Commit graph

2095 commits

Author SHA1 Message Date
Matt Caswell
11ba87f2ff Ensure s_client sends an SNI extension by default
Enforcement of an SNI extension in the initial ClientHello is becoming
increasingly common (e.g. see GitHub issue #2580). This commit changes
s_client so that it adds SNI be default, unless explicitly told not to via
the new "-noservername" option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2614)
2017-04-27 11:43:55 +01:00
Rich Salz
c0452248ea Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.

Raise errors if empty or malformed files are read when loading certificates
and CRLs.

Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}

Refactor these two routines into one.

Bring the unit test for duplicate certificates up to date using the test
framework.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
2017-04-20 15:33:42 -04:00
Richard Levitte
e361a7b285 Add a note in CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Rich Salz
076fc55527 Make default_method mostly compile-time
Document thread-safety issues
Have RSA_null return NULL (always fails)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)
2017-04-07 12:19:46 -04:00
Andy Polyakov
74d9519a68 bio/b_print.c: recognize even 'j' format modifier.
'j' is specified as modifier for "greatest-width integer type", which in
practice means 64 bits on both 32- and 64-bit platforms. Since we rely
on __attribute__((__format__(__printf__,...))) to sanitize BIO_print
format, we can use it to denote [u]int64_t-s in platform-neutral manner.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3083)
2017-03-30 19:33:32 +02:00
Richard Levitte
1e53a9fd1a Add z modifier parsing to the BIO_printf et all format string
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-29 16:16:25 +02:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
FdaSilvaYY
a8cd439bf5 Spelling fixes
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066)
2017-03-28 16:16:49 -04:00
Richard Levitte
d1da335c55 Add EC_KEY_get0_engine()
Just as for DH, DSA and RSA, this gives the engine associated with the
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2960)
2017-03-15 15:03:11 +01:00
Pauli
b1d9be4db3 Add the presence of ARIA to the change log.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2926)
2017-03-14 07:26:44 +01:00
Richard Levitte
b1fa4031fe Document in CHANGES that config now recognises 64-bit mingw
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2917)
2017-03-13 13:20:55 +01:00
Andy Polyakov
36907eaef5 CHANGES: mention CFI annotations.
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-02 16:22:13 +01:00
Richard Levitte
5ea564f154 Code health: Quick note in changes and the OPENSSL_GLOBAL et al changes
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2785)
2017-02-28 20:23:07 +01:00
Richard Levitte
9d70ac97d9 Code cleanup: remove the VMS specific reimplementation of gmtime
This reimplementation was necessary before VMS C V7.1.  Since that's
the minimum version we support in this OpenSSL version, the
reimplementation is no longer needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2762)
2017-02-28 13:18:15 +01:00
Emilia Kasper
80770da39e X509 time: tighten validation per RFC 5280
- Reject fractional seconds
- Reject offsets
- Check that the date/time digits are in valid range.
- Add documentation for X509_cmp_time

GH issue 2620

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-02-24 17:37:08 +01:00
Matt Caswell
d4da1bb5ab Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-16 10:10:05 +00:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Matt Caswell
536454e53b Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-01-26 11:00:28 +00:00
Emilia Kasper
b3618f44a7 Test mac-then-encrypt
Verify that the encrypt-then-mac negotiation is handled
correctly. Additionally, when compiled with no-asm, this test ensures
coverage for the constant-time MAC copying code in
ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
well but it's nevertheless better to have an explicit handshake test
for mac-then-encrypt.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-11-28 12:23:36 +01:00
Richard Levitte
e72040c1dc Remove heartbeat support
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
2016-11-13 16:24:02 -05:00
Matt Caswell
6a69e8694a Update CHANGES and NEWS
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-10 13:04:11 +00:00
Matt Caswell
ce95f3b724 Add a CHANGES entry for the unrecognised record type change
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:22:48 +00:00
Rich Salz
42e22c7c4f Revert "Disable MDC2 by default."
This reverts commit ca1574cec2.
Not suitabled for a minor release as it breaks the ABI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-01 10:43:05 -04:00
Rich Salz
ca1574cec2 Disable MDC2 by default.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-31 15:06:06 -04:00
Richard Levitte
78ce90cb1a Backdated note in CHANGES about shared library names
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1767)
2016-10-25 20:33:21 +02:00
Richard Levitte
38be1ea855 Remove automatic RPATH - Add a CHANGES entry
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-13 02:21:51 +02:00
Matt Caswell
3133c2d306 Updates CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-26 10:24:37 +01:00
Matt Caswell
39c136cc53 Updates CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-22 09:27:45 +01:00
Richard Levitte
2e04d6cc9d Document the new SHA256 and SHA512 password generation options
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Matt Caswell
bbf73f84fc Remove note from CHANGES about EC DRBG
EC DRBG support was added in 7fdcb457 in 2011 and then later removed.
However the CHANGES entry for its original addition was left behind.
This just removes the spurious CHANGES entry.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-25 21:55:02 +01:00
Richard Levitte
156e34f21d Update CHANGES, NEWS, README and opensslv.h on master
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-25 19:07:17 +02:00
Andy Polyakov
eedb9db9af CHANGES: mention Windows UTF-8 opt-in option.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 12:00:45 +01:00
Rich Salz
ef28891bab Put DES into "not default" category.
Add CVE to CHANGES

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-08-24 14:05:52 +01:00
Rich Salz
d33726b92e To avoid SWEET32 attack, move 3DES to weak
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-24 14:05:52 +01:00
Dr. Stephen Henson
3d9a51f7ed update CHANGES
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:06 +01:00
klemens
5e93e5fc37 fixing too optimistic typo-fix
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-05 19:07:30 -04:00
klemens
6025001707 spelling fixes, just comments and readme.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-05 19:07:30 -04:00
Matt Caswell
c98740f8a6 Fix date in CHANGES
The release scripts expect to see the date "xx XXX xxxx" in CHANGES. At
some point the year got changed from xxxx to 2016. This changes it back.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 14:55:41 +01:00
Richard Levitte
b8f304f70d Change default directory for the .rnd file on Windows and VMS
The previous change for Windows wasn't quite right.  Corrected to use
%HOME%, %USERPROFILE% and %SYSTEMPROFILE%, in that order.

Also adding the default home for VMS, SYS$LOGIN:

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-20 11:06:40 +02:00
Matt Caswell
13c03c8d6d Change default directory for storing the .rnd file on Windows
Previously we would try %RANDFILE%, then %HOME% and finally "C:".
Unfortunately this often ends up being "C:" which the user may not
have write permission for.

Now we try %RANDFILE% first, and then the same set of environment vars
as GetTempFile() uses, i.e. %TMP%, then %TEMP%, %USERPROFILE% and
%SYSTEMROOT%. If all else fails we fall back to %HOME% and only then "C:".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-17 17:26:18 +01:00
Matt Caswell
cf3404fcc7 Change the return type of EVP_EncodeUpdate
Previously EVP_EncodeUpdate returned a void. However there are a couple
of error conditions that can occur. Therefore the return type has been
changed to an int, with 0 indicating error and 1 indicating success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-16 09:50:48 +01:00
Matt Caswell
5584f65a10 Deprecate the flags that switch off constant time
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
off the constant time implementation for RSA, DSA and DH have been made
no-ops and deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-06 11:09:06 +01:00
Rich Salz
0f91e1dff4 Fix some RAND bugs
RT2630 -- segfault for int overlow
RT2877 -- check return values in apps/rand
Update CHANGES file for previous "windows rand" changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 10:45:18 -04:00
Rich Salz
739a1eb196 Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxx
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK
Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE
Make lhash stuff opaque.
Use typedefs for function pointers; makes the code simpler.
Remove CHECKED_xxx macros.
Add documentation; remove old X509-oriented doc.
Add API-compat names for entire old API

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-20 10:48:29 -04:00
FdaSilvaYY
c5ebfcab71 Unify <TYPE>_up_ref methods signature and behaviour.
Add a status return value instead of void.
Add some sanity checks on reference counter value.
Update the docs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 10:17:33 +01:00
Richard Levitte
3ec8a1cfd8 Windows: When installing libraries and executables, install .pdb files as well
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-12 22:20:30 +02:00
Richard Levitte
d535e56526 Remove openssl.spec
While it seemed like a good idea to have this file once upon a time,
this kind of file belongs with the package maintainer rather than in
our source.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-12 16:49:07 +02:00
Richard Levitte
3dfcb6a0ec Add a case for 64-bit OS X in config
This makes it possible to just run ./config on a x86_64 machine with
no extra fuss.

RT#4356

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-12 10:54:25 +02:00
Dr. Stephen Henson
8fc06e8860 Update pkcs8 defaults.
Update pkcs8 utility to use 256 bit AES using SHA256 by default.

Update documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-11 20:36:10 +01:00
Andy Polyakov
c21c7830ac IRIX fixes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 08:44:51 +02:00
Rich Salz
191c0e2e87 Missing credit in CHANGES
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-09 08:56:35 -04:00
Rich Salz
4a8e9c22f4 Move 3DES from HIGH to MEDIUM
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-05 17:31:53 -04:00
FdaSilvaYY
d5e8679684 Fix spelling
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1021
2016-05-05 14:13:38 +02:00
Matt Caswell
6ac8377901 Update CHANGES and NEWS for the new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 13:17:34 +01:00
Richard Levitte
afce395cba Document the addition of OPENSSL_LOCAL_CONFIG_DIR
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-02 20:19:41 +02:00
Rich Salz
f0e0fd51fd Make many X509_xxx types opaque.
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-15 13:21:43 -04:00
Matt Caswell
ce942199db Make "shared" builds the default
In most cases we expect that people will be using shared libraries not
static ones, therefore we make that the default.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 22:23:12 +01:00
Matt Caswell
4f4d13b146 Add a CHANGES entry for removal of Configure options
Document removal of no-aes, no-hmac, no-rsa, no-sha and no-md5.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:28:17 +01:00
Matt Caswell
5eb8f71204 Add a CHANGES entry for the deprecated cleanup functions
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:34 +01:00
Emilia Kasper
b591470700 Adjust --strict-warnings builds in Travis
In Travis, do --strict-warnings on BUILDONLY configurations. This
ensures that the tests run even if --strict-warnings fail, and avoids
hiding unrelated test failures.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-10 01:50:16 +02:00
Matt Caswell
6a47c39175 Add CHANGES entry for DH and DH_METHOD opacity
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Richard Levitte
36297463a5 Update CHANGES with the new about RSA and RSA_METHOD
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-06 16:19:21 +02:00
Matt Caswell
3fe85096bd Added DSA opacity to CHANGES
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
eb47aae5d3 Add a CHANGES entry for opaque BIOs
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
dc110177de Remove the no-rijndael option
Rijndael is an old name for AES.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-21 14:40:05 +00:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Rich Salz
1fbab1dc6f Remove Netware and OS/2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 17:06:57 -04:00
Rich Salz
23d38992fc Remove ultrix/mips support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 15:29:15 -04:00
Richard Levitte
8e56a4227b Remove support for Borland C++
Borland C++ 4.5 is very old and our "support" for it is already
non-existent, we might as well remove it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-17 20:16:38 +01:00
Emilia Kasper
8a0333c979 Fix up CHANGES
- Remove duplicate entry
- Add author for SSL_CIPHER query functions
- Note HKDF support in CHANGES and NEWS

[ci skip]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-16 15:06:46 +01:00
Kurt Roeckx
208527a75d Review comments
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Matt Caswell
9b13e27c28 Update CHANGES and NEWS
Update the CHANGES and NEWS files with information about the recently added
AFALG engine and pipelining.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 15:31:22 +00:00
Matt Caswell
5818c2b839 Update CHANGES for the new threading API
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 12:41:39 +00:00
Todd Short
1316ca80f4 GH787: Fix ALPN
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:24:56 -05:00
Todd Short
3ec13237f0 Add cipher query functions
Add functions to determine authentication, key-exchange, FIPS and AEAD.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:19:15 -05:00
Todd Short
817cd0d52f GH787: Fix ALPN
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-08 09:03:05 -05:00
Emilia Kasper
a556f34220 Rework the default cipherlist.
- Always prefer forward-secure handshakes.
 - Consistently order ECDSA above RSA.
 - Next, always prefer AEADs to non-AEADs, irrespective of strength.
 - Within AEADs, prefer GCM > CHACHA > CCM for a given strength.
 - Prefer TLS v1.2 ciphers to legacy ciphers.
 - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default
   list to reduce ClientHello bloat.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 16:53:42 +01:00
Rob Percival
eb64a6c676 Documentation for new CT s_client flags
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:11 -05:00
Rich Salz
ddb4c0477a Changes to DEFAULT curves
Change the ECC default curve list to be this, in order: x25519, secp256r1,
secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, and brainpool512r1.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-04 09:50:49 -05:00
Matt Caswell
8b1a5af389 Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:04:06 +00:00
Emilia Kasper
062178678f Refactor ClientHello extension parsing
1) Simplify code with better PACKET methods.

2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.

3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.

4) Send an alert on ALPN protocol mismatch.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-03 13:53:26 +01:00
Matt Caswell
09375d12fb Updates to CHANGES and NEWS for 1.0.2 and 1.0.1 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-01 13:34:22 +00:00
Dr. Stephen Henson
7173624240 Add CHANGES entry for X25519
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-28 22:54:54 +00:00
FdaSilvaYY
b6453a68bb GH753: More spelling fix
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-27 10:58:16 -05:00
Matt Caswell
766579ec89 Remove Ubsec engine
The ubsec engine is now considered obsolete and therefore has been
removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 23:34:25 +00:00
Emilia Kasper
380f18ed5f CVE-2016-0798: avoid memory leak in SRP
The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.

Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.

Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.

In Apache, the seed directive is known as SSLSRPUnknownUserSeed.

To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.

Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-25 15:42:48 +01:00
Richard Levitte
45b71abe70 Fix a few typos
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:10:33 +01:00
Richard Levitte
9de9414878 Rewrite CHANGES to add some commentary about the "pic" option
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 14:38:31 +01:00
Richard Levitte
19ab579060 Use $disabled{"dynamic-engine"} internally
We were kinda sorta using a mix of $disabled{"static-engine" and
$disabled{"dynamic-engine"} in Configure.  Let's avoid confusion,
choose one of them and stick to it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 14:38:31 +01:00
Richard Levitte
380f047707 Document the last configuration changes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-21 00:34:34 +01:00
Rich Salz
dba3177745 Remove JPAKE
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-17 09:46:10 -05:00
Richard Levitte
3c65577f1a Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefix
INSTALL_PREFIX is a confusing name, as there's also --prefix.
Instead, tag along with the rest of the open source world and adopt
the Makefile variable DESTDIR to designate the desired staging
directory.

The Configure option --install_prefix is removed, the only way to
designate a staging directory is with the Makefile variable (this is
also implemented for VMS' descrip.mms et al).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-12 21:54:07 +01:00
Rich Salz
22e3dcb780 Remove TLS heartbeat, disable DTLS heartbeat
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:57:26 -05:00
Rich Salz
f3f1cf8444 Move to REF_DEBUG, for consistency.
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:40:32 -05:00
Matt Caswell
068f07fe75 Update CHANGES following init function renaming
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Richard Levitte
907d2c2f62 unified build system: add CHANGES & NEWS
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:41:43 +01:00
Matt Caswell
722cba2321 Add a CHANGES entry for auto-init and de-init
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
FdaSilvaYY
0d4fb84390 GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Matt Caswell
3edeb622ba Make DTLSv1_listen a first class function and change its type
The DTLSv1_listen function exposed details of the underlying BIO
abstraction and did not properly allow for IPv6. This commit changes the
"peer" argument to be a BIO_ADDR and makes it a first class function
(rather than a ctrl) to ensure proper type checking.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-05 19:12:18 +00:00
Richard Levitte
0f45c26f5a Refactoring BIO: Add a few lines in CHANGES & NEWS
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 20:38:48 +01:00
Emilia Kasper
ba2de73b18 RT4148
Accept leading 0-byte in PKCS1 type 1 padding. Internally, the byte is
stripped by BN_bn2bin but external callers may have other expectations.

Reviewed-by: Kurt Roeckx<kurt@openssl.org>
2016-02-03 18:30:23 +01:00
Emilia Kasper
dc5744cb78 RT3234: disable compression
CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression by
calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
the SSL_CONF library to configure compression. SSL_CONF continues to
work as before:

SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.

SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
no-op by default).

The command-line switch has changed from -no_comp to -comp.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-03 18:08:16 +01:00
Emilia Kasper
b698174493 constify PACKET
PACKET contents should be read-only. To achieve this, also
- constify two user callbacks
- constify BUF_reverse.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-01 16:21:57 +01:00
Rich Salz
94af0cd7f3 Move more BN internals to bn_lcl.h
There was an unused macro in ssl_locl.h that used an internal
type, so I removed it.
Move bio_st from bio.h to ossl_type.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-30 16:54:35 -05:00
Emilia Kasper
d8ca44ba41 Always DPURIFY
The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-29 16:33:13 +01:00
Matt Caswell
502bed22a9 CHANGES and NEWS updates for release
Add details about the latest issues fixed in the forthcoming release.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-28 14:41:19 +00:00
Rich Salz
3e9e810f2e Remove outdated legacy crypto options
Many options for supporting optimizations for legacy crypto on legacy
platforms have been removed.  This simplifies the source code and
does not really penalize anyone.
        DES_PTR (always on)
        DES_RISC1, DES_RISC2 (always off)
        DES_INT (always 'unsigned int')
        DES_UNROLL (always on)
        BF_PTR (always on) BF_PTR2 (removed)
        MD2_CHAR, MD2_LONG (always 'unsigned char')
        IDEA_SHORT, IDEA_LONG (always 'unsigned int')
        RC2_SHORT, RC2_LONG (always 'unsigned int')
        RC4_LONG (only int and char (for assembler) are supported)
        RC4_CHUNK (always long), RC_CHUNK_LL (removed)
        RC4_INDEX (always on)
And also make D_ENCRYPT macro more clear (@appro)

This is done in consultation with Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-27 19:05:50 -05:00
Richard Levitte
4f2eec60c2 Add some info in CHANGES about what's happening so far with Configure et al
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-25 19:11:09 +01:00
Richard Levitte
d74dfafd8b Refresh the thinking of --prefix and --openssldir
--prefix is now exclusively used for software and manual installation.
--openssldir is not exclusively used as a default location for certs,
keys and the default openssl.cnf.

This change is made to bring clarity, to have the two less
intertwined, and to be more compatible with the usual ways of software
installation.

Please change your habits and scripts to use --prefix rather than
--openssldir for installation location now.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-22 00:52:31 +01:00
Matt Caswell
a8eda4312d Remove the GOST engine
The GOST engine is now out of date and is removed by this commit. An up
to date GOST engine is now being maintained in an external repository.

See:
https://wiki.openssl.org/index.php/Binaries

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-19 22:29:32 +00:00
Rich Salz
87c00c93c4 Fix typo
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-15 11:41:27 -05:00
Benjamin Kaduk
0423f812dc Add a no-egd option to disable EGD-related code
The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-14 13:02:51 -05:00
Rich Salz
d10dac1187 Move Makefiles to Makefile.in
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-12 16:26:56 -05:00
Richard Levitte
d5b33a518f Correct a small typo in CHANGES
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-12 14:21:15 +01:00
Richard Levitte
a718c62758 Add notes in CHANGES and NEWS
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:58:29 +01:00
Rich Salz
baf245ec5f GH528: "cipher -v" output is confusing.
Fix the docs, and refactor some common code.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-11 18:54:49 -05:00
Viktor Dukhovni
59fd40d4e5 DANE CHANGES
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 22:00:14 -05:00
Viktor Dukhovni
98186eb4e4 Backwards-compatibility subject to OPENSSL_API_COMPAT
Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 20:53:18 -05:00
Rich Salz
bbd86bf542 mem functions cleanup
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
        (Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 15:14:18 -05:00
Viktor Dukhovni
4fa52141b0 Protocol version selection and negotiation rewrite
The protocol selection code is now consolidated in a few consecutive
short functions in a single file and is table driven.  Protocol-specific
constraints that influence negotiation are moved into the flags
field of the method structure.  The same protocol version constraints
are now applied in all code paths.  It is now much easier to add
new protocol versions without reworking the protocol selection
logic.

In the presence of "holes" in the list of enabled client protocols
we no longer select client protocols below the hole based on a
subset of the constraints and then fail shortly after when it is
found that these don't meet the remaining constraints (suiteb, FIPS,
security level, ...).  Ideally, with the new min/max controls users
will be less likely to create "holes" in the first place.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-01-02 10:49:06 -05:00
Kurt Roeckx
7946ab33ce Add support for minimum and maximum protocol version
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-02 10:47:52 -05:00
Rich Salz
2ab9687479 Remove GMP engine.
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-12-15 07:59:56 -05:00
Matt Caswell
8caab744f5 Fix s_server problem with no-ec
s_server was trying to set the ECDH curve when no-ec was defined. This also
highlighted the fact that the -no_ecdhe option to s_server is broken, and
doesn't make any sense any more (ECDHE is on by default and the only way it
can be disabled is through the cipherstring). Therefore this commit removes
the option.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-15 11:26:38 +00:00
Rich Salz
9e8b6f0427 Use SHA256 not MD5 as default digest.
(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-12 19:25:25 -05:00
Matt Caswell
1ee3b17fa0 Fix OCB link
The link to the OCB patent pdf changed, so the link in CHANGES needs to be
updated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 14:15:20 +00:00
Matt Caswell
7c31419693 Update CHANGES and NEWS for alpha release
Misc updates to the CHANGES and NEWS files ready for the alpha release.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:10:32 +00:00
Dr. Stephen Henson
5e03052560 add CHANGES and NEWS entry
Todo: update documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:20 +00:00
Richard Levitte
507db4c531 Add an entry in CHANGES
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Dr. Stephen Henson
5fa30720e4 Fix and update versions in CHANGES and NEWS
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-07 14:30:30 +00:00
Kurt Roeckx
361a119127 Remove support for all 40 and 56 bit ciphers.
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #364
2015-12-05 17:45:59 +01:00
Kurt Roeckx
fe6ef2472d Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-04 22:30:36 +01:00
Kurt Roeckx
6977e8ee4a Make SSL_{CTX}_set_tmp_ecdh() call SSL_{CTX_}set1_curves()
SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it.  On
the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but
only when SSL_{CTX_}set_ecdh_auto() was called to turn it on.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-04 22:25:11 +01:00
Kurt Roeckx
6f78b9e824 Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-04 22:22:31 +01:00
Rich Salz
e6390acac9 ex_data part 2: doc fixes and CRYPTO_free_ex_index.
Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-01 11:48:37 -05:00
Matt Caswell
05a6347fec Tweak async documentation based on feedback
Add some clarifications to the async documentation. Also changed
ASYNC_pause_job() so that it returns success if you are not within the
context of a job. This is so that engines can be used either asynchronously
or synchronously and can treat an error from ASYNC_pause_job() as a real
error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:35:19 +00:00
Matt Caswell
9c8dc051d0 Update CHANGES
Add a CHANGES entry for the new async code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Rich Salz
bf1605518a Rename RSA_eay_xxx to rsa_ossl_xxx
Final part of flushing out SSLEay API's.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-17 17:14:28 -05:00
Rich Salz
b0700d2c8d Replace "SSLeay" in API with OpenSSL
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 17:21:42 -04:00
Matt Caswell
f3ae986218 Remove the old state defines
Remove all the defines for the old state machines states. Mapping old to new
is probably going to cause more problems than it solves so it is probably
better to just remove them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:47 +00:00
Matt Caswell
5998e29035 Remove SSL_state and SSL_set_state
SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer
supported.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Matt Caswell
35bf6e0537 Change HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE
Rename the enum HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE to ensure there are
no namespace clashes, and convert it into a typedef.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Matt Caswell
264ab6b1cd Update CHANGES
Update the CHANGES file for the state machine rewrite

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Rich Salz
0e56b4b424 Move crypto/threads to demo/threads
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-26 16:36:01 -04:00
Matt Caswell
8b7080b0b7 Remove Obsolete engines
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 17:02:06 +01:00
Dr. Stephen Henson
272d917deb add CHANGES entry for embed
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 15:36:58 +01:00
Emilia Kasper
6f73d28c20 Remove EVP_CHECK_DES_KEY
Thanks to the OpenBSD community for bringing this to our attention.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-14 18:45:33 +02:00
Matt Caswell
c84f7f4a74 Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.

Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-30 19:15:06 +01:00
David Woodhouse
984d6c6052 Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>

   +Replace FILE BIO's with dummy ops that fail.
   +Include <stdio.h> for sscanf() even with no-stdio (since the declaration
    is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
    variable, since it can be larger than a 'long'. And we don't rely on the
    availability of strtoull().
   +Remove OPENSSL_stderr(); not used.
   +Make OPENSSL_showfatal() do nothing (currently without stdio there's
    nothing we can do).
   +Remove file-based functionality from ssl/. The function
    prototypes were already gone, but not the functions themselves.
   +Remove unviable conf functionality via SYS_UEFI
   +Add fallback definition of BUFSIZ.
   +Remove functions taking FILE * from header files.
   +Add missing DECLARE_PEM_write_fp_const
   +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
    so remove its prototype.
   +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
   +Eliminate SRP_VBASE_init() and supporting functions. Users will need to
    build the verifier manually instead.
   +Eliminate compiler warning for unused do_pk8pkey_fp().
   +Disable TEST_ENG_OPENSSL_PKEY.
   +Disable GOST engine as is uses [f]printf all over the place.
   +Eliminate compiler warning for unused send_fp_chars().

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-29 21:59:19 -04:00
Emilia Kasper
3cdd1e94b1 RT3757: base64 encoding bugs
Rewrite EVP_DecodeUpdate.

In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.

Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.

In addition, this appears to fix a possible two-byte oob read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2015-09-17 19:48:14 +02:00