Commit graph

18857 commits

Author SHA1 Message Date
Bernd Edlinger
38088ce993 Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert
- s == NULL can mean c is a new session *or* lh_insert was
  unable to create a hash entry.
- use lh_SSL_SESSION_retrieve to check for this error condition.
- If it happens simply remove the extra reference again.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2138)
2017-01-24 15:05:12 +01:00
ganesh
c2114afc16 RAND_egd_bytes: No need to check RAND_status on connection error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)
2017-01-24 14:39:20 +01:00
ganesh
3ed93c8633 Fixed the return code for RAND_egd_bytes.
According to the documentation, the return code should be -1 when
RAND_status does not return 1.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)
2017-01-24 14:39:20 +01:00
ganesh
1381684daf Fixed the return code of RAND_query_egd_bytes when connect fails.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)
2017-01-24 14:39:20 +01:00
Andy Polyakov
8f77fab824 Replace div-spoiler hack with simpler code
This comes from a comment in GH issue #1027. Andy wrote the code,
Rich made the PR.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2253)
2017-01-23 11:19:45 -05:00
Cory Benfield
2f5f49d146 Add documentation for the key logging callbacks
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1646)
2017-01-23 17:07:43 +01:00
Cory Benfield
6acdd3e531 Add tests for the key logging callbacks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1646)
2017-01-23 17:07:43 +01:00
Cory Benfield
2faa1b48fd Add support for key logging callbacks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1646)
2017-01-23 17:07:43 +01:00
Richard Levitte
ea24bb0ac5 Fix no-tls1_2
It seems that the ssl test 20-cert-select.conf dislikes the lack of TLSv1.2

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2268)
2017-01-23 17:02:35 +01:00
FdaSilvaYY
0db1fb3fc1 Fix use before assignment
it was getting the SerialNumber of a previous cert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2272)
2017-01-23 14:29:33 +00:00
Matt Caswell
dff70a2b73 Extend the test_ssl_new renegotiation tests to include client auth
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1982)
2017-01-23 14:04:44 +00:00
Matt Caswell
23573051a5 Stop server from expecting Certificate message when not requested
In a non client-auth renegotiation where the original handshake *was*
client auth, then the server will expect the client to send a Certificate
message anyway resulting in a connection failure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1982)
2017-01-23 14:04:44 +00:00
Matt Caswell
10305baf26 Stop client from sending Certificate message when not requested
In a non client-auth renegotiation where the original handshake *was*
client auth, then the client will send a Certificate message anyway
resulting in a connection failure.

Fixes #1920

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1982)
2017-01-23 14:04:44 +00:00
Matt Caswell
a03a9dbe2a Fix SSL_VERIFY_CLIENT_ONCE
The flag SSL_VERIFY_CLIENT_ONCE is documented as follows:

  B<Server mode:> only request a client certificate on the initial TLS/SSL
  handshake. Do not ask for a client certificate again in case of a
  renegotiation. This flag must be used together with SSL_VERIFY_PEER.

  B<Client mode:> ignored

But the implementation actually did nothing. After the server sends its
ServerKeyExchange message, the code was checking s->session->peer to see if
it is NULL. If it was set then it did not ask for another client
certificate. However s->session->peer will only be set in the event of a
resumption, but a ServerKeyExchange message is only sent in the event of a
full handshake (i.e. no resumption).

The documentation suggests that the original intention was for this to
have an effect on renegotiation, and resumption doesn't come into it.

The fix is to properly check for renegotiation, not whether there is already
a client certificate in the session.

As far as I can tell this has been broken for a *long* time.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1982)
2017-01-23 14:04:44 +00:00
Bernd Edlinger
a6fd7c1dbe fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2164)
2017-01-23 11:41:59 +01:00
Bernd Edlinger
57a19206b5 Check the exit code from the server process
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2205)
2017-01-23 11:30:21 +01:00
Andy Polyakov
9872238eb6 poly1305/poly1305_base2_44.c: clarify shift boundary condition.
Reviewed-by: Matt Caswell <matt@openssl.org>
2017-01-21 22:33:38 +01:00
Andy Polyakov
6f553edba8 ec/asm/ecp_nistz256-ppc64.pl: minor POWER8-specific optimization.
Up to 4% depending on benchmark.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-01-21 22:28:34 +01:00
Gaétan Njinang
037f2c3f48 'openssl passwd' command can now compute AIX MD5-based passwords hashes.
The difference between the AIX MD5 password algorithm and the standard MD5
password algorithm is that in AIX there is no magic string while in the
standard MD5 password algorithm the magic string is "$1$"

Documentation of '-aixmd5' option of 'openssl passwd' command is added.

1 test is added in test/recipes/20-test-passwd.t

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2251)
2017-01-21 10:44:23 -05:00
Richard Levitte
8a05c4d3b5 Fix DSA parameter generation control error
When setting the digest parameter for DSA parameter generation, the
signature MD was set instead of the parameter generation one.
Fortunately, that's also the one that was used for parameter
generation, but it ultimately meant the parameter generator MD and the
signature MD would always be the same.

Fixes github issue #2016

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2250)
2017-01-20 08:29:46 +01:00
Dr. Stephen Henson
062540cbc5 Add signing hash tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2235)
2017-01-20 01:16:31 +00:00
Dr. Stephen Henson
ee5b6a42be Add options to check TLS signing hashes
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2235)
2017-01-20 01:16:31 +00:00
Markus Triska
424baabdf5 correct 3 mistakes
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2257)
2017-01-19 12:45:04 -05:00
Rich Salz
4f326dd899 Skip ECDH tests for SSLv3
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1597)
2017-01-18 12:24:28 -05:00
Rich Salz
3e37351834 If client doesn't send curves list, don't assume all.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1597)
2017-01-18 12:24:28 -05:00
Dr. Stephen Henson
137096a7ea Defines and strings for special salt length values, add tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
2017-01-18 15:04:49 +00:00
Dr. Stephen Henson
3c441c2eb7 additional PSS tests for -1 and invalid salt length
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
2017-01-18 15:04:49 +00:00
Dr. Stephen Henson
79ebfc4681 Add support for -1, -2 salt lengths for PSS only keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
2017-01-18 15:04:49 +00:00
FdaSilvaYY
31a51151fc Clean dead macros and defines
... mostly related to some old discarded modules .

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)
2017-01-18 15:19:24 +01:00
FdaSilvaYY
2191dc846a Clean one unused variable, plus an useless one.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)
2017-01-18 15:19:24 +01:00
Markus Triska
1f164c6fad Correct reference to SSL_get_peer_cert_chain().
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2247)
2017-01-18 01:40:36 +01:00
EasySec
487d3a726a Fix list -disabled for blake2 alg
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2241)
2017-01-17 17:21:55 +01:00
xemdetia
ef3f621ed5 Fix man3 reference to CRYPTO_secure_used
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2238)
2017-01-16 16:33:39 -05:00
Kurt Roeckx
c4a6015091 Add missing braces.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2234
2017-01-16 04:50:12 +01:00
Kurt Roeckx
c2ce477f1f Fix undefined behaviour when printing the X509 and CRL version
Found by oss-fuzz

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2231
2017-01-15 22:21:08 +01:00
Kurt Roeckx
68d4bcfd06 Fix VC warnings about unary minus to an unsigned type.
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
2017-01-15 22:21:07 +01:00
Kurt Roeckx
244d7b288f Fix undefined behaviour when printing the X509 serial
Found by afl

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
2017-01-15 22:21:07 +01:00
Dr. Stephen Henson
a470f02360 Add client cert type tests
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)
2017-01-15 00:23:34 +00:00
Dr. Stephen Henson
edb8a5eb54 Add certificate selection tests.
Add certifcate selection tests: the certificate type is selected by cipher
string and signature algorithm.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)
2017-01-15 00:23:34 +00:00
Dr. Stephen Henson
7289ab49d1 add ECDSA test server certificate
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)
2017-01-15 00:23:33 +00:00
Dr. Stephen Henson
7f5f35af22 Add options to check certificate types.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)
2017-01-15 00:23:33 +00:00
Rich Salz
5071824321 Fix "failure rate" bugs
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2228)
2017-01-13 15:47:02 -05:00
Richard Levitte
37b8f1e21c Clarify what RUN_ONCE returns
RUN_ONCE really just returns 0 on failure or whatever the init
function returned.  By convention, however, the init function must
return 0 on failure and 1 on success.  This needed to be clarified.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2225)
2017-01-13 13:10:21 +01:00
Richard Levitte
d62210af2e Fix no-ocsp
The use of EXFLAG_SET requires the inclusion of openssl/x509v3.h.
openssl/ocsp.h does that, except when OCSP is disabled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2227)
2017-01-13 12:03:25 +01:00
Richard Levitte
37cbabbdb8 UI: Use RUN_ONCE differently
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)
2017-01-13 11:47:35 +01:00
Richard Levitte
7eb26c4936 UI: Ensure there will be no race condition when getting the UI_METHOD ex_data
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)
2017-01-13 11:47:35 +01:00
Rich Salz
3e5d9da5fc Make X509_Digest,others public
Also, if want SHA1 then use the pre-computed value if there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2223)
2017-01-12 16:39:41 -05:00
Rich Salz
d49661ced5 Rename file so "ls" works on 80 columns
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2221)
2017-01-12 15:40:40 -05:00
Rich Salz
a68d8c7b77 Add documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)
2017-01-12 14:04:41 -05:00
Rich Salz
f7edeced4d Add "random malloc failure" tooling
Still needs to be documented, somehow/somewhere.

The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc
should fail.  It's a set of fields separated by semicolons.  Each field
is a count and optional percentage (separated by @) which defaults to 100.
If count is zero then it lasts "forever."  For example: 100;@25 means the
first 100 allocations pass, then the rest have a 25% chance of failing
until the program exits or crashes.

If env var OPENSSL_MALLOC_FD parses as a positive integer, a record
of all malloc "shouldfail" tests is written to that file descriptor.
If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set
(platform specific), then a backtrace will be written to the descriptor
when a malloc fails.  This can be useful because a malloc may fail but
not be checked, and problems will only occur later.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)
2017-01-12 11:27:27 -05:00