Commit graph

2411 commits

Author SHA1 Message Date
Kurt Roeckx
1510b5f7ca Don't mark the eNULL ciphers as non-default.
They're not part of ALL, so they're not part of COMPLEMENTOFDEFAULT

Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #2202
2016-03-04 18:48:03 +01:00
Rob Percival
ed29e82ade Adds CT validation to SSL connections
Disabled by default, but can be enabled by setting the
ct_validation_callback on a SSL or SSL_CTX.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:10 -05:00
Rich Salz
ddb4c0477a Changes to DEFAULT curves
Change the ECC default curve list to be this, in order: x25519, secp256r1,
secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, and brainpool512r1.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-04 09:50:49 -05:00
Matt Caswell
8b1a5af389 Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:04:06 +00:00
Dr. Stephen Henson
760f317df6 fix no-ec build
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-03 13:27:34 +00:00
Emilia Kasper
062178678f Refactor ClientHello extension parsing
1) Simplify code with better PACKET methods.

2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.

3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.

4) Send an alert on ALPN protocol mismatch.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-03 13:53:26 +01:00
Christian Heimes
0c452abc16 Provide getters for default_passwd_cb and userdata
This patch provides getters for default_passwd_cb and userdata for SSL
and SSL_CTX. The getter functions are required to port Python's ssl module
to OpenSSL 1.1.0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-02 17:15:46 +00:00
Matt Caswell
ff75a25749 Refactor the async wait fd logic
Implementation experience has shown that the original plan for async wait
fds was too simplistic. Originally the async logic created a pipe internally
and user/engine code could then get access to it via API calls. It is more
flexible if the engine is able to create its own fd and provide it to the
async code.

Another issue is that there can be a lot of churn in the fd value within
the context of (say) a single SSL connection leading to continually adding
and removing fds from (say) epoll. It is better if we can provide some
stability of the fd value across a whole SSL connection. This is
problematic because an engine has no concept of an SSL connection.

This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a
proxy for an SSL connection down at the engine layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-29 12:58:44 +00:00
Dr. Stephen Henson
1db3107ada TLS support for X25519
Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Rich Salz
7c96dbcdab GH715: ENGINE_finish can take NULL
Simplifies calling code.  Also fixed up any !ptr tests that were
nearby, turning them into NULL tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-25 15:19:42 -05:00
J Mohan Rao Arisankala
5ca17d8c5c GH742: keep gost specific variable under macro
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-25 08:42:55 -05:00
Rich Salz
72e9be3d08 GH235: Set error status on malloc failure
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-25 08:37:36 -05:00
Dr. Stephen Henson
2cf28d6127 Remove unused parameter in ssl_set_masks().
The ssl_set_masks() function no longer depends on the cipher. This
also means there is no need to set the masks for each cipher in
ssl3_choose_cipher.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-24 02:41:54 +00:00
J Mohan Rao Arisankala
a44a208442 GH735: remove unnecessary allocation
Removing code, where memory was getting allocated for an unused variable

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-23 11:33:57 -05:00
Rich Salz
a773b52a61 Remove unused parameters from internal functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 13:39:44 -05:00
Richard Levitte
45502bfe19 Always build library object files with shared library cflags
This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Emilia Kasper
aa474d1fb1 TLS: reject duplicate extensions
Adapted from BoringSSL. Added a test.

The extension parsing code is already attempting to already handle this for
some individual extensions, but it is doing so inconsistently. Duplicate
efforts in individual extension parsing will be cleaned up in a follow-up.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-19 17:24:44 +01:00
Richard Levitte
ce192ebed0 Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:43:09 +01:00
Rich Salz
d1776fdecd Fix {TLS,CIPHER}_DEBUG compiles.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:19:32 -05:00
Rich Salz
d63a5e5e7d Remove outdated DEBUG flags.
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:14:50 -05:00
Matt Caswell
35b1a433ed Fix memory leaks in tls_decrypt_ticket
Certain code paths in tls_decrypt_ticket could return early without first
freeing the HMAC_CTX or the EVP_CIPHER_CTX.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 15:21:47 +00:00
Zhao Junwang
c4c32155f5 GH706: Use NULL for pointer compare.
As handshake_func is a function pointer, it should compare to NULL

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-18 09:56:02 -05:00
Rich Salz
e4ef2e25f1 Remove "experimental" in code and comments, too.
Thanks to Viktor for additional review.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-17 21:12:30 -05:00
David Woodhouse
3ba84717a0 Finish 02f7114a7f
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 17:04:47 -05:00
Dr. Stephen Henson
c7c4625693 remove redundant code
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 16:16:13 +00:00
Richard Levitte
05c7b1631b Implement the use of heap manipulator implementions
- Make use of the functions given through CRYPTO_set_mem_functions().
- CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_secure_free() now receive
  __FILE__ and __LINE__.
- The API for CRYPTO_set_mem_functions() and CRYPTO_get_mem_functions()
  is slightly changed, the implementation for free() now takes a couple
  of extra arguments, taking __FILE__ and __LINE__.
- The CRYPTO_ memory functions will *always* receive __FILE__ and __LINE__
  from the corresponding OPENSSL_ macros, regardless of if crypto-mdebug
  has been enabled or not.  The reason is that if someone swaps out the
  malloc(), realloc() and free() implementations, we can't know if they
  will use them or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17 10:12:49 +01:00
Dr. Stephen Henson
2235b7f2dd Simplify tls1_set_ec_id.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 14:01:40 +00:00
Dr. Stephen Henson
2fa2d15ac8 Use nid_list table to lookup curve IDs.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 14:01:40 +00:00
Dr. Stephen Henson
2dc1aeed3b Add explanation and warning to TLS id table.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 14:01:40 +00:00
Rich Salz
77b8ad1840 Fix build-break
Combination of heartbeats and unit-tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-15 10:17:12 -05:00
Ben Laurie
08934f1ab2 Don't test heartbeats when there aren't any.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-14 10:55:38 +00:00
Rainer Jung
124f6ff4c2 RT4304: Look for plaintext HTTP
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 14:29:26 -05:00
Viktor Szakats
f0ff328e36 GH675: make ssl3_ciphers static
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 13:29:58 -05:00
Dr. Stephen Henson
5b326dc529 Free and zero DH/ECDH temporary key after use.
PR#4303

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-13 13:17:08 +00:00
Viktor Dukhovni
82049c543c Move brace outside #ifdef
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-12 16:39:17 -05:00
Matt Caswell
c6f9019b69 Fix the enable-ssl-trace config option
The recent removal of static ECDH broke the enable-ssl-trace compilation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-12 10:06:45 +00:00
Dr. Stephen Henson
ce0c1f2bb2 Remove static ECDH support.
Remove support for static ECDH ciphersuites. They require ECDH keys
in certificates and don't support forward secrecy.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-11 20:54:01 +00:00
Dr. Stephen Henson
221c7b55e3 Don't check self signed certificate signature security.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 19:00:41 +00:00
Viktor Dukhovni
ce023e77d7 Fix MacOS/X build warnings
Commit 7823d792d0 added DEFINE_LHASH_OF
to a C source file.  DEFINE_LHASH_OF() and DEFINE_STACK_OF() must
be used only in header files to avoid clang warnings for unused
static-inline functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 13:53:39 -05:00
Rich Salz
22e3dcb780 Remove TLS heartbeat, disable DTLS heartbeat
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:57:26 -05:00
Rich Salz
f3f1cf8444 Move to REF_DEBUG, for consistency.
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:40:32 -05:00
Toshikuni Fukaya
7823d792d0 RT3495: Add a hash for faster dup detection.
Updated for 1.1 by Rich Salz

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:19:34 -05:00
Viktor Dukhovni
17a723885e Simplify ssl_cert_type() by taking advantage of X509_get0_pubkey
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 10:11:54 -05:00
Rich Salz
7253fd550c Hide OPENSSL_INIT_SETTINGS.
Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 08:43:46 -05:00
Rich Salz
a4625290c3 After renaming init, update errors.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 15:52:32 -05:00
Todd Short
1c37fd96d8 Add CHACHA20 alias for ciphers.
Update ciphers documentation as well (based on -04 rev of ID).

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4206, GH: #642
2016-02-10 20:13:26 +01:00
Matt Caswell
302f75887e Attempt to log an error if init failed
If init failed we'd like to set an error code to indicate that. But if
init failed then when the error system tries to load its strings its going
to fail again. We could get into an infinite loop. Therefore we just set
a single error the first time around. After that no error is set.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Matt Caswell
0fc32b0718 The new init functions can now fail so shouldn't be void
The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return value.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Rich Salz
f672aee494 Rename INIT funtions, deprecate old ones.
Man, there were a lot of renamings :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10 09:37:03 -05:00
Richard Levitte
0f53f939a1 clean away old VMS cruft
The old building scripts get removed, they are hopelessly gone in bit
rot by now.

Also remove the old symbol hacks.  They were needed needed to shorten
some names to 31 characters, and to resolve other symbol clashes.
Because we now compile with /NAMES=(AS_IS,SHORTENED), this is no
longer required.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:32 +01:00