oweals/openssl.git
8 years agoUpdate the SSL_set_bio()/SSL_set0_rbio()/SSL_set0_wbio() docs
Matt Caswell [Fri, 22 Jul 2016 10:55:10 +0000 (11:55 +0100)]
Update the SSL_set_bio()/SSL_set0_rbio()/SSL_set0_wbio() docs

Update the documentation for the newly renamed and modified SSL_set0_rbio()
and SSL_set0_wbio() functions. State that they should be preferred over
SSL_set_bio(). Attempt to document the ownership rules for SSL_set_bio().

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSimplify and rename SSL_set_rbio() and SSL_set_wbio()
Matt Caswell [Thu, 21 Jul 2016 11:17:29 +0000 (12:17 +0100)]
Simplify and rename SSL_set_rbio() and SSL_set_wbio()

SSL_set_rbio() and SSL_set_wbio() are new functions in 1.1.0 and really
should be called SSL_set0_rbio() and SSL_set0_wbio(). The old
implementation was not consistent with what "set0" means though as there
were special cases around what happens if the rbio and wbio are the same.
We were only ever taking one reference on the BIO, and checking everywhere
whether the rbio and wbio are the same so as not to double free.

A better approach is to rename the functions to SSL_set0_rbio() and
SSL_set0_wbio(). If an existing BIO is present it is *always* freed
regardless of whether the rbio and wbio are the same or not. It is
therefore the callers responsibility to ensure that a reference is taken
for *each* usage, i.e. one for the rbio and one for the wbio.

The legacy function SSL_set_bio() takes both the rbio and wbio in one go
and sets them both. We can wrap up the old behaviour in the implementation
of that function, i.e. previously if the rbio and wbio are the same in the
call to this function then the caller only needed to ensure one reference
was passed. This behaviour is retained by internally upping the ref count.

This commit was inspired by BoringSSL commit f715c423224.

RT#4572

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd some SSL BIO tests
Matt Caswell [Thu, 21 Jul 2016 10:02:22 +0000 (11:02 +0100)]
Add some SSL BIO tests

This adds some simple SSL BIO tests that check for pushing and popping of
BIOs into the chain. These tests would have caught the bugs fixed in the
previous three commits, if combined with a crypto-mdebug build.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix BIO_pop for SSL BIOs
Matt Caswell [Thu, 21 Jul 2016 09:55:31 +0000 (10:55 +0100)]
Fix BIO_pop for SSL BIOs

The BIO_pop implementation assumes that the rbio still equals the next BIO
in the chain. While this would normally be the case, it is possible that it
could have been changed directly by the application. It also does not
properly cater for the scenario where the buffering BIO is still in place
for the write BIO.

Most of the existing BIO_pop code for SSL BIOs can be replaced by a single
call to SSL_set_bio(). This is equivalent to the existing code but
additionally handles the scenario where the rbio has been changed or the
buffering BIO is still in place.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix BIO_push ref counting for SSL BIO
Matt Caswell [Thu, 21 Jul 2016 09:48:12 +0000 (10:48 +0100)]
Fix BIO_push ref counting for SSL BIO

When pushing a BIO onto an SSL BIO we set the rbio and wbio for the SSL
object to be the BIO that has been pushed. Therefore we need to up the ref
count for that BIO. The existing code was uping the ref count on the wrong
BIO.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoDon't double free the write bio
Matt Caswell [Thu, 21 Jul 2016 09:28:24 +0000 (10:28 +0100)]
Don't double free the write bio

When setting the read bio we free up any old existing one. However this can
lead to a double free if the existing one is the same as the write bio.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd a test for SSL_set_bio()
Matt Caswell [Thu, 21 Jul 2016 14:06:13 +0000 (15:06 +0100)]
Add a test for SSL_set_bio()

The SSL_set_bio() function has some complicated ownership rules. This adds a
test to make sure it all works as expected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake the checks for an SSLv2 style record stricter
Matt Caswell [Fri, 22 Jul 2016 13:58:19 +0000 (14:58 +0100)]
Make the checks for an SSLv2 style record stricter

SSLv2 is no longer supported in 1.1.0, however we *do* still accept an SSLv2
style ClientHello, as long as we then subsequently negotiate a protocol
version >= SSLv3. The record format for SSLv2 style ClientHellos is quite
different to SSLv3+. We only accept this format in the first record of an
initial ClientHello. Previously we checked this by confirming
s->first_packet is set and s->server is true. However, this really only
tells us that we are dealing with an initial ClientHello, not that it is
the first record (s->first_packet is badly named...it really means this is
the first message). To check this is the first record of the initial
ClientHello we should also check that we've not received any data yet
(s->init_num == 0), and that we've not had any empty records.

GitHub Issue #1298

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoVarious doc fixes.
Rich Salz [Thu, 28 Jul 2016 21:00:05 +0000 (17:00 -0400)]
Various doc fixes.

Cannot nest B<> tags
Document "openssl speed" command.
Fix doc nits: missing NAME/SYNOPSIS stuff

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoAdd memory sanitizer config, and run on travis.
Emilia Kasper [Thu, 28 Jul 2016 18:24:28 +0000 (20:24 +0200)]
Add memory sanitizer config, and run on travis.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoNote cipher BIO write errors too.
Dr. Stephen Henson [Tue, 26 Jul 2016 19:22:49 +0000 (20:22 +0100)]
Note cipher BIO write errors too.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUse sk_CONF_VALUE_pop_free in do_ext_nconf error path.
David Benjamin [Tue, 26 Jul 2016 15:36:23 +0000 (11:36 -0400)]
Use sk_CONF_VALUE_pop_free in do_ext_nconf error path.

8605abf13523579ecab8b1f2a4bcb8354d94af79 fixed the nval leak, but it
used free instead of pop_free. nval owns its contents, so it should be
freed with pop_free. See the pop_free call a few lines down.

This is a no-op as, in this codepath, we must have nval == NULL or
sk_CONF_VALUE_num(nval) == 0. In those cases, free and pop_free are
identical. However, variables should be freed consistently.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1351)

8 years agoSkip non-existing files.
Kurt Roeckx [Sat, 16 Jul 2016 19:45:34 +0000 (21:45 +0200)]
Skip non-existing files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1324

8 years agoAdd Hurd shared extension
Kurt Roeckx [Sun, 24 Jul 2016 20:32:15 +0000 (22:32 +0200)]
Add Hurd shared extension

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1345

8 years agoRT4639: Typo when -DSSL_DEBUG
Jon Loeliger [Tue, 26 Jul 2016 16:48:20 +0000 (12:48 -0400)]
RT4639: Typo when -DSSL_DEBUG

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSet error if EVP_CipherUpdate fails.
Dr. Stephen Henson [Tue, 26 Jul 2016 15:51:49 +0000 (16:51 +0100)]
Set error if EVP_CipherUpdate fails.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoDeprecate X509_LU_FAIL, X509_LU_RETRY
Dr. Stephen Henson [Mon, 25 Jul 2016 15:57:49 +0000 (16:57 +0100)]
Deprecate X509_LU_FAIL, X509_LU_RETRY

Instead of X509_LU_FAIL, X509_LU_RETRY use 0/1 for return values.

RT#4577

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUse X509_LOOKUP_TYPE for lookup type consistently.
Dr. Stephen Henson [Mon, 25 Jul 2016 15:46:05 +0000 (16:46 +0100)]
Use X509_LOOKUP_TYPE for lookup type consistently.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMove X509_LU_RETRY, X509_LU_FAIL
Dr. Stephen Henson [Mon, 25 Jul 2016 13:58:07 +0000 (14:58 +0100)]
Move X509_LU_RETRY, X509_LU_FAIL

X509_LU_RETRY and X509_LU_FAIL are not X509_OBJECT types so don't include
them in the enum.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRemove current_method from X509_STORE_CTX
Dr. Stephen Henson [Mon, 25 Jul 2016 13:05:39 +0000 (14:05 +0100)]
Remove current_method from X509_STORE_CTX

Remove current_method: it was intended as a means of retrying
lookups bit it was never used. Now that X509_verify_cert() is
a "one shot" operation it can never work as intended.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUpdate the example in proxy_certificates.txt
Richard Levitte [Mon, 25 Jul 2016 16:55:28 +0000 (18:55 +0200)]
Update the example in proxy_certificates.txt

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoDiscard BIO_set(BIO* bio) method
FdaSilvaYY [Fri, 10 Jun 2016 21:28:44 +0000 (23:28 +0200)]
Discard BIO_set(BIO* bio) method

Simplify BIO init using OPENSSL_zalloc().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1261)

8 years agozero pad DHE public key in ServerKeyExchange message for interop
russor [Mon, 25 Jul 2016 17:30:13 +0000 (10:30 -0700)]
zero pad DHE public key in ServerKeyExchange message for interop

Some versions of the Microsoft TLS stack have problems when the DHE public key
is encoded with fewer bytes than the DHE prime.

There's some public acknowledgement of the bug at these links:

https://connect.microsoft.com/IE/feedback/details/1253526/tls-serverkeyexchange-with-1024-dhe-may-encode-dh-y-as-127-bytes-breaking-internet-explorer-11
https://connect.microsoft.com/IE/feedback/details/1104905/wininet-calculation-of-mac-in-tls-handshake-intermittently-fails-for-dhe-rsa-key-exchange

This encoding issue also causes the same errors with 2048-bit DHE, if the
public key is encoded in fewer than 256 bytes and includes the TLS stack on
Windows Phone 8.x.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1320)

8 years agoMake it possible for external code to set the certiciate proxy path length
Richard Levitte [Mon, 25 Jul 2016 15:02:56 +0000 (17:02 +0200)]
Make it possible for external code to set the certiciate proxy path length

This adds the functions X509_set_proxy_pathlen(), which sets the
internal pc path length cache for a given X509 structure, along with
X509_get_proxy_pathlen(), which retrieves it.

Along with the previously added X509_set_proxy_flag(), this provides
the tools needed to manipulate all the information cached on proxy
certificates, allowing external code to do what's necessary to have
them verified correctly by the libcrypto code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd X509_STORE lock and unlock functions
Richard Levitte [Thu, 7 Jul 2016 21:55:34 +0000 (23:55 +0200)]
Add X509_STORE lock and unlock functions

Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
store while they do their work.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agomake update
Richard Levitte [Wed, 20 Jul 2016 14:39:39 +0000 (16:39 +0200)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoDocument the X509_STORE and X509_STORE_CTX setters and getters
Richard Levitte [Sat, 23 Jul 2016 14:00:02 +0000 (16:00 +0200)]
Document the X509_STORE and X509_STORE_CTX setters and getters

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd setter and getter for X509_STORE's check_policy
Richard Levitte [Wed, 20 Jul 2016 14:23:34 +0000 (16:23 +0200)]
Add setter and getter for X509_STORE's check_policy

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd getters / setters for the X509_STORE_CTX and X509_STORE functions
Richard Levitte [Thu, 7 Jul 2016 21:22:45 +0000 (23:22 +0200)]
Add getters / setters for the X509_STORE_CTX and X509_STORE functions

We only add setters for X509_STORE function pointers except for the
verify callback function.  The thought is that the function pointers
in X509_STORE_CTX are a cache for the X509_STORE functions.
Therefore, it's preferable if the user makes the changes in X509_STORE
before X509_STORE_CTX_init is called, and otherwise use the verify
callback to override any results from OpenSSL's internal
calculations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRT4627: Doc patch: fix constant names
Steffen Nurpmeso [Mon, 25 Jul 2016 10:25:15 +0000 (12:25 +0200)]
RT4627: Doc patch: fix constant names

Reviewed-by: Matt Caswell <matt@openssl.org>
Signed-off-by: Rich Salz <rsalz@openssl.org>
8 years agoexplicit init
FdaSilvaYY [Thu, 14 Jul 2016 08:36:55 +0000 (10:36 +0200)]
explicit init

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)

8 years agoTypo and comment fix
FdaSilvaYY [Tue, 5 Jul 2016 19:22:18 +0000 (21:22 +0200)]
Typo and comment fix

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)

8 years agoUnused variable, and cleanups
FdaSilvaYY [Sat, 2 Jul 2016 12:08:37 +0000 (14:08 +0200)]
Unused variable, and cleanups

Break two long messages.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)

8 years agoUnused variable cleanup
FdaSilvaYY [Mon, 11 Jul 2016 17:46:08 +0000 (19:46 +0200)]
Unused variable cleanup

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)

8 years agoDiscard a dead option
FdaSilvaYY [Mon, 11 Jul 2016 17:45:40 +0000 (19:45 +0200)]
Discard a dead option

Old inactive inherited code, a code relic for sure.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)

8 years agoDiscard some unused typedefs
FdaSilvaYY [Mon, 11 Jul 2016 17:41:32 +0000 (19:41 +0200)]
Discard some unused typedefs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)

8 years agoConstify X509|X509_CRL|X509_REVOKED_get_ext
FdaSilvaYY [Sat, 9 Jul 2016 22:59:23 +0000 (00:59 +0200)]
Constify X509|X509_CRL|X509_REVOKED_get_ext

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify ... X509|X509_CRL|X509_REVOKED|_get_ext*()
FdaSilvaYY [Sat, 9 Jul 2016 22:37:58 +0000 (00:37 +0200)]
Constify ... X509|X509_CRL|X509_REVOKED|_get_ext*()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify ...
FdaSilvaYY [Fri, 8 Jul 2016 22:43:28 +0000 (00:43 +0200)]
Constify ...

X509_REVOKED_get0_extensions
X509_check_private_key

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...
FdaSilvaYY [Fri, 8 Jul 2016 22:08:40 +0000 (00:08 +0200)]
Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify i2s_ASN1_INTEGER, X509V3_get_d2i
FdaSilvaYY [Fri, 8 Jul 2016 22:08:03 +0000 (00:08 +0200)]
Constify i2s_ASN1_INTEGER, X509V3_get_d2i

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify input parameters of methods :
FdaSilvaYY [Thu, 7 Jul 2016 22:10:29 +0000 (00:10 +0200)]
Constify input parameters of methods :

 - X509_NAME_entry_count, X509_ATTRIBUTE_count
 - X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoEnforce and explicit some const casting
FdaSilvaYY [Thu, 7 Jul 2016 22:43:32 +0000 (00:43 +0200)]
Enforce and explicit some const casting

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.
FdaSilvaYY [Thu, 7 Jul 2016 22:37:43 +0000 (00:37 +0200)]
Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify ASN1_buf_print
FdaSilvaYY [Thu, 7 Jul 2016 22:43:15 +0000 (00:43 +0200)]
Constify ASN1_buf_print

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstr...
FdaSilvaYY [Sun, 3 Jul 2016 20:09:02 +0000 (22:09 +0200)]
Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co...

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify SXNET_add_id_*
FdaSilvaYY [Sun, 19 Jun 2016 16:32:47 +0000 (18:32 +0200)]
Constify SXNET_add_id_*

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify EC_KEY_*_oct2priv() input buffer
FdaSilvaYY [Sun, 19 Jun 2016 16:54:50 +0000 (18:54 +0200)]
Constify EC_KEY_*_oct2priv() input buffer

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify CMS_decrypt_set1_key input buffer
FdaSilvaYY [Sun, 19 Jun 2016 16:14:58 +0000 (18:14 +0200)]
Constify CMS_decrypt_set1_key input buffer

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoConstify engine/eng_cnf.c internal method.
FdaSilvaYY [Tue, 7 Jun 2016 21:37:03 +0000 (23:37 +0200)]
Constify engine/eng_cnf.c internal method.

simplify and reindent some related code.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)

8 years agoFix no-tls1_2
Matt Caswell [Fri, 22 Jul 2016 15:36:26 +0000 (16:36 +0100)]
Fix no-tls1_2

Misc fixes impacting no-tls1_2. Also fixes no-dtls1_2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix no-dtls*
Matt Caswell [Fri, 22 Jul 2016 15:19:23 +0000 (16:19 +0100)]
Fix no-dtls*

Also fixes some other options like no-dgram and no-sock.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix no-ct
Matt Caswell [Fri, 22 Jul 2016 14:49:03 +0000 (15:49 +0100)]
Fix no-ct

Ensure that we don't build/run the ct fuzzing code if no-ct is used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd EVP_ENCODE_CTX_copy
Jakub Zelenka [Sun, 24 Jul 2016 17:33:29 +0000 (18:33 +0100)]
Add EVP_ENCODE_CTX_copy

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1344)

8 years agoAdd missing X509_set_proxy_flag num
Jakub Zelenka [Sun, 24 Jul 2016 12:04:03 +0000 (13:04 +0100)]
Add missing X509_set_proxy_flag num

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1343)

8 years agoProperly initialise the internal proxy certificate path length cache
Richard Levitte [Sat, 23 Jul 2016 09:34:45 +0000 (11:34 +0200)]
Properly initialise the internal proxy certificate path length cache

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake it possible for external code to flag a certificate as a proxy one.
Richard Levitte [Fri, 22 Jul 2016 14:45:33 +0000 (16:45 +0200)]
Make it possible for external code to flag a certificate as a proxy one.

This adds the function X509_set_proxy_flag(), which sets the internal flag
EXFLAG_PROXY on a given X509 structure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoCorrect misspelt OPENSSL_NO_SRP
Richard Levitte [Fri, 22 Jul 2016 19:48:05 +0000 (21:48 +0200)]
Correct misspelt OPENSSL_NO_SRP

RT#4619

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUse newest CRL.
Dr. Stephen Henson [Fri, 22 Jul 2016 12:43:41 +0000 (13:43 +0100)]
Use newest CRL.

If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.

RT#4615

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSend alert for bad DH CKE
Dr. Stephen Henson [Fri, 22 Jul 2016 14:55:38 +0000 (15:55 +0100)]
Send alert for bad DH CKE

RT#4511

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix OOB read in TS_OBJ_print_bio().
Dr. Stephen Henson [Thu, 21 Jul 2016 14:24:16 +0000 (15:24 +0100)]
Fix OOB read in TS_OBJ_print_bio().

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoSSL tests: compress generated output a little
Emilia Kasper [Thu, 21 Jul 2016 17:19:07 +0000 (19:19 +0200)]
SSL tests: compress generated output a little

Don't emit duplicate server/client sections when they are
identical. Instead, just point to the same section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake boolean SSL test conf values case-insensitive
Emilia Kasper [Thu, 21 Jul 2016 14:32:07 +0000 (16:32 +0200)]
Make boolean SSL test conf values case-insensitive

Undo review mistake: I changed the wrong strcmp in a previous pull
request. Add test.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoClarify digest change in HMAC_Init_ex()
Dr. Stephen Henson [Tue, 19 Jul 2016 17:40:14 +0000 (18:40 +0100)]
Clarify digest change in HMAC_Init_ex()

RT#4603

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd mask for newly created symlink.
Dr. Stephen Henson [Fri, 22 Jul 2016 00:09:52 +0000 (01:09 +0100)]
Add mask for newly created symlink.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoCheck suffixes properly.
Dr. Stephen Henson [Fri, 22 Jul 2016 00:09:04 +0000 (01:09 +0100)]
Check suffixes properly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agouse correct name for duplicate
Dr. Stephen Henson [Thu, 21 Jul 2016 15:23:48 +0000 (16:23 +0100)]
use correct name for duplicate

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoHave load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result
Richard Levitte [Wed, 20 Jul 2016 15:52:35 +0000 (17:52 +0200)]
Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoVMS: Rearrange installation targets for shared libraries
Richard Levitte [Thu, 21 Jul 2016 10:33:23 +0000 (12:33 +0200)]
VMS: Rearrange installation targets for shared libraries

The way it was implemented before this change, the shared libraries
were installed twice.  On a file system that supports file
generations, that's a waste.  Slightly rearranging the install targets
solves the problem.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoTest client-side resumption
Emilia Kasper [Thu, 21 Jul 2016 12:04:00 +0000 (14:04 +0200)]
Test client-side resumption

Add tests for resuming with a different client version.

This happens in reality when clients persist sessions on disk through
upgrades.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd all publicly avaiable asn1 types to the asn1 fuzzer.
Kurt Roeckx [Sun, 17 Jul 2016 09:34:23 +0000 (11:34 +0200)]
Add all publicly avaiable asn1 types to the asn1 fuzzer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1331

8 years agoCast to an unsigned type before negating
Kurt Roeckx [Sun, 17 Jul 2016 13:28:09 +0000 (15:28 +0200)]
Cast to an unsigned type before negating

llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in type
'long'; cast to an unsigned type to negate this value to itself

Found using afl

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1325

8 years agoCheck for errors allocating the error strings.
Kurt Roeckx [Tue, 12 Jul 2016 13:50:06 +0000 (15:50 +0200)]
Check for errors allocating the error strings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330

8 years agoDon't allocate r/s in DSA_SIG and ECDSA_SIG
Dr. Stephen Henson [Tue, 19 Jul 2016 17:57:15 +0000 (18:57 +0100)]
Don't allocate r/s in DSA_SIG and ECDSA_SIG

To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().

RT#4590

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoInstall shared libraries in runtime install
Richard Levitte [Tue, 19 Jul 2016 11:24:57 +0000 (13:24 +0200)]
Install shared libraries in runtime install

On non-Windows platforms, shared libraries are both development and
runtime files.  We only installed them as development files, this
makes sure they get installed as runtime files as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoVMS: fix typo, shared libraries have the extension .EXE, not .OLB
Richard Levitte [Tue, 19 Jul 2016 11:24:26 +0000 (13:24 +0200)]
VMS: fix typo, shared libraries have the extension .EXE, not .OLB

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoNever expose ssl->bbio in the public API.
Matt Caswell [Fri, 17 Jun 2016 12:59:59 +0000 (13:59 +0100)]
Never expose ssl->bbio in the public API.

This is adapted from BoringSSL commit 2f87112b963.

This fixes a number of bugs where the existence of bbio was leaked in the
public API and broke things.

- SSL_get_wbio returned the bbio during the handshake. It must always return
  the BIO the consumer configured. In doing so, some internal accesses of
  SSL_get_wbio should be switched to ssl->wbio since those want to see bbio.

- The logic in SSL_set_rfd, etc. (which I doubt is quite right since
  SSL_set_bio's lifetime is unclear) would get confused once wbio got
  wrapped. Those want to compare to SSL_get_wbio.

- If SSL_set_bio was called mid-handshake, bbio would get disconnected and
  lose state. It forgets to reattach the bbio afterwards. Unfortunately,
  Conscrypt does this a lot. It just never ended up calling it at a point
  where the bbio would cause problems.

- Make more explicit the invariant that any bbio's which exist are always
  attached. Simplify a few things as part of that.

RT#4572

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoSSL test framework: port resumption tests
Emilia Kasper [Tue, 5 Jul 2016 17:06:23 +0000 (19:06 +0200)]
SSL test framework: port resumption tests

Systematically test every server-side version downgrade or upgrade.

Client version upgrade or downgrade could be tested analogously but will
be done in a later change.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agofix crypto-mdebug build
Dr. Stephen Henson [Wed, 20 Jul 2016 01:57:23 +0000 (02:57 +0100)]
fix crypto-mdebug build

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix if/for/while( in docs
FdaSilvaYY [Tue, 28 Jun 2016 22:19:46 +0000 (00:19 +0200)]
Fix if/for/while( in docs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)

8 years agoFix a few if(, for(, while( inside code.
FdaSilvaYY [Tue, 28 Jun 2016 22:18:50 +0000 (00:18 +0200)]
Fix a few if(, for(, while( inside code.

Fix some indentation at the same time

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)

8 years agoRemove reduntant X509_STORE_CTX_set_verify_cb declaration
Hannes Magnusson [Tue, 12 Jul 2016 21:33:25 +0000 (14:33 -0700)]
Remove reduntant X509_STORE_CTX_set_verify_cb declaration

f0e0fd51fd8307f6eae64862ad9aaea113f1177a added X509_STORE_CTX_set_verify_cb
with a typedef'd argument, making the original one redundant.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoSimplify buffer limit checking, and reuse BIO_snprintf returned value.
FdaSilvaYY [Tue, 5 Jul 2016 17:48:23 +0000 (19:48 +0200)]
Simplify buffer limit checking, and reuse BIO_snprintf returned value.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoCode factorisation and simplification
FdaSilvaYY [Thu, 19 May 2016 06:39:47 +0000 (08:39 +0200)]
Code factorisation and simplification

Fix some code indentation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoFix double calls to strlen
FdaSilvaYY [Mon, 9 May 2016 16:42:58 +0000 (18:42 +0200)]
Fix double calls to strlen

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoSimplify code related to tmp_email_dn.
FdaSilvaYY [Sun, 29 May 2016 22:30:52 +0000 (00:30 +0200)]
Simplify code related to tmp_email_dn.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoUse more X509_REQ_get0_pubkey & X509_get0_pubkey
FdaSilvaYY [Wed, 6 Apr 2016 22:20:11 +0000 (00:20 +0200)]
Use more X509_REQ_get0_pubkey & X509_get0_pubkey

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)

8 years agoOCSP_request_add0_id() inconsistent error return
Todd Short [Tue, 5 Jul 2016 13:59:29 +0000 (09:59 -0400)]
OCSP_request_add0_id() inconsistent error return

There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed

This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289)

8 years agoSanity check in ssl_get_algorithm2().
Dr. Stephen Henson [Tue, 19 Jul 2016 15:03:10 +0000 (16:03 +0100)]
Sanity check in ssl_get_algorithm2().

RT#4600

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSend alert on CKE error.
Dr. Stephen Henson [Tue, 19 Jul 2016 15:53:26 +0000 (16:53 +0100)]
Send alert on CKE error.

RT#4610

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoResolve over command syntax error which causes 'make install' to fail
Coty Sutherland [Thu, 14 Jul 2016 12:52:52 +0000 (08:52 -0400)]
Resolve over command syntax error which causes 'make install' to fail

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1312)

8 years agoDocument the slight change in CRYPTO_mem_ctrl()
Richard Levitte [Tue, 19 Jul 2016 19:48:52 +0000 (21:48 +0200)]
Document the slight change in CRYPTO_mem_ctrl()

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoDocument the slight change in ERR_get_next_error_library()
Richard Levitte [Tue, 19 Jul 2016 19:33:02 +0000 (21:33 +0200)]
Document the slight change in ERR_get_next_error_library()

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agomake update
Richard Levitte [Tue, 19 Jul 2016 19:01:11 +0000 (21:01 +0200)]
make update

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoChange all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
Richard Levitte [Tue, 19 Jul 2016 17:42:11 +0000 (19:42 +0200)]
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead

That way, we have a way to check if the init function was successful
or not.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoDefine a few internal macros for easy use of run_once functions
Richard Levitte [Tue, 19 Jul 2016 17:38:57 +0000 (19:38 +0200)]
Define a few internal macros for easy use of run_once functions

Because pthread_once() takes a function taking no argument and
returning nothing, and we want to be able to check if they're
successful, we define a few internal macros to get around the issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoRT4593: Add space after comma (doc nits)
Rich Salz [Tue, 19 Jul 2016 13:27:53 +0000 (09:27 -0400)]
RT4593: Add space after comma (doc nits)

Update find-doc-nits to find errors in SYNOPSIS (the most common
place where they were missing).

Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix forgotten goto
Richard Levitte [Tue, 19 Jul 2016 13:20:00 +0000 (15:20 +0200)]
Fix forgotten goto

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix building with no-cms
Matt Caswell [Mon, 18 Jul 2016 19:59:30 +0000 (20:59 +0100)]
Fix building with no-cms

The new fuzzing code broke no-cms

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoConvert the last uses of sockaddr in apps/* to use BIO_ADDR instead
Richard Levitte [Tue, 19 Jul 2016 11:52:26 +0000 (13:52 +0200)]
Convert the last uses of sockaddr in apps/* to use BIO_ADDR instead

Reviewed-by: Matt Caswell <matt@openssl.org>