oweals/openssl.git
8 years agoSSL tests: send some application data
Emilia Kasper [Thu, 11 Aug 2016 18:51:57 +0000 (20:51 +0200)]
SSL tests: send some application data

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd a "config" for verbosity and use it with Travis
Richard Levitte [Mon, 15 Aug 2016 16:46:39 +0000 (18:46 +0200)]
Add a "config" for verbosity and use it with Travis

Modify VMS config.com to match

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoMake "make" less verbose in Travis, except for the build only case
Richard Levitte [Mon, 15 Aug 2016 16:45:22 +0000 (18:45 +0200)]
Make "make" less verbose in Travis, except for the build only case

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoLimit reads in do_b2i_bio()
Dr. Stephen Henson [Mon, 15 Aug 2016 15:52:21 +0000 (16:52 +0100)]
Limit reads in do_b2i_bio()

Apply a limit to the maximum blob length which can be read in do_d2i_bio()
to avoid excessive allocation.

Thanks to Shi Lei for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoCheck for errors in a2d_ASN1_OBJECT()
Dr. Stephen Henson [Fri, 5 Aug 2016 13:33:03 +0000 (14:33 +0100)]
Check for errors in a2d_ASN1_OBJECT()

Check for error return in BN_div_word().

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoCheck for errors in BN_bn2dec()
Dr. Stephen Henson [Fri, 5 Aug 2016 13:26:03 +0000 (14:26 +0100)]
Check for errors in BN_bn2dec()

If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.

Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.

Thanks to Shi Lei for reporting this bug.

CVE-2016-2182

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoAvoid truncating the pointer on x32 platform.
Tomas Mraz [Mon, 15 Aug 2016 10:02:06 +0000 (12:02 +0200)]
Avoid truncating the pointer on x32 platform.

The 64 bit pointer must not be cast to 32bit unsigned long on
x32 platform.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoAdd a comment for the added cast with explanation.
Tomas Mraz [Wed, 10 Aug 2016 13:21:32 +0000 (15:21 +0200)]
Add a comment for the added cast with explanation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix af_alg engine failure on 32 bit architectures.
Tomas Mraz [Tue, 9 Aug 2016 10:50:13 +0000 (12:50 +0200)]
Fix af_alg engine failure on 32 bit architectures.

Add extra cast to unsigned long to avoid sign extension when
converting pointer to 64 bit data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoRemove a stray unneeded line in 70-test_sslrecords.t
Matt Caswell [Thu, 4 Aug 2016 10:31:57 +0000 (11:31 +0100)]
Remove a stray unneeded line in 70-test_sslrecords.t

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoAddress feedback on SSLv2 ClientHello processing
Matt Caswell [Wed, 3 Aug 2016 12:03:25 +0000 (13:03 +0100)]
Address feedback on SSLv2 ClientHello processing

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoAdd some SSLv2 ClientHello tests
Matt Caswell [Tue, 2 Aug 2016 16:24:54 +0000 (17:24 +0100)]
Add some SSLv2 ClientHello tests

Test that we handle a TLS ClientHello in an SSLv2 record correctly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoSend an alert if we get a non-initial record with the wrong version
Matt Caswell [Tue, 2 Aug 2016 16:43:32 +0000 (17:43 +0100)]
Send an alert if we get a non-initial record with the wrong version

If we receive a non-initial record but the version number isn't right then
we should send an alert.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoAddress feedback on SSLv2 ClientHello processing
Matt Caswell [Mon, 1 Aug 2016 16:15:13 +0000 (17:15 +0100)]
Address feedback on SSLv2 ClientHello processing

Feedback on the previous SSLv2 ClientHello processing fix was that it
breaks layering by reading init_num in the record layer. It also does not
detect if there was a previous non-fatal warning.

This is an alternative approach that directly tracks in the record layer
whether this is the first record.

GitHub Issue #1298

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoReplaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num
Rob Percival [Mon, 15 Aug 2016 15:46:22 +0000 (16:46 +0100)]
Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

8 years agoMake CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions
Rob Percival [Mon, 15 Aug 2016 13:47:02 +0000 (14:47 +0100)]
Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions

They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

8 years agoImproves CTLOG_STORE setters
Rob Percival [Fri, 5 Aug 2016 13:17:31 +0000 (14:17 +0100)]
Improves CTLOG_STORE setters

Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

8 years agoSkip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled
Richard Levitte [Mon, 15 Aug 2016 13:58:16 +0000 (15:58 +0200)]
Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix no-ec
Dr. Stephen Henson [Mon, 15 Aug 2016 13:07:33 +0000 (14:07 +0100)]
Fix no-ec

Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoNever return -1 from BN_exp
Jakub Zelenka [Sun, 14 Aug 2016 19:52:13 +0000 (20:52 +0100)]
Never return -1 from BN_exp

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1455)

8 years agoupdate CHANGES
Dr. Stephen Henson [Sat, 13 Aug 2016 12:49:17 +0000 (13:49 +0100)]
update CHANGES

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoadd documentation
Dr. Stephen Henson [Fri, 12 Aug 2016 16:27:11 +0000 (17:27 +0100)]
add documentation

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoPrint out names of other temp key algorithms.
Dr. Stephen Henson [Thu, 11 Aug 2016 15:37:00 +0000 (16:37 +0100)]
Print out names of other temp key algorithms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRemove old EC based X25519 code.
Dr. Stephen Henson [Thu, 11 Aug 2016 14:49:07 +0000 (15:49 +0100)]
Remove old EC based X25519 code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoModify TLS support for new X25519 API.
Dr. Stephen Henson [Thu, 11 Aug 2016 14:41:49 +0000 (15:41 +0100)]
Modify TLS support for new X25519 API.

When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd encoded points to other EC curves too.
Dr. Stephen Henson [Thu, 11 Aug 2016 14:38:37 +0000 (15:38 +0100)]
Add encoded points to other EC curves too.

Add encoded point ctrl support for other curves: this makes it possible
to handle X25519 and other EC curve point encoding in a similar way
for TLS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agomake update
Dr. Stephen Henson [Thu, 11 Aug 2016 14:49:57 +0000 (15:49 +0100)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd point ctrls to X25519
Dr. Stephen Henson [Wed, 10 Aug 2016 21:30:43 +0000 (22:30 +0100)]
Add point ctrls to X25519

Add ctrl operations to set or retrieve encoded point in
EVP_PKEY structures containing X25519 keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUpdate X25519 key format in evptests.txt
Dr. Stephen Henson [Wed, 10 Aug 2016 15:04:51 +0000 (16:04 +0100)]
Update X25519 key format in evptests.txt

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd X25519 methods to internal tables
Dr. Stephen Henson [Tue, 9 Aug 2016 20:58:55 +0000 (21:58 +0100)]
Add X25519 methods to internal tables

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoadd to build.info
Dr. Stephen Henson [Tue, 9 Aug 2016 19:25:12 +0000 (20:25 +0100)]
add to build.info

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agomake errors
Dr. Stephen Henson [Wed, 10 Aug 2016 15:27:22 +0000 (16:27 +0100)]
make errors

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoX25519 public key methods
Dr. Stephen Henson [Tue, 9 Aug 2016 19:23:04 +0000 (20:23 +0100)]
X25519 public key methods

Add X25519 methods to match current key format defined in
draft-ietf-curdle-pkix-02

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix type of ptr field.
Dr. Stephen Henson [Tue, 9 Aug 2016 19:53:37 +0000 (20:53 +0100)]
Fix type of ptr field.

Since "ptr" is used to handle arbitrary other types it should be
void *.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoUse OIDs from draft-ietf-curdle-pkix-02
Dr. Stephen Henson [Tue, 9 Aug 2016 10:40:48 +0000 (11:40 +0100)]
Use OIDs from draft-ietf-curdle-pkix-02

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoGH1446: Add SSL_SESSION_get0_cipher
Rich Salz [Fri, 12 Aug 2016 19:02:00 +0000 (15:02 -0400)]
GH1446: Add SSL_SESSION_get0_cipher

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451)

8 years agoCheck for bad filename in evp_test
Rich Salz [Fri, 12 Aug 2016 18:04:53 +0000 (14:04 -0400)]
Check for bad filename in evp_test

Thanks to Brian Carpter for reporting this.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
8 years agoUpdate documentation for DSA_SIG and ECDSA_SIG.
Dr. Stephen Henson [Mon, 8 Aug 2016 13:14:40 +0000 (14:14 +0100)]
Update documentation for DSA_SIG and ECDSA_SIG.

RT#4590

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agocrypto/sparcv9cap.c: add missing declaration.
Andy Polyakov [Thu, 11 Aug 2016 11:52:44 +0000 (13:52 +0200)]
crypto/sparcv9cap.c: add missing declaration.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agocrypto/ui/ui_openssl.c: let new-line through after query in Windows path.
Andy Polyakov [Mon, 1 Aug 2016 08:48:13 +0000 (10:48 +0200)]
crypto/ui/ui_openssl.c: let new-line through after query in Windows path.

Originally new-line was suppressed, because double new-line was
observed under wine. But it appears rather to be a wine bug,
because on real Windows new-line is much needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agocrypto/sparcv9cap.c: fix overstep in getisax.
Andy Polyakov [Thu, 4 Aug 2016 19:06:53 +0000 (21:06 +0200)]
crypto/sparcv9cap.c: fix overstep in getisax.

Problem was introduced in 299ccadcdb99001c618d188fb243c1caaaa86a1c
as future extension, i.e. at this point it wasn't an actual problem,
because uninitialized capability bit was not actually used.

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agosha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows.
Andy Polyakov [Sun, 31 Jul 2016 19:19:57 +0000 (21:19 +0200)]
sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows.

RT#4530

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoFix doc and help about ca -valid option
FdaSilvaYY [Wed, 10 Aug 2016 16:18:33 +0000 (18:18 +0200)]
Fix doc and help about ca -valid option

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoDon't attempt to load the CT log list with no-ec
Emilia Kasper [Wed, 10 Aug 2016 16:36:47 +0000 (18:36 +0200)]
Don't attempt to load the CT log list with no-ec

In practice, CT isn't really functional without EC anyway, as most logs
use EC keys. So, skip loading the log list with no-ec, and skip CT tests
completely in that conf.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFixed typo
jamercee [Thu, 4 Aug 2016 21:04:32 +0000 (17:04 -0400)]
Fixed typo

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)

8 years agoDocumented BIO_set_accept_port()/BIO_get_accept_port()
JimC [Thu, 4 Aug 2016 10:53:02 +0000 (06:53 -0400)]
Documented BIO_set_accept_port()/BIO_get_accept_port()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)

8 years agoAdapt BIO_new_accept() to call BIO_set_accept_name()
jamercee [Wed, 3 Aug 2016 15:31:46 +0000 (11:31 -0400)]
Adapt BIO_new_accept() to call BIO_set_accept_name()

Commit 417be66 broken BIO_new_accept() by changing the definition of the
macro BIO_set_accept_port() which stopped acpt_ctrl() from calling
BIO_parse_hostserv(). This commit completes the series of changes
initiated in 417be66.

Updated pods to reflect new definition introduced by 417be66.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)

8 years agoChange callers to use the new constants.
Rich Salz [Tue, 9 Aug 2016 02:12:28 +0000 (22:12 -0400)]
Change callers to use the new constants.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)

8 years agoAdd #defines for magic numbers in API.
Rich Salz [Mon, 8 Aug 2016 19:25:16 +0000 (15:25 -0400)]
Add #defines for magic numbers in API.

Binary- and backward-compatible.  Just better.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)

8 years agoFix spelling of error code
Kurt Roeckx [Sat, 6 Aug 2016 15:03:15 +0000 (17:03 +0200)]
Fix spelling of error code

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1421)

8 years agoAdd some const casts
Rich Salz [Thu, 4 Aug 2016 20:50:19 +0000 (16:50 -0400)]
Add some const casts

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1397)

8 years agoGH1383: Add casts to ERR_PACK
Rich Salz [Wed, 10 Aug 2016 13:45:36 +0000 (09:45 -0400)]
GH1383: Add casts to ERR_PACK

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1385

8 years agoGracefully free a NULL HANDSHAKE_RESULT
Emilia Kasper [Tue, 9 Aug 2016 15:08:59 +0000 (17:08 +0200)]
Gracefully free a NULL HANDSHAKE_RESULT

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd TEST_check
Emilia Kasper [Tue, 9 Aug 2016 15:03:23 +0000 (17:03 +0200)]
Add TEST_check

Like OPENSSL_assert, but also prints the error stack before exiting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSSL tests: port CT tests, add a few more
Emilia Kasper [Tue, 9 Aug 2016 14:47:26 +0000 (16:47 +0200)]
SSL tests: port CT tests, add a few more

This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
validation success, and this commit doesn't change that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoCT: fix documentation
Emilia Kasper [Tue, 9 Aug 2016 14:46:27 +0000 (16:46 +0200)]
CT: fix documentation

Make method names match reality

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSSL test ctx: fix tests
Emilia Kasper [Tue, 9 Aug 2016 12:55:33 +0000 (14:55 +0200)]
SSL test ctx: fix tests

Some failure tests were failing for the wrong reason after the CTX
refactoring. Update those tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoKill PACKET_starts() from bad_dtls_test
David Woodhouse [Sat, 6 Aug 2016 10:25:46 +0000 (11:25 +0100)]
Kill PACKET_starts() from bad_dtls_test

As discussed in PR#1409 it can be done differently.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix clienthellotest to use PACKET functions
David Woodhouse [Fri, 5 Aug 2016 13:58:32 +0000 (14:58 +0100)]
Fix clienthellotest to use PACKET functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix test of first of 255 CBC padding bytes.
Adam Langley [Mon, 8 Aug 2016 20:36:55 +0000 (13:36 -0700)]
Fix test of first of 255 CBC padding bytes.

Thanks to Peter Gijsels for pointing out that if a CBC record has 255
bytes of padding, the first was not being checked.

(This is an import of change 80842bdb from BoringSSL.)

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1431)

8 years agospeed.c: use size_t instead of int to match function signatures
Cristian Stoica [Tue, 2 Aug 2016 09:20:45 +0000 (12:20 +0300)]
speed.c: use size_t instead of int to match function signatures

Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1378)

8 years agoNPN and ALPN: test resumption
Emilia Kasper [Mon, 8 Aug 2016 12:42:08 +0000 (14:42 +0200)]
NPN and ALPN: test resumption

In NPN and ALPN, the protocol is renegotiated upon resumption. Test that
resumption picks up changes to the extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix ALPN tests when NPN is off
Emilia Kasper [Fri, 5 Aug 2016 15:17:00 +0000 (17:17 +0200)]
Fix ALPN tests when NPN is off

OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoReorganize SSL test structures
Emilia Kasper [Thu, 21 Jul 2016 14:29:48 +0000 (16:29 +0200)]
Reorganize SSL test structures

Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".

This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".

This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.

Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoFix CIPHER_DEBUG
JimC [Sat, 6 Aug 2016 10:22:04 +0000 (06:22 -0400)]
Fix CIPHER_DEBUG

Commit 3eb2aff renamed a field of ssl_cipher_st from algorithm_ssl -> min_tls but neglected to update the fprintf reference which is included by -DCIPHER_DEBUG

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1417)

8 years agoAdd a note about a perl issue on VMS and how to work around it
Richard Levitte [Sat, 6 Aug 2016 09:30:48 +0000 (11:30 +0200)]
Add a note about a perl issue on VMS and how to work around it

I bug in perl's File::Spec->canonpath() was uncovered.  There's
nothing we can do about it (except re-implementing canonpath()),
except working around the problem (a directory rename) and reporting
the issue to the perl module developers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoFix irregularities in GENERAL_NAME_print().
Tomas Mraz [Fri, 5 Aug 2016 07:33:30 +0000 (09:33 +0200)]
Fix irregularities in GENERAL_NAME_print().

Add colon when printing Registered ID.
Remove extra space when printing DirName.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1401)

8 years agoMkae CT_log_new_from_base64 always return 0 on failure
Rob Percival [Sat, 6 Aug 2016 01:27:12 +0000 (21:27 -0400)]
Mkae CT_log_new_from_base64 always return 0 on failure

In one failure case, it used to return -1. That failure case
(CTLOG_new() returning NULL) was not usefully distinct from all of the
other failure cases.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1407)

8 years agofixing too optimistic typo-fix
klemens [Fri, 5 Aug 2016 19:36:29 +0000 (21:36 +0200)]
fixing too optimistic typo-fix

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)

8 years agospelling fixes, just comments and readme.
klemens [Fri, 5 Aug 2016 17:56:58 +0000 (19:56 +0200)]
spelling fixes, just comments and readme.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)

8 years agoRemoves CTLOG_new_null from the CT public API
Rob Percival [Thu, 4 Aug 2016 17:48:48 +0000 (18:48 +0100)]
Removes CTLOG_new_null from the CT public API

This is an entirely useless function, given that CTLOG is publicly
immutable.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1406)

8 years agoopenssl-format-source: A few more (DECLARE|IMPLEMENT) variants to care for
Richard Levitte [Fri, 5 Aug 2016 19:35:32 +0000 (21:35 +0200)]
openssl-format-source: A few more (DECLARE|IMPLEMENT) variants to care for

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoThe capi engine uses stdio, so don't build it when configuring 'no-stdio'
Richard Levitte [Fri, 5 Aug 2016 10:54:57 +0000 (12:54 +0200)]
The capi engine uses stdio, so don't build it when configuring 'no-stdio'

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRemove OPENSSL_NO_STDIO guards around certain SSL cert/key functions
Richard Levitte [Thu, 4 Aug 2016 23:54:27 +0000 (01:54 +0200)]
Remove OPENSSL_NO_STDIO guards around certain SSL cert/key functions

These functions are:

    SSL_use_certificate_file
    SSL_use_RSAPrivateKey_file
    SSL_use_PrivateKey_file
    SSL_CTX_use_certificate_file
    SSL_CTX_use_RSAPrivateKey_file
    SSL_CTX_use_PrivateKey_file
    SSL_use_certificate_chain_file

Internally, they use BIO_s_file(), which is defined and implemented at
all times, even when OpenSSL is configured no-stdio.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agomake update
Richard Levitte [Fri, 5 Aug 2016 08:58:16 +0000 (10:58 +0200)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoutil/mkdef.pl: mark certain PEM function declarations with STDIO
Richard Levitte [Fri, 5 Aug 2016 08:57:47 +0000 (10:57 +0200)]
util/mkdef.pl: mark certain PEM function declarations with STDIO

The macros that produce PEM_write_FOO() andd PEM_read_FOO() only do so
unless 'no-stdio' has been configured.  mkdef.pl should mimic that by
marking those functions with the "STDIO" algo.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoTravis: add a build with no-stdio
Richard Levitte [Thu, 4 Aug 2016 22:48:44 +0000 (00:48 +0200)]
Travis: add a build with no-stdio

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMove the building of test/buildtest_*. to be done unconditionally
Richard Levitte [Thu, 4 Aug 2016 22:32:36 +0000 (00:32 +0200)]
Move the building of test/buildtest_*. to be done unconditionally

These were guarded by $disabled{tests}.  However, 'tests' is disabled
if we configure 'no-stdio', which means that we don't detect the lack
of OPENSSL_NO_STDIO guards in our public header files.  So we move the
generation and build of test/buildtest_*.c to be unconditional.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoSanity check input length in OPENSSL_uni2asc().
Dr. Stephen Henson [Fri, 5 Aug 2016 16:59:32 +0000 (17:59 +0100)]
Sanity check input length in OPENSSL_uni2asc().

Thanks to Hanno Böck for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoAdd --gcov-options '\-lp' to coverage
Emilia Kasper [Fri, 5 Aug 2016 09:33:48 +0000 (11:33 +0200)]
Add --gcov-options '\-lp' to coverage

Should result in more accurate header file coverage, see
https://github.com/eddyxu/cpp-coveralls/issues/54

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoAdd a coverage target
Emilia Kasper [Wed, 3 Aug 2016 13:29:21 +0000 (15:29 +0200)]
Add a coverage target

Run tests with coverage and report to coveralls.io

For simplicity, this currently only adds a single target in a
configuration that attempts to maximize coverage. The true CI coverage
from all the various builds may be a little larger.

The coverage run has the following configuration:
- no-asm: since we can't track asm coverage anyway, might as well measure the
  non-asm code coverage.
- Enable various disabled-by-default options:
  - rc5
  - md2
  - ec_nistp_64_gcc_128
  - ssl3
  - ssl3-method
  - weak-ssl-ciphers

Finally, observe that no-pic implies no-shared, and therefore running
both builds in the matrix is redundant.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
8 years agoFree buffer in a2i_ASN1_INTEGER() on error path.
Dr. Stephen Henson [Fri, 5 Aug 2016 15:06:36 +0000 (16:06 +0100)]
Free buffer in a2i_ASN1_INTEGER() on error path.

Thank to Shi Lei for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoMake update, etc.
Rich Salz [Fri, 5 Aug 2016 15:16:07 +0000 (11:16 -0400)]
Make update, etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoindent: add a couple of types we use in apps
Richard Levitte [Wed, 3 Aug 2016 20:03:50 +0000 (22:03 +0200)]
indent: add a couple of types we use in apps

Reviewed-by: Emilia Käsper <emilia@openssl.org>
8 years agoopenssl-format-source: no dash marker on *INDENT-(ON|OFF)* comments
Richard Levitte [Wed, 3 Aug 2016 17:49:32 +0000 (19:49 +0200)]
openssl-format-source: no dash marker on *INDENT-(ON|OFF)* comments

We mark small comments with a dash immediately following the starting /*.
However, *INDENT-(ON|OFF)* comments shouldn't be treated that way, or
indent will ignore them if we do.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoVMS: Fix building of bad_dtls_test
Richard Levitte [Fri, 5 Aug 2016 08:14:56 +0000 (10:14 +0200)]
VMS: Fix building of bad_dtls_test

Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years agoAdded appropriate OPENSSL_NO_STDIO to PKCS12 header
Dániel Bakai [Thu, 4 Aug 2016 11:00:48 +0000 (13:00 +0200)]
Added appropriate OPENSSL_NO_STDIO to PKCS12 header

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoAdd basic test for Cisco DTLS1_BAD_VER and record replay handling
David Woodhouse [Mon, 25 Jul 2016 13:31:43 +0000 (14:31 +0100)]
Add basic test for Cisco DTLS1_BAD_VER and record replay handling

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix ubsan 'left shift of negative value -1' error in satsub64be()
David Woodhouse [Tue, 2 Aug 2016 21:54:46 +0000 (22:54 +0100)]
Fix ubsan 'left shift of negative value -1' error in satsub64be()

Baroque, almost uncommented code triggers behaviour which is undefined
by the C standard. You might quite reasonably not care that the code was
broken on ones-complement machines, but if we support a ubsan build then
we need to at least pretend to care.

It looks like the special-case code for 64-bit big-endian is going to
behave differently (and wrongly) on wrap-around, because it treats the
values as signed. That seems wrong, and allows replay and other attacks.
Surely you need to renegotiate and start a new epoch rather than
wrapping around to sequence number zero again?

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoMake DTLS1_BAD_VER work with DTLS_client_method()
David Woodhouse [Mon, 25 Jul 2016 17:03:27 +0000 (18:03 +0100)]
Make DTLS1_BAD_VER work with DTLS_client_method()

DTLSv1_client_method() is deprecated, but it was the only way to obtain
DTLS1_BAD_VER support. The SSL_OP_CISCO_ANYCONNECT hack doesn't work with
DTLS_client_method(), and it's relatively non-trivial to make it work without
expanding the hack into lots of places.

So deprecate SSL_OP_CISCO_ANYCONNECT with DTLSv1_client_method(), and make
it work with SSL_CTX_set_{min,max}_proto_version(DTLS1_BAD_VER) instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix cipher support for DTLS1_BAD_VER
David Woodhouse [Fri, 8 Jul 2016 19:59:50 +0000 (20:59 +0100)]
Fix cipher support for DTLS1_BAD_VER

Commit 3eb2aff40 ("Add support for minimum and maximum protocol version
supported by a cipher") disabled all ciphers for DTLS1_BAD_VER.

That wasn't helpful. Give them back.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix DTLS_VERSION_xx() comparison macros for DTLS1_BAD_VER
David Woodhouse [Fri, 8 Jul 2016 19:56:38 +0000 (20:56 +0100)]
Fix DTLS_VERSION_xx() comparison macros for DTLS1_BAD_VER

DTLS version numbers are strange and backwards, except DTLS1_BAD_VER so
we have to make a special case for it.

This does leave us with a set of macros which will evaluate their arguments
more than once, but it's not a public-facing API and it's not like this is
the kind of thing where people will be using DTLS_VERSION_LE(x++, y) anyway.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix ossl_statem_client_max_message_size() for DTLS1_BAD_VER
David Woodhouse [Fri, 8 Jul 2016 19:47:42 +0000 (20:47 +0100)]
Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER

The Change Cipher Spec message in this ancient pre-standard version of DTLS
that Cisco are unfortunately still using in their products, is 3 bytes.

Allow it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoFix SSL_export_keying_material() for DTLS1_BAD_VER
David Woodhouse [Fri, 8 Jul 2016 19:46:07 +0000 (20:46 +0100)]
Fix SSL_export_keying_material() for DTLS1_BAD_VER

Commit d8e8590e ("Fix missing return value checks in SCTP") made the
DTLS handshake fail, even for non-SCTP connections, if
SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER.

Apply the trivial fix to make it succeed, since there's no real reason
why it shouldn't even though we never need it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
8 years agoWhen tr gets bracketed arguments, they need to be quoted
Richard Levitte [Thu, 4 Aug 2016 16:31:51 +0000 (18:31 +0200)]
When tr gets bracketed arguments, they need to be quoted

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoRemove some unused options from 10-main.conf
Benjamin Kaduk [Wed, 3 Aug 2016 20:07:55 +0000 (15:07 -0500)]
Remove some unused options from 10-main.conf

The options RC4_CHUNK_LL, DES_PTR, and BF_PTR were removed by Rich
in commit 3e9e810f2e047effb1056211794d2d12ec2b04e7 but were still
sticking around in a coupule configuration entries.

Since they're unused, remove them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1390)

8 years agoFix output text to avoid gratuitious git diff
Rich Salz [Thu, 4 Aug 2016 18:29:53 +0000 (14:29 -0400)]
Fix output text to avoid gratuitious git diff

Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years agoRemove get_hash completely
Rich Salz [Wed, 3 Aug 2016 19:24:57 +0000 (15:24 -0400)]
Remove get_hash completely

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1389)

8 years agoRemove "lockit" from internal error-hash function
Rich Salz [Wed, 3 Aug 2016 19:15:20 +0000 (15:15 -0400)]
Remove "lockit" from internal error-hash function

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1389)

8 years agoLimit status message sisze in ts_get_status_check
Dr. Stephen Henson [Tue, 2 Aug 2016 20:38:37 +0000 (21:38 +0100)]
Limit status message sisze in ts_get_status_check

Thanks to Shi Lei for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>