Utils::config to actualy load the config data
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4319)
Benjamin Kaduk [Fri, 1 Sep 2017 17:37:05 +0000 (12:37 -0500)]
Fix long SNI lengths in test/handshake_helper.c
If the server_name extension is long enough to require two bytes to
hold the length of either field, the test suite would not decode
the length properly. Using the PACKET_ APIs would have avoided this,
but it was desired to avoid using private APIs in this part of the
test suite, to keep ourselves honest.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4318)
Benjamin Kaduk [Fri, 1 Sep 2017 14:22:49 +0000 (09:22 -0500)]
Fixup include path in ossl_shim test after e_os.h work
The include search path was not picking up files in the root of
the tree.
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4316)
Benjamin Kaduk [Tue, 29 Aug 2017 16:31:20 +0000 (11:31 -0500)]
Tighten up SSL_get1_supported_ciphers() docs
This function is really emulating what would happen in client mode,
and does not necessarily reflect what is usable for a server SSL.
Make this a bit more explicit, and do some wordsmithing while here.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4284)
Matt Caswell [Thu, 31 Aug 2017 08:39:26 +0000 (09:39 +0100)]
Fix Proxy where a timeout occurs waiting for both client and server
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4305)
Andy Polyakov [Wed, 30 Aug 2017 23:09:48 +0000 (01:09 +0200)]
crypto/cryptlib.c: mask more capability bits upon FXSR bit flip.
OPENSSL_ia32cap.pod discusses possibility to disable operations on
XMM register bank. This formally means that this flag has to be checked
in combination with other flags. But it customarily isn't. But instead
of chasing all the cases we can flip more bits together with FXSR one.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4303)
Andy Polyakov [Thu, 31 Aug 2017 21:24:30 +0000 (23:24 +0200)]
ssl/statem/extensions_clnt.c: fix return code buglet.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4297)
Andy Polyakov [Thu, 31 Aug 2017 21:23:00 +0000 (23:23 +0200)]
ssl/statem/*.c: address "enum mixed with another type" warnings.
This is actually not all warnings, only return values.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4297)
Pauli [Thu, 31 Aug 2017 22:50:03 +0000 (08:50 +1000)]
struct timeval include guards
Move struct timeval includes into e_os.h (where the Windows ones were).
Enaure that the include is guarded canonically.
Refer #4271
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4312)
Rich Salz [Wed, 30 Aug 2017 20:40:52 +0000 (16:40 -0400)]
Address feedback
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4294)
Rich Salz [Tue, 29 Aug 2017 19:24:17 +0000 (15:24 -0400)]
Add CRYPTO_thread_glock_new
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4294)
Pauli [Thu, 31 Aug 2017 22:56:54 +0000 (08:56 +1000)]
Fix potential null problem.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4313)
Rich Salz [Thu, 31 Aug 2017 22:27:06 +0000 (18:27 -0400)]
Avoid possible uninitialized variable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4307)
Richard Levitte [Thu, 31 Aug 2017 17:03:03 +0000 (19:03 +0200)]
OpenSSL::Test::__fixup_prg: don't check program existence
The program will fail to run if it doesn't exist anyway, no need to
check its existence here.
Fixes #4306
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4309)
Richard Levitte [Thu, 31 Aug 2017 09:35:25 +0000 (11:35 +0200)]
util/mkdef.pl: handle line terminators correctly
When parsing the header files, mkdef.pl didn't clear the line
terminator properly. In most cases, this didn't matter, but there
were moments when this caused parsing errors (such as CRLFs in certain
cases).
Fixes #4267
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4304)
Matt Caswell [Thu, 31 Aug 2017 13:32:51 +0000 (14:32 +0100)]
Various review fixes for PSK early_data support
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 17 Aug 2017 12:16:19 +0000 (13:16 +0100)]
Test for late client side detection of ALPN inconsistenties
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Wed, 16 Aug 2017 11:50:32 +0000 (12:50 +0100)]
Client side sanity check of ALPN after server has accepted early_data
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 3 Aug 2017 15:30:31 +0000 (16:30 +0100)]
Add some fixes for Travis failures
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 3 Aug 2017 14:06:57 +0000 (15:06 +0100)]
Add PSK early_data tests
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Tue, 1 Aug 2017 14:45:29 +0000 (15:45 +0100)]
Add server side sanity checks of SNI/ALPN for use with early_data
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Mon, 31 Jul 2017 10:42:48 +0000 (11:42 +0100)]
Make sure we save ALPN data in the session
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Fri, 21 Jul 2017 10:41:05 +0000 (11:41 +0100)]
Complain if we are writing early data but SNI or ALPN is incorrect
SNI and ALPN must be set to be consistent with the PSK. Otherwise this is
an error.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 3 Aug 2017 09:13:31 +0000 (10:13 +0100)]
Add functions for getting/setting SNI/ALPN info in SSL_SESSION
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Fri, 21 Jul 2017 10:40:28 +0000 (11:40 +0100)]
Show the error stack if there was an error writing early data in s_client
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Tue, 1 Aug 2017 14:46:29 +0000 (15:46 +0100)]
Update the tests for SNI changes
If there is no SNI in the session then s_client no longer sends the SNI
extension. Update the tests to take account of that
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Fri, 21 Jul 2017 10:39:01 +0000 (11:39 +0100)]
If no SNI has been explicitly set use the one from the session
If we have not decided on an SNI value yet, but we are attempting to reuse
a session, and SNI is set in that, then we should use that value by
default.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Wed, 19 Jul 2017 16:26:00 +0000 (17:26 +0100)]
Make sure we use the correct cipher when using the early_secret
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 13 Jul 2017 17:02:40 +0000 (18:02 +0100)]
Add HISTORY and SEE ALSO sections for the new TLSv1.3 PSK functions
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 13 Jul 2017 17:02:18 +0000 (18:02 +0100)]
Add documentation for SSL_SESSION_set_max_early_data()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 13 Jul 2017 13:07:34 +0000 (14:07 +0100)]
Add some PSK early_data tests
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Sat, 8 Jul 2017 10:42:55 +0000 (11:42 +0100)]
Add SSL_SESSION_set_max_early_data()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Wed, 5 Jul 2017 19:53:03 +0000 (20:53 +0100)]
Enable the ability to use an external PSK for sending early_data
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Zhu Qun-Ying [Wed, 30 Aug 2017 21:52:50 +0000 (14:52 -0700)]
Fixed address family test error for AF_UNIX in BIO_ADDR_make
CLA: trivial
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4298)
Pauli [Wed, 30 Aug 2017 22:59:10 +0000 (08:59 +1000)]
Add documentation for ARIA GCM modes.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4300)