Commit graph

21943 commits

Author SHA1 Message Date
Matt Caswell
66d7de1634 Add an anti-replay mechanism
If the server is configured to allow early data then we check if the PSK
session presented by the client is available in the cache or not. If it
isn't then this may be a replay and we disallow it. If it is then we allow
it and remove the session from the cache. Note: the anti-replay protection
is not used for externally established PSKs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
2018-03-19 12:21:41 +00:00
Matt Caswell
f023ba2df8 Don't update the session cache when processing a client certificate in TLSv1.3
We should only update the session cache when we issue a NewSessionTicket.
These are issued automatically after processing a client certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
2018-03-19 12:21:17 +00:00
Matt Caswell
32305f8850 Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
Conceptually in TLSv1.3 there can be multiple sessions associated with a
single connection. Each NewSessionTicket issued can be considered a
separate session. We can end up issuing multiple NewSessionTickets on a
single connection at the moment (e.g. in a post-handshake auth scenario).
Each of those issued tickets should have the new_session_cb called, it
should go into the session cache separately and it should have a unique
id associated with it (so that they can be found individually in the
cache).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
2018-03-19 12:21:17 +00:00
JeffZhao
51cf8ba038 engines/asm/e_padlock*: add support for Zhaoxin's x86 platform
VIA and Shanghai United Investment Co.,Ltd. found Shanghai ZhaoXin,
which is a fabless x86 CPU IC design company. ZhaoXin has issued
ZX-C, ZX-D x86 processors, which have 'Shanghai' CPU vendor id.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5640)
2018-03-19 11:47:33 +01:00
Richard Levitte
ec4c389108 Clarify a couple of details around "make variables"
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5660)
2018-03-19 07:18:56 +01:00
Richard Levitte
00c8f1b05c Stop test/shlibloadtest.c from failing in a regression test
When doing a regression test, it's obvious that the version
test/shlibloadtest is built for will not be the same as the library
version.  So we change the test to check for assumed compatibility.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5619)
2018-03-19 07:08:51 +01:00
Richard Levitte
b4d46ad270 Add a simple method to run regression tests
This is only useful when building shared libraries.  This allows us to
run our tests against newer libraries when the time comes.  Simply do
this:

    OPENSSL_REGRESSION=/other/OpenSSL/build/tree make test

($OPENSSL_REGRESSION *must* be an absolute path)

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5619)
2018-03-19 07:08:51 +01:00
Andy Polyakov
97a479c6f8 NOTES.WIN: classify targets to "native" and "hosted" and restructure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5647)
2018-03-18 13:29:44 +01:00
Dr. Matthias St. Pierre
dd07e68b20 Fix miscellaneous typos in docs and source
- d2i_PKC8PrivateKey -> d2i_PKCS8PrivateKey
- bechmark -> benchmark
- ciperhsuite -> ciphersuite
- EncyptedPreMasterSecret -> EncryptedPreMasterSecret

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5570)
2018-03-17 18:24:03 +01:00
Richard Levitte
d597208c03 ts_RESP_sign: Don't try to use v2 signing when ESS digest isn't set
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5653)
2018-03-17 14:47:41 +01:00
Kurt Roeckx
311276ffe3 Return error when trying to use prediction resistance
There is a requirements of having access to a live entropy source
which we can't do with the default callbacks. If you need prediction
resistance you need to set up your own callbacks that follow the
requirements of NIST SP 800-90C.

Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402
2018-03-17 11:35:33 +01:00
Kurt Roeckx
eb238134e0 Propagate the request for prediction resistance to the get entropy call
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402
2018-03-17 11:35:33 +01:00
Bernd Edlinger
a080c3e816 Fix a memory leak in tls1_mac
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5650)
2018-03-17 08:25:25 +01:00
Bernd Edlinger
302d1697fe Fix a memory leak in n_ssl3_mac
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5648)
2018-03-17 08:23:43 +01:00
Bernd Edlinger
f96ff4e908 Fixed a crash in error handing of rand_drbg_new
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5646)
2018-03-17 08:19:41 +01:00
Bernd Edlinger
d288d7fc7b Fix error handling in b2i_dss and b2i_rsa
Fixes: #5567

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5624)
2018-03-17 08:15:31 +01:00
Dr. Matthias St. Pierre
31393fd906 RAND_DRBG: add a function for setting the default DRBG type and flags
This commit adds a new api RAND_DRBG_set_defaults() which sets the
default type and flags for new DRBG instances. See also #5576.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5632)
2018-03-16 18:31:30 +01:00
Richard Levitte
80f2787717 INSTALL: Add a note about backward compatibility and "make variables"
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)
2018-03-16 12:52:06 +01:00
Richard Levitte
f58461791d Configure: maintain compability with pre-"make variables" Configure
There were a few environment variables that we supported in earlier
Configure versions which got transfered to the %user table.  This
change makes sure that we still support them, by simply pre-populating
the corresponding %user entries with those environment values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)
2018-03-16 10:28:41 +01:00
Richard Levitte
ac6ae8a9fe Configure: Don't fail if there were "make variables" set in env
The original intent was that if someone had a "make variable" set in
any kind of way, be it as an environment variable or as an argument to
Configure, we wouldn't allow compiler or linker flags as arguments as
well.  That made both of these configurations equivalently impossible:

    ./Configure target CFLAGS=-foo -lextra

     CFLAGS=-foo ./Configure target -lextra

While this makes things look nice and consistent, real world use makes
this hard, as many projects where OpenSSL is a component also set
these variables for other components that use GNU autotools.

Therefore, we need to adapt our Configure accordingly.  By
consequence, the two Configure lines above will not be equivalent any
more:

    ./Configure target CFLAGS=-foo -lextra

This command line will still fail, because the "make variable" was
given as a command line argument.  This cannot be a mistake and is
therefore not allowed.

     CFLAGS=-foo ./Configure target -lextra

This command line will work, but because there is a linker flag as
a command line argument, the environment (i.e. CFLAGS) is ignored.
That isn't quite consistent with the previous command, but is the old
Configure behavior, before the support for "make variables" was added,
and is therefore the backward compatible behavior.

Fixes google/oss-fuzz#1244

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)
2018-03-16 10:27:36 +01:00
Richard Levitte
8ed5f09458 VMS C: reduce the dependency paths to be relative
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)
2018-03-16 09:33:54 +01:00
Richard Levitte
433e857214 Visual C: reduce the dependency paths to be relative
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)
2018-03-16 09:33:54 +01:00
Richard Levitte
17928cf9f9 util/add-depends.pl: add the possibility for debug printouts
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)
2018-03-16 09:33:53 +01:00
Richard Levitte
c39785d4e6 Move all dependency post-processing to util/add-depends.pl
In the end, it's more efficient to only have one perl instance (that
loads configdata.pm) dealing with dependency files than running one
(that still loads configdata.pm) for each such file.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)
2018-03-16 09:33:53 +01:00
Richard Levitte
ca1ed2904e VMS: add alias macros to avoid 31 character symbol name limit warning
Affected symbol names:

generate_stateless_cookie_callback
verify_stateless_cookie_callback

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5633)
2018-03-15 22:27:49 +01:00
Richard Levitte
ad3350a90b Windows makefile: don't use different looking variants of same cmd
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5635)
2018-03-15 22:21:18 +01:00
Dr. Matthias St. Pierre
6decf9436f Publish the RAND_DRBG API
Fixes #4403

This commit moves the internal header file "internal/rand.h" to
<openssl/rand_drbg.h>, making the RAND_DRBG API public.
The RAND_POOL API remains private, its function prototypes were
moved to "internal/rand_int.h" and converted to lowercase.

Documentation for the new API is work in progress on GitHub #5461.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5462)
2018-03-15 18:58:38 +01:00
Rich Salz
f297e4ecc3 Add code to run test, get malloc counts
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4528)
2018-03-15 10:51:17 -04:00
Richard Levitte
23be743286 util/postprocess-makedepend.pl: make an effort to collect dependencies
Instead of just working line by line, we collect all dependencies for
every target and print everything out at the end, with each target
getting a potentially long list of dependencies.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)
2018-03-15 15:21:52 +01:00
Richard Levitte
27c4490521 util/postprocess-makedepend.pl: For VC, don't include system headers
All dependencies that VC gives us are absolute paths, so we need to
check if some of them are within our source or build tree.  We do that
by comparing the start of each dependency with the absolute versions
of our source and build directories.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)
2018-03-15 15:21:52 +01:00
Richard Levitte
bbb9413b7e Streamline dependency generation
It seems that only gcc -MMD produces dependency files that are "sane"
for our needs.  For all other methods, some post processing is needed:

- 'makedepend' (Unix) insists that object files are located in the
  same spot as the source file.
- 'cl /Zs /showIncludes' (Visual C) has "Note: including file: " where
  we'd like to see the object.
- 'CC/DECC' (VMS) insists that the object file is located in the
  current directory, i.e. it strips away all directory information.

So far, we've managed this (except for the VMS case) with individual
uncommented perl command lines directly in the build file template.
We're now collecting these diverse hacks into one perl script that
takes an argument to tell what kind of input to expect and that
massages whatever it gets on STDIN and outputs the result on STDOUT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)
2018-03-15 15:21:52 +01:00
Matt Caswell
7731e619fb Fix no-chacha and no-poly1305
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5623)
2018-03-15 13:40:51 +00:00
Matt Caswell
01985122ae Fix a memory leak in the ca application
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)
2018-03-15 12:51:34 +00:00
Matt Caswell
5af88441f4 Allow multiple entries without a Subject even if unique_subject == yes
It is quite likely for there to be multiple certificates with empty
subjects, which are still distinct because of subjectAltName. Therefore
we allow multiple certificates with an empty Subject even if
unique_subject is set to yes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)
2018-03-15 12:51:34 +00:00
Matt Caswell
2cedf79474 Report a readable error on a duplicate cert in ca app
Commit 87e8feca (16 years ago!) introduced a bug where if we are
attempting to insert a cert with a duplicate subject name, and
duplicate subject names are not allowed (which is the default),
then we get an unhelpful error message back (error number 2). Prior
to that commit we got a helpful error message which displayed details
of the conflicting entry in the database.

That commit was itself attempting to fix a bug with the noemailDN option
where we were setting the subject field in the database too early
(before extensions had made any amendments to it).

This PR moves the check for a conflicting Subject name until after all
changes to the Subject have been made by extensions etc.

This also, co-incidentally fixes the ca crashing bug described in issue
5109.

Fixes #5109

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)
2018-03-15 12:51:34 +00:00
Matt Caswell
c845ff070d Revert "Don't allow an empty Subject when creating a Certificate"
This reverts commit e505f1e868.

Empty Subjects should be permissible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)
2018-03-15 12:51:34 +00:00
Matt Caswell
62e394de91 Revert "Don't crash on a missing Subject in index.txt"
This reverts commit 1e05c6d07f.

Empty subjects should be permissible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)
2018-03-15 12:51:34 +00:00
Matt Caswell
f929439f61 Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
e8f9f08f17 Add functions for setting the new EVP_PKEY_ASN1_METHOD functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
0bcc8ec9d3 Make sure all errors go on the stack in the EVP_PKEY_new*() functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
82dd65a2a7 Expand the 25519/448 overview man pages
Include more information about how to create keys for these algorithms.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
0f987bdab8 Add some test vectors for testing raw 448/25519 keys
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
4665244ce2 Add PrivateKeyRaw and PublicKeyRaw support to evp_test
Previously private and public keys had to be pem encoded to be read by
evp_test. This enables us to embed the raw private/public key values
in the test file. The algorithm has to support EVP_PKEY_new_private_key()
and EVP_PKEY_new_public_key() for this to work.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
d45a97f475 Add documentation for the newly added EVP_PKEY_new*() functions
Also adds some documentation for related existing functions/macros

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
9442c8d763 Update the tests to use the new EVP_PKEY_new_private_key() function
Also to use the new EVP_PKEY_new_CMAC_key()

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
b3831fbb0b Add the function EVP_PKEY_new_CMAC_key()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
2621c8479e Add support for setting raw private Poly1305 keys
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
5539c5d634 Add support for setting raw private SIPHASH keys
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
e32b52a27e Add support for setting raw private HMAC keys
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
cc8b15c7e1 Add support for setting raw private/public 25519/448 keys
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00