wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
19589 commits 20 branches 302 tags 153 MiB
Commit graph

19589 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Polyakov
ee6d9dfb39 test: add chacha_internal_test. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2017-03-07 10:56:07 +01:00
Pauli
bf580d5f30 Increase the password buffer size to APP_PASS_LEN. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2868)
 2017-03-07 10:12:05 +10:00
Richard Levitte
cadb015b02 Unix Makefile: Have manual generation use the same perl script as Windows and VMS 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2863)
 2017-03-06 21:38:19 +01:00
Richard Levitte
579a674533 util/process_docs.pl: make it possible to add a suffix to man docs 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2863)
 2017-03-06 21:38:19 +01:00
Matt Caswell
c1074ce096 Add a test to check that we correctly handle record overflows 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2861)
 2017-03-06 20:07:40 +00:00
Matt Caswell
4321969513 Tweak the TLSv1.3 record overflow limits 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2861)
 2017-03-06 20:07:40 +00:00
Kurt Roeckx
febb0afaef Fix double free in cookie generation. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2850
 2017-03-06 18:33:56 +01:00
Rich Salz
6556519ea0 Remove some duplicate manpage entries 
[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2860)
 2017-03-06 11:43:21 -05:00
Richard Levitte
44eb65ce20 Add documentation on platform specific checks 
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2851)
 2017-03-06 16:42:46 +01:00
Richard Levitte
d192a3aaeb Add a platform specific configuration checker 
For each platform, we may need to perform some basic checks to see
that available tools perform as we expect them.

For the moment, the added checkers test that Perl gives the expected
path format.  This should help MingW users to see if they run an
appropriate Perl implementation, for example.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2851)
 2017-03-06 16:42:46 +01:00
Rich Salz
697958313b Fix an endless loop in rsa_builtin_keygen. 
And add a test case.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2757)
 2017-03-06 09:54:17 -05:00
Matt Caswell
e498d95454 Fix no-ec 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2858)
 2017-03-06 10:40:18 +00:00
Matt Caswell
548d0153cc Fix a test failure with no-tls1_1 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2857)
 2017-03-06 10:34:42 +00:00
Matt Caswell
593a2aa3eb Fix no-psk 
Fixes #2847

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2856)
 2017-03-06 09:52:21 +00:00
Matt Caswell
e6941c7814 Don't call memcmp with a NULL pointer 
If early data is sent to a server, but ALPN is not used then memcmp is
called with a NULL pointer which is undefined behaviour.

Fixes #2841

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2845)
 2017-03-04 23:58:03 +00:00
Matt Caswell
ee7002266c Add a test for TLSv1.3 cookies 
We just check that if we insert a cookie into an HRR it gets echoed back
in the subsequent ClientHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2839)
 2017-03-04 23:39:00 +00:00
Matt Caswell
cfef5027bf Add basic TLSv1.3 cookie support 
We do not allow the generation of TLSv1.3 cookies. But if we receive one
in an HRR we will echo it back in the ClientHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2839)
 2017-03-04 23:32:39 +00:00
Andy Polyakov
6356716ac0 appveyor.yml: call upon cmd to redirect stderr. 
If stderr is not redirected an uncatchable exception is thrown.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2017-03-04 23:18:47 +01:00
Andy Polyakov
8b0d424240 apps/s_client.c: harden ldap_ExtendedResponse_parse. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2017-03-04 23:16:17 +01:00
Matt Caswell
312e9387fd Fix a memory leak on an error path 
A leak of an SSL_SESSION object can occur when decoding a psk extension on
an error path when using TLSv1.3

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2843)
 2017-03-04 16:20:13 +00:00
Matt Caswell
d08086645f Ensure we don't call memcpy with a NULL pointer 
Commit d5aa14dd simplified the bn_expand_internal() and BN_copy() functions.
Unfortunately it also removed some checks which are still required,
otherwise we call memcpy passing in NULL which is not allowed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2836)
 2017-03-03 23:49:24 +00:00
Dr. Stephen Henson
8336ca13b1 Update and add test 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
 2017-03-03 22:02:39 +00:00
Dr. Stephen Henson
5528d68f6d Set specific error is we have no valid signature algorithms set 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
 2017-03-03 22:02:39 +00:00
Dr. Stephen Henson
b0e9ab95dd Signature algorithm enhancement. 
Change tls12_sigalg_allowed() so it is passed a SIGALG_LOOKUP parameter,
this avoids multiple lookups.

When we copy signature algorithms return an error if no valid TLS message
signing algorithm is present. For TLS 1.3 this means we need at least one
signature algorithm other than RSA PKCS#1 or SHA1 both of which can only be
used to sign certificates and not TLS messages.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
 2017-03-03 22:02:39 +00:00
Dr. Stephen Henson
8f12296e23 Disallow zero length signature algorithms 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
 2017-03-03 21:58:33 +00:00
Dr. Stephen Henson
224b4e37c0 Don't allow DSA for TLS 1.3 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
 2017-03-03 21:58:33 +00:00
edelangh
dbaa069a5e use OSSLzu instead of lu format for size_t display 
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2660)
 2017-03-03 08:04:47 -05:00
Bernd Edlinger
d734582275 Reset executable bits on files where not needed. 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2835)
 2017-03-03 09:13:40 +01:00
Pauli
f2bcff43bc Update the cipher(1) documentation to explicitly state that the RSA cipher 
string means the same a kRSA.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2821)
 2017-03-02 19:26:47 -05:00
Rich Salz
332dc4fa5e sh_malloc & sh_free prototype change to match POSIX 
CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2823)
 2017-03-02 19:16:57 -05:00
Matt Caswell
42f50fdf8a Silence some more clang warnings 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2832)
 2017-03-03 00:05:57 +00:00
Matt Caswell
30d1bab146 Silence some clang warnings 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2831)
 2017-03-02 23:56:36 +00:00
Matt Caswell
83750d9b2b More early data documentation updates following feedback 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
cd9f7f624e Update the API documentation for the latest early data changes 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
09f2887482 Update early data API for writing to unauthenticated clients 
Change the early data API so that the server must use
SSL_write_early_data() to write to an unauthenticated client.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
0665b4edae Rename SSL_write_early() to SSL_write_early_data() 
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
f533fbd44a Rename SSL_read_early() to SSL_read_early_data() 
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
ef466accdc Updates to the early data documentation 
Following on from the latest API changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
ade1e88806 Updates to s_server and s_client for the latest early_data API changes 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
3eaa417095 Make SSL_write_early_finish() an internal only function 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
5f9820380f Add early_data tests 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
f7e393be47 Various fixes required to allow SSL_write/SSL_read during early data 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
d7f8783ff9 Enable the server to call SSL_write() without stopping the ability to call SSL_read_early() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
564547e482 Enable the client to call SSL_read() without stopping the ability to call SSL_write_early() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
4004ce5f6c Introduce a new early_data state in the state machine 
Also simplifies the state machine a bit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
bc908c679b Improve the early data sanity check in SSL_do_handshake() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
6437b802f1 Add documentation for the new s_client and s_server early_data options 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
0a5ece5bd2 Tighten sanity checks when calling early data functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
fd6c102520 Add documentation for the early data functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00
Matt Caswell
f5b519c416 Make SSL_get_early_data_status() take a const 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:16 +00:00