Commit graph

18147 commits

Author SHA1 Message Date
David Woodhouse
542dd9c587 Add unit test for ssl_cipher_get_overhead()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-02 14:00:11 +00:00
David Woodhouse
045bd04706 Add DTLS_get_data_mtu() function
We add ssl_cipher_get_overhead() as an internal function, to avoid
having too much ciphersuite-specific knowledge in DTLS_get_data_mtu()
itself. It's going to need adjustment for TLSv1.3... but then again, so
is fairly much *all* of the SSL_CIPHER handling. This bit is in the noise.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-02 14:00:10 +00:00
Matt Caswell
ca0b75ade0 Fix some style issues in ossltest
Based on feedback received

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:28:21 +00:00
Matt Caswell
837e591d42 Enable TLSProxy to talk TLS1.3
Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in
TLSProxy

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:28:21 +00:00
Matt Caswell
aad22ba2c6 Make sure ossltest engine works with TLS1.3
This might need more changes once we do a "real" TLS1.3 ciphersuite. But it
should do for now.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:12:11 +00:00
Matt Caswell
2abacef13a Convert a big "if" into a "switch"
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Matt Caswell
84a6833658 Update Configure to know about tls1_3
Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is
because this is a WIP and will not be interoperable with any other TLS1.3
implementation.

Finally, we fix some tests that started failing when TLS1.3 was disabled by
default.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Matt Caswell
0ced42e050 Use ciphersuite id when matching if we've got one
When matching a ciphersuite if we are given an id, make sure we use it
otherwise we will match another ciphersuite which is identical except for
the TLS version.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Matt Caswell
582a17d662 Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Emilia Kasper
ffd3d0ef34 TEST_check macro: don't end with semi
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 11:34:25 +01:00
Richard Levitte
5e28b1c1e0 Secure our notification email.
Forks will have to define their own

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1821)
2016-11-02 01:58:59 +01:00
Todd Short
b50052dbe8 Add SSL_CTX_set1_cert_store()
For convenience, combine getting a new ref for the new SSL_CTX
with assigning the store and freeing the old one.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1755)
2016-11-01 15:39:57 -04:00
Mike Aizatsky
ba7407002d [fuzzers] do not fail fuzzers with empty input
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1788
2016-11-01 19:24:55 +01:00
Benjamin Kaduk
e4d94269a5 Fix grammar-o in CONTRIBUTING
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1625)
2016-11-01 12:32:11 -04:00
Rich Salz
42e22c7c4f Revert "Disable MDC2 by default."
This reverts commit ca1574cec2.
Not suitabled for a minor release as it breaks the ABI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-01 10:43:05 -04:00
Richard Levitte
f46661de78 HPUX: Add the forgotten $(DSTDIR) when linking DSOs
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1802)
2016-11-01 00:51:03 +01:00
Richard Levitte
ebca7961a6 Unix Makefile: Some sed implementation truncate long lines. Use perl instead.
Fixes #1781

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1813)
2016-10-31 23:18:24 +01:00
Andy Polyakov
4b90430148 sha/keccak1600.c: add couple of soft asserts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-31 22:18:07 +01:00
Rich Salz
ca1574cec2 Disable MDC2 by default.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-31 15:06:06 -04:00
Richard Levitte
be1f481211 Mark VC templates correctly.
VC-noCE-common and VC-WIN64-common were missing this line:

        template         => 1,

Fixes GH#1809

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1811)
2016-10-31 16:59:31 +01:00
Benjamin Kaduk
4e3973b457 Try to unify BIO read/write parameter names
After the recent reworking, not everything matched up, and some
comments didn't catch up to the outl-->dlen and inl-->dlen renames
that happened during the development of the recent patches.

Try to make parameter names consistent across header, implementation,
and manual pages.

Also remove some trailing whitespace that was inadvertently introduced.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1798)
2016-10-29 00:56:52 +02:00
Benjamin Kaduk
b509b6d787 Wordsmith INSTALL
Make it clear that the OPENSSL_LOCAL_CONFIG_DIR settings take
precedence over the in-tree configs.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1798)
2016-10-29 00:56:38 +02:00
Matt Caswell
f7970f303f Fix stdio build following BIO size_t work
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
d62bf89cbb Fix more shadowed variable warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
7bf79e33c9 Fix some feedback issues for BIO size_t-ify
Rename some parameters; add some error codes; fix a comment; etc

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
fbba62f6c9 Add some sanity checks for BIO_read* and BIO_gets
Make sure the return value isn't bigger than the buffer len

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
42c6046064 More parameter naming of BIO_read*/BIO_write* related functions
Based on feedback received.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
f42fd819d6 Tweaks based on review feedback of BIO size_t work
Rename some parameters.
Also change handling of buffer sizes >INT_MAX in length.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
bb5310bed5 Ensure that BIO_read_ex() and BIO_write_ex() only return 0 or 1
They should return 0 for a failure (retryable or not), and 1 for a success.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
7f5f01cf53 Read up to INT_MAX when calling legacy BIO_read() implementations
In converting a new style BIO_read() call into an old one, read
as much data as we can (INT_MAX), if the size of the buffer is
>INT_MAX.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
ac0edec108 Fix a shadowed variable declaration warning
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
47263ace13 Fix some bogus uninit variable warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
b055fceb9b Document the new BIO functions introduced as part of the size_t work
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
98e553d2ce Ensure all BIO functions call the new style callback
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
3befffa39d Create BIO_write_ex() which handles size_t arguments
Also extend BIO_METHOD to be able to supply an implementation for the new
BIO_write_ex function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
d07aee2c7a Create BIO_read_ex() which handles size_t arguments
Also extend BIO_METHOD to be able to supply an implementation for the new
BIO_read function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
229bd12487 Fix a double free in ca command line
Providing a spkac file with no default section causes a double free.

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-10-28 09:25:04 +01:00
Matt Caswell
a34ac5b8b9 Add a test for BIO_read() returning 0 in SSL_read() (and also for write)
A BIO_read() 0 return indicates that a failure occurred that may be
retryable. An SSL_read() 0 return indicates a non-retryable failure. Check
that if BIO_read() returns 0, SSL_read() returns <0. Same for SSL_write().

The asyncio test filter BIO already returns 0 on a retryable failure so we
build on that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:13:49 +01:00
Matt Caswell
4880672a9b A zero return from BIO_read()/BIO_write() could be retryable
A zero return from BIO_read()/BIO_write() could mean that an IO operation
is retryable. A zero return from SSL_read()/SSL_write() means that the
connection has been closed down (either cleanly or not). Therefore we
should not propagate a zero return value from BIO_read()/BIO_write() back
up the stack to SSL_read()/SSL_write(). This could result in a retryable
failure being treated as fatal.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:13:49 +01:00
Matt Caswell
875e3f934e Provide a cross-platform format specifier (OSSLzu) for printing size_t
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-26 21:03:29 +01:00
Rich Salz
99d63d4662 Move manpages to man[1357] structure.
Move manpages to manX directories
Add Windows/VMS install fix from Richard Levitte
Update README
Fix typo's
Remove some duplicates

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-26 13:59:52 -04:00
Richard Levitte
4f3015bb30 VMS: tell the C compiler to use the ISO C94 standard
The current version of the VMS compiler provides C99 features,
strictly language wise.  Unfortunately, even the most recent standard
library isn't fully updated for that standard, so we need to use an
earlier standard that the compiler supports.

Most importantly, this affects the __STDC_VERSION__ value, which the
compiler unfortunately currently defaults to 199901L.  With this
change we won't have to give VMS special treatment when looking for
features based on that macro.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1785)
2016-10-26 18:22:20 +02:00
Rich Salz
12a7715e3d Fix typo (reported by Matthias St. Pierre)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-10-26 11:48:43 -04:00
Richard Levitte
78ce90cb1a Backdated note in CHANGES about shared library names
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1767)
2016-10-25 20:33:21 +02:00
Richard Levitte
4fa3f08fee Add some notes on shared library names on different platforms
This is overdue since the addition of the unified build system

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1767)
2016-10-25 20:33:21 +02:00
Andy Polyakov
80d27cdb84 ppccap.c: engage new multipplication and squaring subroutines.
[And remove FPU mutiplication subroutine.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-24 20:00:40 +02:00
Andy Polyakov
68f6d2a02c bn/asm/ppc-mont.pl: add optimized multiplication and squaring subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-24 20:00:33 +02:00
Andy Polyakov
0310becc82 bn/asm/ppc-mont.pl: prepare for extension.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-24 20:00:08 +02:00
Andy Polyakov
413b6a8259 sha/asm/sha512-armv8.pl: adapt for kernel use.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-24 14:21:07 +02:00
Rich Salz
211bf9f23f Add NPN to an SSL3 build
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1629)
2016-10-24 08:09:43 -04:00