Commit graph

21045 commits

Author SHA1 Message Date
Matt Caswell
3d85c7f408 Don't attempt to add a zero length padding extension
The padding extension should always be at least 1 byte long

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4331)
2017-09-04 15:15:30 +01:00
Richard Levitte
45fd6a59fa Fix 90-test_store.t: using config() requires OpenSSL::Test::Utils
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4332)
2017-09-04 12:52:32 +02:00
Pauli
21c7942140 Fix an include location problem in the extrended tests.
[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4327)
2017-09-04 06:38:16 +10:00
Richard Levitte
79120f46a2 OSSL_STORE: Avoid testing with URIs on the mingw command line
Some URIs get "mistreated" (converted) by the MSYS run-time.
Unfortunately, avoiding this conversion doesn't help either.

    http://www.mingw.org/wiki/Posix_path_conversion

Fixes #4314

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4322)
2017-09-03 10:21:01 +02:00
Rich Salz
02eca5c640 Fix doc-nits from previous commit
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4325)
2017-09-02 17:01:29 -04:00
Andy Polyakov
8a4460c240 config: get "stty technique" working again on MacOS X.
Addresses GH#2167.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4311)
2017-09-02 20:49:47 +02:00
Andy Polyakov
26810b5eaf test/run_tests.pl: don't use Module::Load::Conditional.
Ironically enough not all installations get Module::Load::Conditional
installed by default... [It's a bit half-hearted, because such
installations are likely to lack more stuffi that is needed, but
nevertheless, it proved to be helpful.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4323)
2017-09-02 20:20:51 +02:00
Rich Salz
b3696a55a5 Less documentation for deprecated API
Deprecated functions are still documented.
Put HISTORY after SEE ALSO; add HISTORY to BN_zero

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3746)
2017-09-02 09:35:50 -04:00
Richard Levitte
607f4d564f Fix OpenSSL::Test::Utils::config to actualy load the config data
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4319)
2017-09-01 22:52:30 +02:00
Benjamin Kaduk
c4604e9b97 Fix long SNI lengths in test/handshake_helper.c
If the server_name extension is long enough to require two bytes to
hold the length of either field, the test suite would not decode
the length properly.  Using the PACKET_ APIs would have avoided this,
but it was desired to avoid using private APIs in this part of the
test suite, to keep ourselves honest.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4318)
2017-09-01 12:44:58 -05:00
Benjamin Kaduk
de0dc006a5 Fixup include path in ossl_shim test after e_os.h work
The include search path was not picking up files in the root of
the tree.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4316)
2017-09-01 11:04:01 -05:00
Benjamin Kaduk
e65dfa471a Tighten up SSL_get1_supported_ciphers() docs
This function is really emulating what would happen in client mode,
and does not necessarily reflect what is usable for a server SSL.
Make this a bit more explicit, and do some wordsmithing while here.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4284)
2017-09-01 08:12:04 -05:00
Matt Caswell
4130016623 Fix Proxy where a timeout occurs waiting for both client and server
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4305)
2017-09-01 08:47:14 +01:00
Andy Polyakov
6e5a853bda crypto/cryptlib.c: mask more capability bits upon FXSR bit flip.
OPENSSL_ia32cap.pod discusses possibility to disable operations on
XMM register bank. This formally means that this flag has to be checked
in combination with other flags. But it customarily isn't. But instead
of chasing all the cases we can flip more bits together with FXSR one.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4303)
2017-09-01 08:48:32 +02:00
Andy Polyakov
89bc9cf682 ssl/statem/extensions_clnt.c: fix return code buglet.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4297)
2017-09-01 08:44:41 +02:00
Andy Polyakov
eb5fd03bb2 ssl/statem/*.c: address "enum mixed with another type" warnings.
This is actually not all warnings, only return values.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4297)
2017-09-01 08:43:45 +02:00
Pauli
4cff10dcbf struct timeval include guards
Move struct timeval includes into e_os.h (where the Windows ones were).
Enaure that the include is guarded canonically.

Refer #4271

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4312)
2017-09-01 09:55:43 +10:00
Rich Salz
75551e07bd Address feedback
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4294)
2017-08-31 19:42:03 -04:00
Rich Salz
ed6b2c7938 Add CRYPTO_thread_glock_new
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4294)
2017-08-31 19:42:03 -04:00
Pauli
3907872f72 Fix potential null problem.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4313)
2017-09-01 09:30:18 +10:00
Rich Salz
ccb76685e0 Avoid possible uninitialized variable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4307)
2017-08-31 18:27:06 -04:00
Richard Levitte
721614a2b2 OpenSSL::Test::__fixup_prg: don't check program existence
The program will fail to run if it doesn't exist anyway, no need to
check its existence here.

Fixes #4306

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4309)
2017-08-31 19:36:00 +02:00
Richard Levitte
e66b62b86e util/mkdef.pl: handle line terminators correctly
When parsing the header files, mkdef.pl didn't clear the line
terminator properly.  In most cases, this didn't matter, but there
were moments when this caused parsing errors (such as CRLFs in certain
cases).

Fixes #4267

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4304)
2017-08-31 19:20:30 +02:00
Matt Caswell
0ef2802165 Various review fixes for PSK early_data support
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:35 +01:00
Matt Caswell
57dee9bb68 Test for late client side detection of ALPN inconsistenties
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:35 +01:00
Matt Caswell
4be3a7c7aa Client side sanity check of ALPN after server has accepted early_data
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:35 +01:00
Matt Caswell
fff202e5f7 Add some fixes for Travis failures
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:35 +01:00
Matt Caswell
976e53232d Add PSK early_data tests
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:35 +01:00
Matt Caswell
630369d9ce Add server side sanity checks of SNI/ALPN for use with early_data
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:35 +01:00
Matt Caswell
ae8d7d994a Make sure we save ALPN data in the session
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:35 +01:00
Matt Caswell
ffc5bbaaee Complain if we are writing early data but SNI or ALPN is incorrect
SNI and ALPN must be set to be consistent with the PSK. Otherwise this is
an error.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:34 +01:00
Matt Caswell
67738645dc Add functions for getting/setting SNI/ALPN info in SSL_SESSION
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:34 +01:00
Matt Caswell
dd5b98c55a Show the error stack if there was an error writing early data in s_client
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:58 +01:00
Matt Caswell
db919b1e25 Update the tests for SNI changes
If there is no SNI in the session then s_client no longer sends the SNI
extension. Update the tests to take account of that

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:58 +01:00
Matt Caswell
c5de99a2d9 If no SNI has been explicitly set use the one from the session
If we have not decided on an SNI value yet, but we are attempting to reuse
a session, and SNI is set in that, then we should use that value by
default.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:58 +01:00
Matt Caswell
0871754499 Make sure we use the correct cipher when using the early_secret
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:58 +01:00
Matt Caswell
e105ae842f Add HISTORY and SEE ALSO sections for the new TLSv1.3 PSK functions
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:58 +01:00
Matt Caswell
e17e1df77e Add documentation for SSL_SESSION_set_max_early_data()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:58 +01:00
Matt Caswell
02a3ed5a95 Add some PSK early_data tests
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:58 +01:00
Matt Caswell
98e1d93454 Add SSL_SESSION_set_max_early_data()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:58 +01:00
Matt Caswell
add8d0e9e0 Enable the ability to use an external PSK for sending early_data
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:22 +01:00
Zhu Qun-Ying
177503752b Fixed address family test error for AF_UNIX in BIO_ADDR_make
CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4298)
2017-08-31 11:43:54 +02:00
Pauli
5859722c45 Add documentation for ARIA GCM modes.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4300)
2017-08-31 08:59:10 +10:00
Pauli
ea78d1ec2c Add ARIA as an alias for all ARIA based modes.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4300)
2017-08-31 08:40:11 +10:00
Paul Yang
50966bfa11 Introduce SSL_CIPHER_get_protocol_id
The returned ID matches with what IANA specifies (or goes on the
wire anyway, IANA notwithstanding).

Doc is added.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4107)
2017-08-30 14:01:13 -05:00
Paul Yang
22d1a340b6 Add two missing SSL_CIPHER_* functions
This is yet another 'code health' commit to respond to this round of code health
Tuesday

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4107)
2017-08-30 13:54:28 -05:00
Todd Short
e44d376180 Fix return value of ASN1_TIME_compare
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4264)
2017-08-30 11:24:02 -04:00
Andy Polyakov
54cf3b981a Configure: base compiler-specific decisions on pre-defines.
The commit subject is a bit misleading in sense that decisions affect
only gcc and gcc-alikes, like clang, recent icc...

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)
2017-08-30 15:03:47 +02:00
Andy Polyakov
e295d046dc Revert "Allow --strict-warnings with the icc compiler as well"
This reverts commit a610934c3b.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)
2017-08-30 15:02:39 +02:00
Jon Spillett
bc32673869 Implement Aria GCM/CCM Modes and TLS cipher suites
AEAD cipher mode implementation is based on that used for AES:

  https://tools.ietf.org/html/rfc5116

TLS GCM cipher suites as specified in:

  https://tools.ietf.org/html/rfc6209

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4287)
2017-08-30 12:33:53 +02:00