Commit graph

1539 commits

Author SHA1 Message Date
Todd Short
1c036c6443 Fix #340: Parse ASN1_TIME to struct tm
This works with ASN1_UTCTIME and ASN1_GENERALIZED_TIME

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3378)
2017-06-08 13:19:13 +01:00
Rich Salz
52df25cf2e make error tables const and separate header file
Run perltidy on util/mkerr
Change some mkerr flags, write some doc comments
Make generated tables "const" when genearting lib-internal ones.
Add "state" file for mkerr
Renerate error tables and headers
Rationalize declaration of ERR_load_XXX_strings
Fix out-of-tree build
Add -static; sort flags/vars for options.
Also tweak code output
Moved engines/afalg to engines (from master)
Use -static flag
Standard engine #include's of errors
Don't linewrap err string tables unless necessary

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3392)
2017-06-07 15:12:03 -04:00
Todd Short
db0f35dda1 Fix #2400 Add NO_RENEGOTIATE option
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3432)
2017-06-06 22:39:41 +01:00
Dr. Stephen Henson
ccd0aeac9f Fix define to match documentation
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3621)
2017-06-06 12:51:01 +01:00
Erwann Abalea
4a8ab10dd2 Add some OID's from X.520
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3590)
2017-05-31 13:33:20 -04:00
Richard Levitte
545360c4df Add UI functionality to duplicate the user data
This can be used by engines that need to retain the data for a longer time
than just the call where this user data is passed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3575)
2017-05-31 19:00:24 +02:00
Dr. Stephen Henson
9f889cc177 make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:20 +01:00
Dr. Stephen Henson
ca23d3e089 make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:20 +01:00
Dr. Stephen Henson
9691a749c8 Add EdDSA algorithm OIDs from draft-ietf-curdle-pkix-04
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Dr. Stephen Henson
bbbfee30bd make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:19 +01:00
Marek Klein
e92947d8d9 fixing incorrect OID of signingCertificateV2
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3538)
2017-05-29 18:23:29 -04:00
Richard Levitte
aef492683b Revert "Add internal functions to fetch a refcount"
It turned out to be a bad idea.

This reverts commits 6891a79da6
and c27bc74698.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3576)
2017-05-28 15:02:42 +02:00
Richard Levitte
c27bc74698 Correct small typo in CRYPTO_GET_REF
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3574)
2017-05-28 07:35:58 +02:00
Richard Levitte
6891a79da6 Add internal functions to fetch a refcount
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3573)
2017-05-27 22:37:19 +02:00
Josh Soref
df578aa013 Fix spelling errors in CMS.
Unfortunately it affects error code macros in public cms.h header, for
which reason misspelled names are preserved for backward compatibility.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3463)
2017-05-27 14:15:24 +02:00
Matt Caswell
42bd7a16d0 Add an error to the stack on failure in dtls1_write_bytes()
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3496)
2017-05-22 14:00:52 +01:00
Matt Caswell
9bfeeef8ee Fix ASN1_TIME_to_generalizedtime to take a const ASN1_TIME
Fixes #1526

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3360)
2017-05-19 08:54:39 +01:00
Matt Caswell
6944311688 Make SSL_is_server() accept a const SSL
Fixes #1526

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3360)
2017-05-19 08:54:39 +01:00
Matt Caswell
355a0d10a9 Add a new unsolicited extension error code and add enum tag
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3418)
2017-05-17 15:32:25 +01:00
Todd Short
80a2fc4100 Clean up SSL_OP_* a bit
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3439)
2017-05-12 11:42:24 -04:00
Richard Levitte
74a011ebb5 Cleanup - use e_os2.h rather than stdint.h
Not exactly everywhere, but in those source files where stdint.h is
included conditionally, or where it will be eventually

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3447)
2017-05-11 21:52:37 +02:00
Richard Levitte
69b4c01fd2 Unclash clashing reason codes in ssl.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3441)
2017-05-11 17:45:38 +02:00
Matt Caswell
b6fdc12d94 Send a missing_extension alert if key_share/supported groups not present
Only applies if we're not doing psk.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
2017-05-11 13:13:04 +01:00
Matt Caswell
0b367d7955 TLSv1.3 alerts cannot be fragmented and only one per record
We should be validating that.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
2017-05-11 13:13:04 +01:00
Dr. Stephen Henson
7539418981 Add EVP_DigestSign and EVP_DigesVerify
Add "single part" digest sign and verify functions. These sign and verify
a message in one function. This simplifies some operations and it will later
be used as the API for algorithms which do not support the update/final
mechanism (e.g. PureEdDSA).

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3409)
2017-05-11 12:59:25 +01:00
Rich Salz
05004f366e Ignore MSVC warnings (via Gisle Vanem)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3420)
2017-05-10 11:59:09 -04:00
Matt Caswell
66d4bf6b20 Verify that if we have an HRR then something will change
It is invalid if we receive an HRR but no change will result in
ClientHello2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3414)
2017-05-09 17:23:58 +01:00
Benjamin Kaduk
7671342e55 Add PEM_bytes_read_bio_secmem()
Split the PEM_bytes_read_bio() implementation out into a
pem_bytes_read_bio_flags() helper, to allow it to pass PEM_FLAG_SECURE
as needed.  Adjust the cleanup to properly use OPENSSL_secure_free()
when needed, and reimplement PEM_bytes_read() as a wrapper around
the _flags helper.

Add documentation for PEM_bytes_read_bio() and the new secmem variant.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
2017-05-08 21:20:31 +02:00
Benjamin Kaduk
204afd81b1 Add PEM_read_bio_ex
The extended function includes a 'flags' argument to allow callers
to specify different requested behaviors.  In particular, callers can
request that temporary storage buffers are allocated from the secure heap,
which could be relevant when loading private key material.

Refactor PEM_read_bio to use BIO_mems instead of BUFs directly,
use some helper routines to reduce the overall function length, and make
some of the checks more reasonable.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
2017-05-08 21:17:28 +02:00
Matt Caswell
ad5100bc41 Add support to SSL_trace() for inner content types
When using the -trace option with TLSv1.3 all records appear as "application
data". This adds the ability to see the inner content type too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3408)
2017-05-08 11:42:37 +01:00
Matt Caswell
6af8754637 Send the supported_groups extension in EE where applicable
The TLSv1.3 spec says that a server SHOULD send supported_groups in the
EE message if there is a group that it prefers to the one used in the
key_share. Clients MAY act on that. At the moment we don't do anything
with it on the client side, but that may change in the future.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3395)
2017-05-08 11:09:02 +01:00
Matt Caswell
198d5021ae Update the TLSv1.3 version indicator for draft-20
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3371)
2017-05-03 17:23:02 +01:00
Matt Caswell
2698bbfec6 Add an SSL_ prefix to SERVERINFOV2 and SERVERINFOV1
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
2017-05-03 14:37:42 +01:00
Matt Caswell
84c34ba876 Extend the SERVERINFO file format to include an extensions context
This enables us to know what messages the extensions are relevant for in
TLSv1.3. The new file format is not compatible with the previous one so
we call it SERVERINFOV2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
2017-05-03 14:37:42 +01:00
Marek Klein
f0ef20bf38 Added support for ESSCertIDv2
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/771)
2017-05-03 09:04:23 +02:00
Todd Short
c649d10d3f TLS1.3 Padding
Add padding callback for application control
Standard block_size callback
Documentation and tests included
Configuration file/s_client/s_srver option

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3130)
2017-05-02 09:44:43 +01:00
Rich Salz
595b2a4237 Check fflush on BIO_ctrl call
Bug found and fix suggested by Julian Rüth.
Push error if fflush fails

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3266)
2017-04-28 14:14:59 -04:00
Bernd Edlinger
37659ea430 Add parentheses on public macros where appropriate.
Fixes #3063.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3100)
2017-04-27 11:31:09 +01:00
Matt Caswell
e586eac885 Add support for SSL_SESSION_is_resumable()
Provide a way to test whether the SSL_SESSION object can be used to resume a
sesion or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
2017-04-26 16:42:29 +01:00
Dr. Stephen Henson
786dd2c22c Add support for custom signature parameters
Many signature types define the digest and public key type by a single OID
such as ecdsa_with_sha256.

Some types (RSA-PSS for example) use a single OID to indicate the signature
scheme and additional parameters are encoded in the AlgorithmIdentifier.

Add an X509_SIG_INFO structure to contain details about the signature type:
specifically the digest algorithm, public key algorithm, security bits and
various flags. This supports both existing algorithms and more complex
types.

Add accessors for the structure and a special case that retrieves signature
information from a certificate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
2017-04-25 22:12:34 +01:00
Dmitry Belyavskiy
b5c4209be9 Switch command-line utils to new nameopt API.
The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO_printf
Testing cyrillic output of X509_CRL_print_ex
Write and use X509_CRL_print_ex
Reduce usage of X509_NAME_online
Using X509_REQ_print_ex instead of X509_REQ_print
Fix nameopt processing.
Make dump_cert_text nameopt-friendly
Move nameopt getter/setter to apps/apps.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3262)
2017-04-25 12:37:17 -04:00
Matt Caswell
e829142846 Document BIO_lookup_ex()
We also change the enum type to an int.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
aefb925647 Don't attempt to send fragments > max_send_fragment in DTLS
We were allocating the write buffer based on the size of max_send_fragment,
but ignoring it when writing data. We should fragment handshake messages
if they exceed max_send_fragment and reject application data writes that
are too large.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
dcf88c5b79 Add better error logging if SCTP AUTH chunks are not enabled
In order to use SCTP over DTLS we need ACTP AUTH chunks to be enabled in
the kernel.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
5114d8227e Add a BIO_lookup_ex() function
The existing BIO_lookup() wraps a call to getaddrinfo and provides an
abstracted capability to lookup addresses based on socket type and family.
However it provides no ability to lookup based on protocol. Normally,
when dealing with TCP/UDP this is not required. However getaddrinfo (at
least on linux) never returns SCTP addresses unless you specifically ask
for them in the protocol field. Therefore BIO_lookup_ex() is added which
provides the protocol field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Rich Salz
b3c42fc250 Fix typo in OPENSSL_LH_new compat API
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3292)
2017-04-24 20:33:31 -04:00
Richard Levitte
20626cfd58 Add CRYPTO_mem_leaks_cb
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Rich Salz
c0452248ea Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.

Raise errors if empty or malformed files are read when loading certificates
and CRLs.

Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}

Refactor these two routines into one.

Bring the unit test for duplicate certificates up to date using the test
framework.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
2017-04-20 15:33:42 -04:00
Richard Levitte
f46f69f409 VMS: Copy DECC inclusion epi- and prologues to internals
Because many of our test programs use internal headers, we need to make
sure they know how, exactly, to mangle the symbols.  So far, we've done
so by specifying it in the affected test programs, but as things change,
that will develop into a goose chase.  Better then to declare once and
for all how symbols belonging in our libraries are meant to be treated,
internally as well as publically.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3259)
2017-04-20 13:10:06 +02:00
Richard Levitte
49005bb8b3 ASN.1: extend the possibilities to embed data instead of pointers
Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free().  Call prim_clear() instead.

Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
2017-04-13 10:23:31 +02:00
Todd Short
3bb0f989b5 OCSP Updates: error codes and multiple certificates
RT3877: Add X509 OCSP error codes and messages
Add additional OCSP error codes for X509 verify usage

RT3867: Support Multiple CA certs in ocsp app
Add the ability to read multiple CA certs from a single file in the
ocsp app.

Update some missing X509 errors in documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/941)
2017-04-12 14:41:10 -04:00
Richard Levitte
7eb4c1eb50 Discourage the use of LONG and ZLONG, and deprecate it in the future
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Richard Levitte
64f11ee888 Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:10:59 +02:00
Rich Salz
79b4c806a1 Make default_method mostly compile-time (cont'd)
Forgot to include this commit as requested by review.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)
2017-04-07 13:27:53 -04:00
Rich Salz
076fc55527 Make default_method mostly compile-time
Document thread-safety issues
Have RSA_null return NULL (always fails)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)
2017-04-07 12:19:46 -04:00
Matt Caswell
cd17bb190c Prefix custom extension API callback types with SSL_
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Matt Caswell
43ae5eed6f Implement a new custom extensions API
The old custom extensions API was not TLSv1.3 aware. Extensions are used
extensively in TLSv1.3 and they can appear in many different types of
messages. Therefore we need a new API to be able to cope with that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Matt Caswell
fe874d27d3 Move the extensions context codes into the public API
This move prepares for the later addition of the new custom extensions
API. The context codes have an additional "SSL_" added to their name to
ensure we don't have name clashes with other applications.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Qin Long
005f676628 e_os2.h: Refine OSSL_SSIZE definition under UEFI environment
Under UEFI build environment, we may encounter the OSSL_SSIZE macro
re-definition error in e_os2.h if any module call OpenSSL API directly
by including "openssl/xxxx.h" (caused by the predefined _WIN32/_WIN64
macro, which should have been un-defined under OPENSSL_SYS_UEFI).

Though it's not one recommended usage, this patch could still eliminate
the possible build issue by refining the OSSL_SSIZE definition under
OPENSSL_SYS_UEFI.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3121)
2017-04-06 16:16:05 +02:00
Richard Levitte
5c7e65486c make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Richard Levitte
93f7d6fc10 Implement internal ASN.1 types INT32, UINT32, INT64, UINT64
Also Z varieties.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Dr. Stephen Henson
86135bedd5 Constify SSL_dup_CA_list()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
2017-04-03 23:47:22 +01:00
Dr. Stephen Henson
fa7c263747 New certificate_authorities functions
Add functions to add/retrieve the certificate_authorities. The older
client_CA functions mainly just call the new versions now.

Rename fields sice new extension can be generated by client and server.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
2017-04-03 23:47:21 +01:00
Matt Caswell
ff79a24402 Add missing macros for DHxparams
DHparams has d2i_DHparams_fp, d2i_DHxparams_bio etc, but the equivalent
macros for DHxparams were omitted.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3111)
2017-04-03 20:04:06 +01:00
Kazuki Yamaguchi
a8e75d5680 Fix a typo in the SSL_get_max_early_data() declarations
SSL_get_max_early_data() recently added by 3fc8d85610 ("Construct the
ticket_early_data_info extension", 2017-02-17) is supposed to take an
SSL, but it doesn't.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3113)
2017-04-03 13:45:39 +01:00
Andy Polyakov
5f5840139e e_os.h: drop now-redundant PRIu64 [and fix OSSLzu].
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3083)
2017-03-30 19:34:24 +02:00
Richard Levitte
1e53a9fd1a Add z modifier parsing to the BIO_printf et all format string
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-29 16:16:25 +02:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
Rich Salz
43708c1545 Move PRIu64, OSSLzu to e_os.h
Those macros are private, not public.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3044)
2017-03-28 08:43:48 -04:00
Hannes Magnusson
feb891990a Remove redundant decl of 509_STORE_set_flags
a47bc283 accidentally adds another define for X509_STORE_set_flags
It is already defined 5lines prior

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3047)
2017-03-28 08:37:44 -04:00
Ian Spence
f5fd3848fe Fix function documentation
CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2972)
2017-03-24 13:39:02 +01:00
Bernd Edlinger
b3c31a6572 Fix the error handling in CRYPTO_dup_ex_data.
Fix a strict aliasing issue in ui_dup_method_data.
Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2988)
2017-03-20 13:11:31 +01:00
Kurt Roeckx
497910833e Make the CRYPTO_memcmp() prototype match memcmp()
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2633
2017-03-19 14:33:54 +01:00
Dr. Stephen Henson
45615c5fac Implement certificate_authorities extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2918)
2017-03-17 18:41:56 +00:00
Dr. Stephen Henson
5d6cca05b0 Move parsing and construction of CA names to separate functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2918)
2017-03-17 18:41:56 +00:00
Matt Caswell
11c67eeaf4 HelloRetryRequest updates for draft-19
Draft-19 changes the HRR transcript hash so that the initial ClientHello
is replaced in the transcript with a special synthetic message_hash message
that just contains a hash of ClientHello1 as its message body.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
6594189fa1 Merge early_data_info extension into early_data
As per draft-19

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
ef6c191bce Update end of early data processing for draft-19
The end of early data is now indicated by a new handshake message rather
than an alert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
e984b535d9 Update the TLSv1.3 version indicator for draft-19
This change will mean we will lose interoperability with draft-18
implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Benjamin Kaduk
f775245245 Remove some unused PEM structures
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)
2017-03-16 11:39:34 +01:00
Richard Levitte
d1da335c55 Add EC_KEY_get0_engine()
Just as for DH, DSA and RSA, this gives the engine associated with the
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2960)
2017-03-15 15:03:11 +01:00
Matt Caswell
8a585601fe Fix out-of-memory condition in conf
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.

Credit to OSS-Fuzz for finding this problem.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
2017-03-12 00:19:14 +00:00
Matt Caswell
42c28b637c Use the new TLSv1.3 certificate_required alert where appropriate
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2898)
2017-03-10 15:33:31 +00:00
Matt Caswell
524420d845 Check TLSv1.3 ServerHello, Finished and KeyUpdates are on record boundary
In TLSv1.3 the above messages signal a key change. The spec requires that
the end of these messages must align with a record boundary. We can detect
this by checking for decrypted but as yet unread record data sitting in
OpenSSL buffers at the point where we process the messages.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2875)
2017-03-07 16:41:25 +00:00
Matt Caswell
4321969513 Tweak the TLSv1.3 record overflow limits
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2861)
2017-03-06 20:07:40 +00:00
Matt Caswell
cfef5027bf Add basic TLSv1.3 cookie support
We do not allow the generation of TLSv1.3 cookies. But if we receive one
in an HRR we will echo it back in the ClientHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2839)
2017-03-04 23:32:39 +00:00
Dr. Stephen Henson
5528d68f6d Set specific error is we have no valid signature algorithms set
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
2017-03-03 22:02:39 +00:00
Matt Caswell
0665b4edae Rename SSL_write_early() to SSL_write_early_data()
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
f533fbd44a Rename SSL_read_early() to SSL_read_early_data()
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
3eaa417095 Make SSL_write_early_finish() an internal only function
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
d7f8783ff9 Enable the server to call SSL_write() without stopping the ability to call SSL_read_early()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
564547e482 Enable the client to call SSL_read() without stopping the ability to call SSL_write_early()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
4004ce5f6c Introduce a new early_data state in the state machine
Also simplifies the state machine a bit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
f5b519c416 Make SSL_get_early_data_status() take a const
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
46dcb9457e Make SSL_get_max_early_data() and SSL_CTX_get_max_early_data() take a const
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
fcc4757823 Add a SSL_SESSION_get_max_early_data() function
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
70ef40a05e Check max_early_data against the amount of early data we actually receive
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
1ea4d09a3c Construct the server side early_data extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
d781d247d1 Provide an SSL_read_early() function for reading early data
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
d49e23ec58 Implement the early data changes required in tls13_change_cipher_state()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
a4f376af7e Construct the early_data extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:14 +00:00
Matt Caswell
49e7fe12ea Provide functions to write early data
We provide SSL_write_early() which *must* be called first on a connection
(prior to any other IO function including SSL_connect()/SSL_do_handshake()).
Also SSL_write_early_finish() which signals the end of early data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:14 +00:00
Matt Caswell
5d5b3fba1f Parse the ticket_early_data_info extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:14 +00:00
Matt Caswell
3fc8d85610 Construct the ticket_early_data_info extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:14 +00:00
Emilia Kasper
2f0ca54c32 Remove some obsolete/obscure internal define switches:
- FLAT_INC
- PKCS1_CHECK (the SSL_OP_PKCS1_CHECK options have been
  no-oped)
- PKCS_TESTVECT (debugging leftovers)
- SSL_AD_MISSING_SRP_USERNAME (unfinished feature)
- DTLS_AD_MISSING_HANDSHAKE_MESSAGE (unfinished feature)
- USE_OBJ_MAC (note this removes a define from the public header but
   very unlikely someone would be depending on it)
- SSL_FORBID_ENULL

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2017-03-01 10:44:49 +01:00
Richard Levitte
9c5e87bf34 Code health: With the VAX C-ism gone, OPENSSL_GLOBAL can be removed too
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2785)
2017-02-28 20:23:07 +01:00
Richard Levitte
6cef8015e8 Code health: Remove another VAX C-ism, globaldef and globalref
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2785)
2017-02-28 20:23:07 +01:00
Emilia Kasper
b53338cbf8 Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:25 +01:00
Richard Levitte
9664512726 Renumber to avoid a error code clash
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2758)
2017-02-27 23:34:29 +01:00
Dr. Stephen Henson
03f44b974b Initial incomplete TLS 1.3 certificate request support.
This adds partial support for TLS 1.3 certificate request message.

The request context and extensions are currently ignored on receive
and set to zero length on send.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2728)
2017-02-27 18:23:18 +00:00
Richard Levitte
57d0d048a8 Add a null UI method
There are cases when, if you pass a NULL UI_METHOD, the called
function will use an internal default.  This is well and good, but
there may be cases when this is undesirable and one would rather send
in a UI that does absolutely nothing (sort of a /dev/null).  UI_null()
is the UI_METHOD for this purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2744)
2017-02-26 01:00:26 +01:00
Dr. Stephen Henson
e892e32558 Reject compressed point format with TLS 1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2739)
2017-02-24 23:52:23 +00:00
Bernd Edlinger
01b76c2c5d Add -Wundef to --strict-warnings options.
Avoid a -Wundef warning in refcount.h
Avoid a -Wundef warning in o_str.c
Avoid a -Wundef warning in testutil.h
Include internal/cryptlib.h before openssl/stack.h
to avoid use of undefined symbol OPENSSL_API_COMPAT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2712)
2017-02-24 09:21:59 +01:00
Kurt Roeckx
7e999d5101 Fix duplicate error codes
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2732
2017-02-23 23:12:31 +01:00
Kurt Roeckx
4ee7d3f945 Implement SSL_read_ex() and SSL_write_ex() as documented.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1964
2017-02-23 20:40:05 +01:00
Benjamin Kaduk
6b1bb98fad Add SSL_CTX early callback
Provide a callback interface that gives the application the ability
to adjust the nascent SSL object at the earliest stage of ClientHello
processing, immediately after extensions have been collected but
before they have been processed.

This is akin to BoringSSL's "select_certificate_cb" (though it is not
API compatible), and as the name indicates, one major use is to examine
the supplied server name indication and select what certificate to
present to the client.  However, it can also be used to make more
sweeping configuration changes to the SSL object according to the
selected server identity and configuration.  That may include adjusting
the permitted TLS versions, swapping out the SSL_CTX object (as is
traditionally done in a tlsext_servername_callback), changing the
server's cipher list, and more.

We also wish to allow an early callback to indicate that it needs to perform
additional work asynchronously and resume processing later.  To that effect,
refactor the second half of tls_process_client_hello() into a subroutine to be
called at the post-processing stage (including the early callback itself), to
allow the callback to result in remaining in the same work stage for a later
call to succeed.  This requires allocating for and storing the CLIENTHELLO_MSG
in the SSL object to be preserved across such calls, but the storage is
reclaimed after ClientHello processing finishes.

Information about the CliehtHello is available to the callback by means of
accessor functions that can only be used from the early callback.  This allows
extensions to make use of the existing internal parsing machinery without
exposing structure internals (e.g., of PACKET), so that applications do not
have to write fragile parsing code.

Applications are encouraged to utilize an early callback and not use
a servername_callback, in order to avoid unexpected behavior that
occurs due to the relative order of processing between things like
session resumption and the historical servername callback.

Also tidy up nearby style by removing unnecessary braces around one-line
conditional bodies.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:26 +01:00
Benjamin Kaduk
90134d9806 Refactor SSL_bytes_to_cipher_list()
Split off the portions that mutate the SSL object into a separate
function that the state machine calls, so that the public API can
be a pure function.  (It still needs the SSL parameter in order
to determine what SSL_METHOD's get_cipher_by_char() routine to use,
though.)

Instead of returning the stack of ciphers (functionality that was
not used internally), require using the output parameter, and add
a separate output parameter for the SCSVs contained in the supplied
octets, if desired.  This lets us move to the standard return value
convention.  Also make both output stacks optional parameters.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:25 +01:00
Benjamin Kaduk
ccb8e6e0b1 Export SSL_bytes_to_cipher_list()
Move ssl_bytes_to_cipher_list() to ssl_lib.c and create a public
wrapper around it.  This lets application early callbacks easily get
SSL_CIPHER objects from the raw ciphers bytes without having to
reimplement the parsing code.  In particular, they do not need to
know the details of the sslv2 format ClientHello's ciphersuite
specifications.

Document the new public function, including the arguably buggy behavior
of modifying the supplied SSL object.  On the face of it, such a function
should be able to be pure, just a direct translation of wire octets to
internal data structures.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:25 +01:00
Pauli
d42d0a4dc7 Implementation of the ARIA cipher as described in RFC 5794.
This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)
2017-02-21 11:51:45 +01:00
Matt Caswell
331c16d95f Fix a merge error
Fix an error code clash due to a merge

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2665)
2017-02-17 14:42:59 +00:00
Matt Caswell
4fbfe86ae3 Don't use an enum in the return type for a public API function
We use an int instead. That means SSL_key_update() also should use an int.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:01 +00:00
Matt Caswell
82f992cbe0 Limit the number of KeyUpdate messages we can process
Too many KeyUpdate message could be inicative of a problem (e.g. an
infinite KeyUpdate loop if the peer always responds to a KeyUpdate message
with an "update_requested" KeyUpdate response), or (conceivably) an attack.
Either way we limit the number of KeyUpdate messages we are prepared to
handle.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
Matt Caswell
57389a3261 Actually update the keys when a KeyUpdate message is sent or received
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
Matt Caswell
53d1d07d30 Add a SSL_get_key_update_type() function
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
Matt Caswell
e1c3de4450 Add the ability for a client to receive a KeyUpdate message
This just receives the message. It doesn't actually update any keys yet.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
Matt Caswell
44c04a2e06 Provide a function to send a KeyUpdate message
This implements the server side KeyUpdate sending capability as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
Matt Caswell
28a31a0a10 Don't change the state of the ETM flags until CCS processing
In 1.1.0 changing the ciphersuite during a renegotiation can result in
a crash leading to a DoS attack. In master this does not occur with TLS
(instead you get an internal error, which is still wrong but not a security
issue) - but the problem still exists in the DTLS code.

The problem is caused by changing the flag indicating whether to use ETM
or not immediately on negotiation of ETM, rather than at CCS. Therefore,
during a renegotiation, if the ETM state is changing (usually due to a
change of ciphersuite), then an error/crash will occur.

Due to the fact that there are separate CCS messages for read and write
we actually now need two flags to determine whether to use ETM or not.

CVE-2017-3733

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-16 09:35:56 +00:00
Matt Caswell
bb90d02a71 Fix merge issue
Causes make update to fail.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2634)
2017-02-15 10:50:39 +00:00
Dr. Stephen Henson
4a419f6018 Change tls_choose_sigalg so it can set errors and alerts.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2623)
2017-02-15 02:23:54 +00:00
Matt Caswell
3847d426e3 Add client side support for parsing Hello Retry Request
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
2017-02-14 13:14:25 +00:00
Matt Caswell
7d061fced3 Add server side support for creating the Hello Retry Request message
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
2017-02-14 13:14:25 +00:00
Dr. Stephen Henson
f68521ee41 Add remaining TLS1.3 ciphersuites
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-08 02:16:27 +00:00
Dr. Stephen Henson
20fc2051d2 Use contants for Chacha/Poly, redo algorithm expressions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-08 02:16:27 +00:00
Dr. Stephen Henson
aa24c47c83 Add constants to CCM and TLS.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-08 02:16:27 +00:00
Dr. Stephen Henson
7114af3054 Add NID_auth_any and NID_kx_any NIDs.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-08 02:16:26 +00:00
Dr. Stephen Henson
e10dbdbfea make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
2017-02-02 14:45:10 +00:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Dr. Stephen Henson
42ef7aead2 Add SSL_get_peer_signature_type_nid() function.
Add function to retrieve signature type: in the case of RSA
keys the signature type can be EVP_PKEY_RSA or EVP_PKEY_RSA_PSS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
2017-01-30 13:00:16 +00:00
Matt Caswell
34f7245ba0 Move the SSL3_CK_CIPHERSUITE_FLAG out of public header
The newly added SSL3_CK_CIPHERSUITE_FLAG shouldn't be in a public header
file

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:24 +00:00
Matt Caswell
1a3392c878 Fix <= TLS1.2 break
Changing the value of SSL_MAX_MASTER_KEY_LENGTH had some unexpected
side effects in the <=TLS1.2 code which apparently relies on this being
48 for interoperability. Therefore create a new define for the TLSv1.3
resumption master secret which can be up to 64 bytes.

Found through the boring test suite.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:24 +00:00
Matt Caswell
1f5b44e943 Miscellaneous style tweaks based on feedback received
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:23 +00:00
Matt Caswell
0247086d9a Implement server side of PSK extension construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:21 +00:00
Matt Caswell
1053a6e228 Implement Server side of PSK extension parsing
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:21 +00:00
Matt Caswell
f4bbb37c4c Provide a key_share extension finaliser
This mops up various edge cases with key_shares and makes sure we still
generate the handshake secret if we haven't been provided with one but we
have a PSK.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:20 +00:00
Matt Caswell
4ff65f77b6 Add support for client side parsing of the PSK extension
Requires a refactor of the ServerHello parsing, so that we parse first and
then subsequently process. This is because the resumption information is
held in the extensions block which is parsed last - but we need to know that
information earlier.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:20 +00:00
Matt Caswell
ec15acb6bc Construct the client side psk extension for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:19 +00:00
Matt Caswell
b2f7e8c0fe Add support for the psk_key_exchange_modes extension
This is required for the later addition of resumption support.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:17:49 +00:00
Matt Caswell
c7f47786a5 Move state machine knowledge out of the record layer
The record layer was making decisions that should really be left to the
state machine around unexpected handshake messages that are received after
the initial handshake (i.e. renegotiation related messages). This commit
removes that code from the record layer and updates the state machine
accordingly. This simplifies the state machine and paves the way for
handling other messages post-handshake such as the NewSessionTicket in
TLSv1.3.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:17:00 +00:00
Matt Caswell
0386aad1ab Remove use of the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag
This flag is never set by anything so remove it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 09:36:55 +00:00
Richard Levitte
2d60c92314 Document what EXFLAG_SET is for in x509v3.h
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2314)
2017-01-28 20:07:04 +01:00
Richard Levitte
2650515394 Better check of DH parameters in TLS data
When the client reads DH parameters from the TLS stream, we only
checked that they all are non-zero.  This change updates the check to
use DH_check_params()

DH_check_params() is a new function for light weight checking of the p
and g parameters:

    check that p is odd
    check that 1 < g < p - 1

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2017-01-26 10:54:01 +00:00
Matt Caswell
b1531d8e6c Fix a merge error
Clashing function code values in evp.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2285)
2017-01-25 15:30:27 +00:00
Matt Caswell
7141ba3196 Fix the overlapping check for fragmented "Update" operations
When doing in place encryption the overlapping buffer check can fail
incorrectly where we have done a partial block "Update" operation. This
fixes things to take account of any pending partial blocks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)
2017-01-25 15:02:44 +00:00
FdaSilvaYY
28b86f313b Fix some extra or missing whitespaces...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1618)
2017-01-25 09:06:34 +00:00
Todd Short
52ad5b60e3 Add support for Poly1305 in EVP_PKEY
Add Poly1305 as a "signed" digest.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2128)
2017-01-24 15:40:37 +01:00
Cory Benfield
2faa1b48fd Add support for key logging callbacks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1646)
2017-01-23 17:07:43 +01:00
Dr. Stephen Henson
137096a7ea Defines and strings for special salt length values, add tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
2017-01-18 15:04:49 +00:00
Dr. Stephen Henson
79ebfc4681 Add support for -1, -2 salt lengths for PSS only keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
2017-01-18 15:04:49 +00:00
FdaSilvaYY
31a51151fc Clean dead macros and defines
... mostly related to some old discarded modules .

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)
2017-01-18 15:19:24 +01:00
Richard Levitte
37b8f1e21c Clarify what RUN_ONCE returns
RUN_ONCE really just returns 0 on failure or whatever the init
function returned.  By convention, however, the init function must
return 0 on failure and 1 on success.  This needed to be clarified.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2225)
2017-01-13 13:10:21 +01:00
Rich Salz
329f2f4a42 GH2176: Add X509_VERIFY_PARAM_get_time
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)
2017-01-12 09:54:09 -05:00
Richard Levitte
0fe1fc858a Add a UI utility function with which to wrap pem_callback_cb in a UI_METHOD
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
2017-01-11 18:27:27 +01:00
Richard Levitte
18cfc668ea Add an application data field in the UI_METHOD
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
2017-01-11 18:27:27 +01:00
Richard Levitte
a223ffe6d3 Constify the input parameter to UI_method_get_*
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
2017-01-11 18:27:27 +01:00
Matt Caswell
0490431272 Verify that the sig algs extension has been sent for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
2c5dfdc357 Make CertificateVerify TLS1.3 aware
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
d8bc139978 Move Certificate Verify construction and processing into statem_lib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Rich Salz
8cbfcc70bf Use typedefs for PSK, NPN, ALPN callback functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
2017-01-09 22:26:47 -05:00
Rich Salz
aff8c126fd Move extension data into sub-structs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
2017-01-09 22:26:47 -05:00
Rich Salz
3adc41dd22 Rename "verify_cb" to SSL_verify_cb
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
2017-01-09 16:09:50 -05:00
Rich Salz
121677b487 Doc nits: callback function typedefs
Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
2017-01-09 16:09:50 -05:00
Dr. Stephen Henson
f488976ccf fix typo and remove duplicate macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
23b6699ecc make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
08be0331c3 Only allow PSS padding for PSS keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
cb49e7497a Initial parameter restrictions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
cfd81c6d75 Add rsa_pss_get_param.
New function rsa_pss_get_param to extract and sanity check PSS parameters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
a300c7256e Support pad mode get/set for PSS keys.
Pad mode setting returns an error if the mode is anything other then PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
e64b2b5c83 Key gen param support.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
410877bad2 Digest string helper function.
New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
e5e04ee398 Support RSA operations in PSS.
Add support for common operations in PSS by adding a new function
RSA_pkey_ctx_ctrl() which calls EVP_PKEY_CTX_ctrl if the key type
is RSA or PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
42009ae882 PSS parameter encode and decode.
For RSA PSS keys encode and decode parameters when handling public
and private keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
ffc6fad562 add EVP_PKEY_RSA_PSS
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:46 +00:00
Dr. Stephen Henson
6745a1ff32 Cache maskHash parameter
Store hash algorithm used for MGF1 masks in PSS and OAEP modes in PSS and
OAEP parameter structure: this avoids the need to decode part of the ASN.1
structure every time it is used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:46 +00:00
Matt Caswell
f63e428872 Implement TLSv1.3 style CertificateStatus
We remove the separate CertificateStatus message for TLSv1.3, and instead
send back the response in the appropriate Certificate message extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
2017-01-06 10:25:13 +00:00
Matt Caswell
fb3ae0e830 Fix the SSL_set1_sigalgs() macro
This macro has a typo in it which makes it unusable. This issue was already
fixed in 1.0.2 in commit 75fdee0482, but the same fix was not applied to
other branches.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
2016-12-30 17:33:43 +00:00
Richard Levitte
d7c8f142ea M_check_autoarg: sanity check the key
For now, checking that the size is non-zero will suffice.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)
2016-12-20 16:10:24 +01:00
Rich Salz
a47bc28317 Add X509_VERIFY_PARAM inheritance flag set/get
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)
2016-12-13 14:30:21 -05:00
Azat Khuzhin
b9b5181dd2 Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)
Fixes: 8d00e30f96 ("Don't try to init
dasync internally")

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
2016-12-12 17:32:48 +00:00
Benjamin Kaduk
036ba500f7 Restore the ERR_FATAL_ERROR() macro
Commit 0cd0a820ab removed this macro
along with many unused function and reason codes; ERR_FATAL_ERROR()
was not used in the tree, but did have external consumers.

Add it back to restore the API compatibility and avoid breaking
applications for no internal benefit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2049)
2016-12-12 08:23:03 -05:00
Richard Levitte
c922ebe232 VMS UI_OpenSSL: generate OpenSSL errors when things go wrong.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
2016-12-10 10:16:41 +01:00
Dr. Stephen Henson
71bbc79b7d Check input length to pkey_rsa_verify()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
2016-12-09 23:05:44 +00:00
Matt Caswell
7fe97c077b Fix make update issues
Various functions got renamed. We need to rename the error codes too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:21 +00:00
Matt Caswell
332eb39088 Move ServerHello extension parsing into the new extension framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:04 +00:00
Matt Caswell
805a2e9e13 Provide server side extension init and finalisation functions
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:40 +00:00
Matt Caswell
ab83e31414 Move client construction of ClientHello extensions into new framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:30 +00:00
Matt Caswell
6dd083fd68 Move client parsing of ServerHello extensions into new framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:25 +00:00
Matt Caswell
e56c33b98b Rename some functions
The _clienthello_ in the extensions parsing functions is overly specific.
Better to keep the convention to just _client_

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:18 +00:00
Matt Caswell
7da160b0f4 Move ServerHello extension construction into the new extensions framework
This lays the foundation for a later move to have the extensions built and
placed into the correct message for TLSv1.3 (e.g. ServerHello or
EncryptedExtensions).

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:12 +00:00
Matt Caswell
4b299b8e17 Add extensions construction support
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:00 +00:00
Matt Caswell
6b473acabd Refactor ClientHello extension parsing
This builds on the work started in 1ab3836b3 and extends is so that
each extension has its own identified parsing functions, as well as an
allowed context identifying which messages and protocols it is relevant for.
Subsequent commits will do a similar job for the ServerHello extensions.
This will enable us to have common functions for processing extension blocks
no matter which of the multiple messages they are received from. In TLSv1.3
a number of different messages have extension blocks, and some extensions
have moved from one message to another when compared to TLSv1.2.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:45 +00:00
Matt Caswell
fadd9a1e2d Verify that extensions are used in the correct context
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:39 +00:00
Matt Caswell
e46f233444 Add EncryptedExtensions message
At this stage the message is just empty. We need to fill it in with
extension data.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:12 +00:00
Richard Levitte
4984448648 In UI_OpenSSL's open(), generate an error on unknown errno
TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not.  This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)
2016-12-08 13:34:08 +01:00
Richard Levitte
0a687ab0a9 UI_process() didn't generate errors
Since there are many parts of UI_process() that can go wrong, it isn't
very helpful to only return -1 with no further explanation.  With this
change, the error message will at least show which part went wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2037)
2016-12-08 00:06:43 +01:00
Matt Caswell
e60ce9c451 Update the record layer to use TLSv1.3 style record construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
7776a36cfa Ensure the end of first server flight processing is done
There is a set of miscellaneous processing for OCSP, CT etc at the end of
the ServerDone processing. In TLS1.3 we don't have a ServerDone, so this
needs to move elsewhere.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
92760c21e6 Update state machine to be closer to TLS1.3
This is a major overhaul of the TLSv1.3 state machine. Currently it still
looks like TLSv1.2. This commit changes things around so that it starts
to look a bit less like TLSv1.2 and bit more like TLSv1.3.

After this commit we have:

ClientHello
+ key_share          ---->
                           ServerHello
                           +key_share
                           {CertificateRequest*}
                           {Certificate*}
                           {CertificateStatus*}
                     <---- {Finished}
{Certificate*}
{CertificateVerify*}
{Finished}           ---->
[ApplicationData]    <---> [Application Data]

Key differences between this intermediate position and the final TLSv1.3
position are:
- No EncryptedExtensions message yet
- No server side CertificateVerify message yet
- CertificateStatus still exists as a separate message
- A number of the messages are still in the TLSv1.2 format
- Still running on the TLSv1.2 record layer

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
0d9824c171 Implement tls13_change_cipher_state()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Kurt Roeckx
beacb0f0c1 Make SSL_read and SSL_write return the old behaviour and document it.
This reverts commit 4880672a9b.

Fixes: #1903

Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1931
2016-11-21 21:54:28 +01:00
Kurt Roeckx
2f545ae45d Add support for reference counting using C11 atomics
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1500
2016-11-17 22:02:25 +01:00
Matt Caswell
e304d3e20f Remove a hack from ssl_test_old
ssl_test_old was reaching inside the SSL structure and changing the internal
BIO values. This is completely unneccessary, and was causing an abort in the
test when enabling TLSv1.3.

I also removed the need for ssl_test_old to include ssl_locl.h. This
required the addition of some missing accessors for SSL_COMP name and id
fields.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:27:40 +00:00
Matt Caswell
94ed2c6739 Fixed various style issues in the key_share code
Numerous style issues as well as references to TLS1_3_VERSION instead of
SSL_IS_TLS13(s)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Matt Caswell
0f1e51ea11 Start using the key_share data to derive the PMS
The previous commits put in place the logic to exchange key_share data. We
now need to do something with that information. In <= TLSv1.2 the equivalent
of the key_share extension is the ServerKeyExchange and ClientKeyExchange
messages. With key_share those two messages are no longer necessary.

The commit removes the SKE and CKE messages from the TLSv1.3 state machine.
TLSv1.3 is completely different to TLSv1.2 in the messages that it sends
and the transitions that are allowed. Therefore, rather than extend the
existing <=TLS1.2 state transition functions, we create a whole new set for
TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time
they will be amended.

The new TLSv1.3 transitions remove SKE and CKE completely. There's also some
cleanup for some stuff which is not relevant to TLSv1.3 and is easy to
remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN.

I also disable EXTMS for TLSv1.3. Using it was causing some added
complexity, so rather than fix it I removed it, since eventually it will not
be needed anyway.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Matt Caswell
d7c42d71ba Add processing of the key_share received in the ServerHello
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Matt Caswell
b1834ad781 Add the key_share processing to the server side
At the moment the server doesn't yet do anything with this information.
We still need to send the server's key_share info back to the client. That
will happen in subsequent commits.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Matt Caswell
d2c27a28c0 Generate the key_shares extension on the client side
In this commit we just generate the extension on the client side, but don't
yet do anything with it. Subsequent commits, will add the server side
capability.

At the moment we hard code a single key_share. In the future we should make
this configurable.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:45 +00:00
Rob Percival
1871a5aa8a Reword documentation for {SCT_CTX/CT_POLICY_EVAL_CTX}_set_time
Do not call the time "current", as a different time can be provided.
For example, a time slightly in the future, to provide tolerance for
CT logs with a clock that is running fast.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
333c2e4372 Remove obsolete error constant CT_F_CTLOG_NEW_NULL
ctlog_new_null() no longer exists.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
1fa9ffd934 Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Richard Levitte
b612799a80 Revert "Remove heartbeats completely"
Done too soon, this is for future OpenSSL 1.2.0

This reverts commit 6c62f9e163.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-15 14:53:33 +01:00
Richard Levitte
6c62f9e163 Remove heartbeats completely
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
2016-11-15 10:45:21 +01:00
Sebastian Andrzej Siewior
af54741265 dsa/dsa_gen: add error message for seed_len < 0
prio openssl 1.1.0 seed_len < q was accepted and the seed argument was
then ignored. Now DSA_generate_parameters_ex() returns an error in such
a case but no error string.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1657)
2016-11-14 08:56:09 -05:00
Matt Caswell
de4d764e32 Rename the Elliptic Curves extension to supported_groups
This is a skin deep change, which simply renames most places where we talk
about curves in a TLS context to groups. This is because TLS1.3 has renamed
the extension, and it can now include DH groups too. We still only support
curves, but this rename should pave the way for a future extension for DH
groups.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 15:05:36 +00:00
Matt Caswell
b97667ce67 Fix some missing checks for TLS1_3_VERSION_DRAFT
There were a few places where we weren't checking to see if we were using
the draft TLS1.3 version or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:09 +00:00
Matt Caswell
619d8336d0 Update TLS1.3 draft version numbers for latest draft
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
b5b253b1bf Add the ability to send the supported_versions extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
d2139cf8df Update HKDF to support separte Extract and Expand steps
At the moment you can only do an HKDF Extract and Expand in one go. For
TLS1.3 we need to be able to do an Extract first, and the subsequently do
a number of Expand steps on the same PRK.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00
Matt Caswell
801cb720ad Fix make update following extensions refactor
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 09:10:30 +00:00
Matt Caswell
1ab3836b3b Refactor ClientHello processing so that extensions get parsed earlier
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 09:10:29 +00:00
David Benjamin
608a026494 Implement RSASSA-PKCS1-v1_5 as specified.
RFC 3447, section 8.2.2, steps 3 and 4 states that verifiers must encode
the DigestInfo struct and then compare the result against the public key
operation result. This implies that one and only one encoding is legal.

OpenSSL instead parses with crypto/asn1, then checks that the encoding
round-trips, and allows some variations for the parameter. Sufficient
laxness in this area can allow signature forgeries, as described in
https://www.imperialviolet.org/2014/09/26/pkcs1.html

Although there aren't known attacks against OpenSSL's current scheme,
this change makes OpenSSL implement the algorithm as specified. This
avoids the uncertainty and, more importantly, helps grow a healthy
ecosystem. Laxness beyond the spec, particularly in implementations
which enjoy wide use, risks harm to the ecosystem for all. A signature
producer which only tests against OpenSSL may not notice bugs and
accidentally become widely deployed. Thus implementations have a
responsibility to honor the specification as tightly as is practical.

In some cases, the damage is permanent and the spec deviation and
security risk becomes a tax all implementors must forever pay, but not
here. Both BoringSSL and Go successfully implemented and deployed
RSASSA-PKCS1-v1_5 as specified since their respective beginnings, so
this change should be compatible enough to pin down in future OpenSSL
releases.

See also https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

As a bonus, by not having to deal with sign/verify differences, this
version is also somewhat clearer. It also more consistently enforces
digest lengths in the verify_recover codepath. The NID_md5_sha1 codepath
wasn't quite doing this right.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1474
2016-11-07 21:04:54 +01:00
Matt Caswell
5d71f7ea29 Correct the Id for the TLS1.3 ciphersuite
We have one TLS1.3 ciphersuite, but there is a typo in the id that should
be corrected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-07 15:47:22 +00:00
Matt Caswell
d02ef3d0be Fix some clashing symbol numbers due to merge conflict
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 12:09:46 +00:00
Matt Caswell
2688e7a0be Provide some constant time functions for dealing with size_t values
Also implement the using of them

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 12:09:46 +00:00
Matt Caswell
7ee8627f6e Convert libssl writing for size_t
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 12:09:45 +00:00
Matt Caswell
eda757514e Further libssl size_t-ify of reading
Writing still to be done

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 12:09:45 +00:00
Richard Levitte
7dc60ba7c8 Add a HEADER_MODES_H guard in include/openssl/modes.h
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Matt Caswell
b39eda7ee6 Add a DSO_dsobyaddr() function
This works the same way as DSO_pathbyaddr() but instead returns a ptr to
the DSO that contains the provided symbol.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Matt Caswell
cb6ea61c16 Partial revert of 3d8b2ec42 to add back DSO_pathbyaddr
Commit 3d8b2ec42 removed various unused functions. However now we need to
use one of them! This commit resurrects DSO_pathbyaddr(). We're not going to
resurrect the Windows version though because what we need to achieve can be
done a different way on Windows.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
David Woodhouse
045bd04706 Add DTLS_get_data_mtu() function
We add ssl_cipher_get_overhead() as an internal function, to avoid
having too much ciphersuite-specific knowledge in DTLS_get_data_mtu()
itself. It's going to need adjustment for TLSv1.3... but then again, so
is fairly much *all* of the SSL_CIPHER handling. This bit is in the noise.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-02 14:00:10 +00:00
Matt Caswell
582a17d662 Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Todd Short
b50052dbe8 Add SSL_CTX_set1_cert_store()
For convenience, combine getting a new ref for the new SSL_CTX
with assigning the store and freeing the old one.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1755)
2016-11-01 15:39:57 -04:00
Benjamin Kaduk
4e3973b457 Try to unify BIO read/write parameter names
After the recent reworking, not everything matched up, and some
comments didn't catch up to the outl-->dlen and inl-->dlen renames
that happened during the development of the recent patches.

Try to make parameter names consistent across header, implementation,
and manual pages.

Also remove some trailing whitespace that was inadvertently introduced.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1798)
2016-10-29 00:56:52 +02:00
Matt Caswell
7bf79e33c9 Fix some feedback issues for BIO size_t-ify
Rename some parameters; add some error codes; fix a comment; etc

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
42c6046064 More parameter naming of BIO_read*/BIO_write* related functions
Based on feedback received.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
f42fd819d6 Tweaks based on review feedback of BIO size_t work
Rename some parameters.
Also change handling of buffer sizes >INT_MAX in length.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
98e553d2ce Ensure all BIO functions call the new style callback
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
3befffa39d Create BIO_write_ex() which handles size_t arguments
Also extend BIO_METHOD to be able to supply an implementation for the new
BIO_write_ex function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
d07aee2c7a Create BIO_read_ex() which handles size_t arguments
Also extend BIO_METHOD to be able to supply an implementation for the new
BIO_read function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
875e3f934e Provide a cross-platform format specifier (OSSLzu) for printing size_t
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-26 21:03:29 +01:00
jrmarino
2df7f11fad Fix support for DragonFly BSD
The __DragonFly__ macros were introduced in issue #1546 along with a
function naming fix, but it was decided they should be handled
separately.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1765)
2016-10-22 04:25:17 -04:00
David Woodhouse
cde6145ba1 Add SSL_OP_NO_ENCRYPT_THEN_MAC
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-17 23:17:39 +01:00
David Benjamin
609b0852e4 Remove trailing whitespace from some files.
The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:

  find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'

Then bn_prime.h was excluded since this is a generated file.

Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:21 +01:00
Matt Caswell
5923ad4bbe Don't set the handshake header in every message
Move setting the handshake header up a level into the state machine code
in order to reduce boilerplate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-03 16:25:48 +01:00
Matt Caswell
cc59ad1073 Convert CertStatus message construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 17:07:45 +01:00
Dr. Stephen Henson
2171a071aa ASN1_ITEM should use type name not structure name.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:46 +01:00
Dr. Stephen Henson
56501ebd09 Add ASN1_ITEM lookup and enumerate functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:45 +01:00
Matt Caswell
83ae466131 Fix missing NULL checks in NewSessionTicket construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:15:16 +01:00
Matt Caswell
a671b3e64a Add OCSP_RESPID_match()
Add a function for testing whether a given OCSP_RESPID matches with a
certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Matt Caswell
e12c0beb5a Add the ability to set OCSP_RESPID fields
OCSP_RESPID was made opaque in 1.1.0, but no accessors were provided for
setting the name/key value for the OCSP_RESPID.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Matt Caswell
af58be768e Don't allow too many consecutive warning alerts
Certain warning alerts are ignored if they are received. This can mean that
no progress will be made if one peer continually sends those warning alerts.
Implement a count so that we abort the connection if we receive too many.

Issue reported by Shi Lei.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-21 20:17:04 +01:00
Rich Salz
4588cb4443 Revert "Constify code about X509_VERIFY_PARAM"
This reverts commit 81f9ce1e19.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-21 10:37:03 -04:00
Matt Caswell
3c10632529 make update and fix some associated mis-matched error codes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-21 14:31:30 +01:00
Matt Caswell
15e6be6c5c Convert NextProto message construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 10:16:56 +01:00
FdaSilvaYY
81f9ce1e19 Constify code about X509_VERIFY_PARAM
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1594)
2016-09-18 00:22:00 -04:00
Viktor Szakats
c2efa78309 bio.h: fix number of arguments passed to BIO_ptr_ctrl()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1520)
2016-09-13 09:19:24 -04:00
Matt Caswell
2c7b4dbc1a Convert tls_construct_client_hello() to use PACKETW
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Richard Levitte
278a33da3c VMS: be less picky when loading DSOs
The DSO API was picky about casing of symbol names on VMS.

There's really no reason to be that picky, it's mostly just annoying.
Therefore, we take away the possibility to flag for a choice, and will
instead first try to find a symbol with exact case, and failing that,
we try to find it in upper case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-11 23:18:03 +02:00
Richard Levitte
156e34f21d Update CHANGES, NEWS, README and opensslv.h on master
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-25 19:07:17 +02:00
Viktor Dukhovni
4a7b3a7b4d Un-delete still documented X509_STORE_CTX_set_verify
It should not have been removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 20:30:45 +01:00
Rob Percival
ea4b7ded52 Updates the CT_POLICY_EVAL_CTX POD
Ownership semantics and function names have changed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
5edcadb127 Documents the CTLOG functions
CTLOG_new_null() has been removed from the code, so it has also been
removed from this POD.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
b4a986163c Add comment about calling CT_POLICY_EVAL_CTX_free
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
efa00a46c5 Fix comment about what SCT_LIST_validate does.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
63e27d4d0f Removes {i2o,o2i}_SCT_signature from the CT public API
They may return if an SCT_signature struct is added in the future that
allows them to be refactored to conform to the i2d/d2i function signature
conventions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:23:28 +01:00
Rob Percival
cdb2a60347 Internalizes SCT_verify and removes SCT_verify_v1
SCT_verify is impossible to call through the public API (SCT_CTX_new() is
not part of the public API), so rename it to SCT_CTX_verify and move it
out of the public API.

SCT_verify_v1 is redundant, since SCT_validate does the same verification
(by calling SCT_verify) and more. The API is less confusing with a single
verification function (SCT_validate).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:12:25 +01:00
FdaSilvaYY
0fe9123687 Constify a bit X509_NAME_get_entry
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
9f5466b9b8 Constify some X509_NAME, ASN1 printing code
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
bf9d5e483d Constify some input parameters.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
a026fbf977 Constify some inputs buffers
remove useless cast to call ASN1_STRING_set

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
35da893f86 Constify ASN1_PCTX_*
... add a static keyword.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
Kazuki Yamaguchi
9ba6f347fe Expose alloc functions for EC{PK,}PARAMETERS
Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The
free functions are necessary because EC_GROUP_get_ec{pk,}parameters()
was made public by commit 60b350a3ef ("RT3676: Expose ECgroup i2d
functions").

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 15:10:02 +01:00
Andy Polyakov
1194ea8dc3 crypto/pkcs12: facilitate accessing data with non-interoperable password.
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:59 +02:00
Andy Polyakov
b799aef863 crypto/pkcs12: default to UTF-8.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:55 +02:00
Andy Polyakov
9e6b2f54e4 crypto/pkcs12: add UTF8 support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:50:04 +02:00
Rich Salz
5a7ad1f08b Move BIO index lock creation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-21 14:18:09 -04:00
Dr. Stephen Henson
0b7347effe Add X509_getm_notBefore, X509_getm_notAfter
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.

Rename X509_SIG_get0_mutable to X509_SIG_getm.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-21 18:25:23 +01:00
FdaSilvaYY
bf932fbd4a Duplicate includes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1475)
2016-08-20 19:31:12 +02:00
Rich Salz
8b8d963db5 Add BIO_get_new_index()
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-08-19 21:04:41 -04:00
Dr. Stephen Henson
568ce3a583 Constify certificate and CRL time routines.
Update certificate and CRL time routines to match new standard.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 18:40:55 +01:00
Matt Caswell
28da14555f Convert PKCS12* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-19 15:46:19 +01:00
Matt Caswell
7f35b7d9c5 Update function error code
A function error code needed updating due to merge issues.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
1fb9fdc302 Fix DTLS replay protection
The DTLS implementation provides some protection against replay attacks
in accordance with RFC6347 section 4.1.2.6.

A sliding "window" of valid record sequence numbers is maintained with
the "right" hand edge of the window set to the highest sequence number we
have received so far. Records that arrive that are off the "left" hand
edge of the window are rejected. Records within the window are checked
against a list of records received so far. If we already received it then
we also reject the new record.

If we have not already received the record, or the sequence number is off
the right hand edge of the window then we verify the MAC of the record.
If MAC verification fails then we discard the record. Otherwise we mark
the record as received. If the sequence number was off the right hand edge
of the window, then we slide the window along so that the right hand edge
is in line with the newly received sequence number.

Records may arrive for future epochs, i.e. a record from after a CCS being
sent, can arrive before the CCS does if the packets get re-ordered. As we
have not yet received the CCS we are not yet in a position to decrypt or
validate the MAC of those records. OpenSSL places those records on an
unprocessed records queue. It additionally updates the window immediately,
even though we have not yet verified the MAC. This will only occur if
currently in a handshake/renegotiation.

This could be exploited by an attacker by sending a record for the next
epoch (which does not have to decrypt or have a valid MAC), with a very
large sequence number. This means the right hand edge of the window is
moved very far to the right, and all subsequent legitimate packets are
dropped causing a denial of service.

A similar effect can be achieved during the initial handshake. In this
case there is no MAC key negotiated yet. Therefore an attacker can send a
message for the current epoch with a very large sequence number. The code
will process the record as normal. If the hanshake message sequence number
(as opposed to the record sequence number that we have been talking about
so far) is in the future then the injected message is bufferred to be
handled later, but the window is still updated. Therefore all subsequent
legitimate handshake records are dropped. This aspect is not considered a
security issue because there are many ways for an attacker to disrupt the
initial handshake and prevent it from completing successfully (e.g.
injection of a handshake message will cause the Finished MAC to fail and
the handshake to be aborted). This issue comes about as a result of trying
to do replay protection, but having no integrity mechanism in place yet.
Does it even make sense to have replay protection in epoch 0? That
issue isn't addressed here though.

This addressed an OCAP Audit issue.

CVE-2016-2181

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Dr. Stephen Henson
68c12bfc66 Add X509_get0_serialNumber() and constify OCSP_cert_to_id()
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:47:31 +01:00
Dr. Stephen Henson
11222483d7 constify X509_REQ_get0_signature()
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:47:31 +01:00
Dr. Stephen Henson
60c2587369 constify i2o_ECPublicKey
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:44:18 +01:00
Dr. Stephen Henson
095d2f0f8a Constify i2a*
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-18 17:20:36 +01:00
Matt Caswell
604f6eff31 Convert X509_REVOKED* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-18 11:59:39 +01:00
Richard Levitte
8d00e30f96 Don't try to init dasync internally
Since dasync isn't installed, and is only ever used as a dynamic
engine, there's no reason to consider it for initialization when
building static engines.

Reviewed-by: Ben Laurie <ben@openssl.org>
2016-08-17 21:34:42 +02:00
Dr. Stephen Henson
59b4da05b4 Constify X509_SIG.
Constify X509_SIG_get0() and order arguments to mactch new standard.

Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:48:43 +01:00
Dr. Stephen Henson
5ebd2fcbc7 Constify X509_certificate_type()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 14:59:54 +01:00
Dr. Stephen Henson
8adc1cb851 Constify X509_get0_signature()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 14:12:55 +01:00
Dr. Stephen Henson
8900f3e398 Convert X509* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 13:59:04 +01:00
Matt Caswell
5e6089f0eb Convert X509_CRL* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 13:38:03 +01:00
Matt Caswell
6eabcc839f Make X509_NAME_get0_der() conform to OpenSSL style
Put the main object first in the params list.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 13:03:04 +01:00
Matt Caswell
79613ea844 Convert OCSP* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 12:29:03 +01:00
Dr. Stephen Henson
245c6bc33b Constify private key decode.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
ac4e257747 constify X509_ALGOR_get0()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
0c8006480f Constify ASN1_item_unpack().
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Remi Gacogne
fddfc0afc8 Add missing session id and tlsext_status accessors
* SSL_SESSION_set1_id()
 * SSL_SESSION_get0_id_context()
 * SSL_CTX_get_tlsext_status_cb()
 * SSL_CTX_get_tlsext_status_arg()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 10:38:20 +01:00
Matt Caswell
48593cb12a Convert SSL_SESSION* functions to use const getters
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:28 +01:00
Matt Caswell
b2e57e094d Convert PKCS8* functions to use const getters
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:27 +01:00
Matt Caswell
bb2f62baba Convert TS_STATUS_INFO* functions to use const getters
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:27 +01:00
Matt Caswell
2ecb9f2d18 Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto()
These functions are no longer relevant to 1.1.0 (we always have auto ecdh
on) - but no reason to break old code that tries to call it. The macros will
only return a dummy "success" result if the app was trying to enable ecdh.
Disabling can't be done in quite this way any more.

Fixes Github Issue #1437

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-16 17:11:43 +01:00
Dr. Stephen Henson
17ebf85abd Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:05:35 +01:00
Rob Percival
11c68ceaa6 Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions
They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15 12:56:47 -04:00
Rob Percival
a1bb7708ce Improves CTLOG_STORE setters
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15 12:56:47 -04:00
Dr. Stephen Henson
5d6aaf8a9d Add point ctrls to X25519
Add ctrl operations to set or retrieve encoded point in
EVP_PKEY structures containing X25519 keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
59bf0f031f make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
4950f8885c Use OIDs from draft-ietf-curdle-pkix-02
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Rich Salz
e928132343 GH1446: Add SSL_SESSION_get0_cipher
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451)
2016-08-12 15:23:48 -04:00
Rich Salz
f67cbb7443 Add #defines for magic numbers in API.
Binary- and backward-compatible.  Just better.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
2016-08-10 10:07:37 -04:00
Kurt Roeckx
5898b8eb87 Fix spelling of error code
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1421)
2016-08-10 09:58:57 -04:00
Rich Salz
3663990760 Add some const casts
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1397)
2016-08-10 09:53:58 -04:00
Rich Salz
446dffa7f6 GH1383: Add casts to ERR_PACK
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1385
2016-08-10 09:45:36 -04:00
Rob Percival
a6f5d614c5 Mkae CT_log_new_from_base64 always return 0 on failure
In one failure case, it used to return -1. That failure case
(CTLOG_new() returning NULL) was not usefully distinct from all of the
other failure cases.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1407)
2016-08-05 21:34:59 -04:00
klemens
6025001707 spelling fixes, just comments and readme.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-05 19:07:30 -04:00
Rob Percival
1ccbe6b32c Removes CTLOG_new_null from the CT public API
This is an entirely useless function, given that CTLOG is publicly
immutable.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1406)
2016-08-05 18:49:58 -04:00
Dániel Bakai
739fe504e8 Added appropriate OPENSSL_NO_STDIO to PKCS12 header
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-05 02:00:39 +02:00
David Woodhouse
032924c4b4 Make DTLS1_BAD_VER work with DTLS_client_method()
DTLSv1_client_method() is deprecated, but it was the only way to obtain
DTLS1_BAD_VER support. The SSL_OP_CISCO_ANYCONNECT hack doesn't work with
DTLS_client_method(), and it's relatively non-trivial to make it work without
expanding the hack into lots of places.

So deprecate SSL_OP_CISCO_ANYCONNECT with DTLSv1_client_method(), and make
it work with SSL_CTX_set_{min,max}_proto_version(DTLS1_BAD_VER) instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-04 20:56:24 +01:00
Rich Salz
412c8507ee Remove "lockit" from internal error-hash function
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1389)
2016-08-04 14:23:08 -04:00
Dr. Stephen Henson
20fc103f78 Limit status message sisze in ts_get_status_check
Thanks to Shi Lei for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-04 17:34:28 +01:00
FdaSilvaYY
c47ba4e96c Constify some ASN1_OBJECT *obj input parameters
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
cfc5e0aa73 Constify inputs of two X509_LOOKUP_METHOD methods
... get_by_fingerprint() and get_by_alias()

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
924212a670 Constify input buffer
of X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_ENTRY_create_by_NID

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
f48ebf9f4c Constify ASN1_INTEGER_get, ASN1_ENUMERATED_get
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
Matt Caswell
81dd999028 Prepare for 1.1.0-pre7-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 15:02:43 +01:00
Matt Caswell
2f554efe20 Prepare for 1.1.0-pre6 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 15:00:44 +01:00
Dr. Stephen Henson
b26ab17f3d Constify some X509_CRL, X509_REQ functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 19:53:43 +01:00
Dr. Stephen Henson
5d8d9a8efa Add DSA_bits() function.
RT#4637

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 19:37:42 +01:00
Richard Levitte
ef8938c3e8 Forgotten make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 16:14:41 +02:00
Richard J. Moore
3c8537765c Const the ex data stuff too to fix warnings
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:13:27 +02:00
Richard J. Moore
4a9a0d9bcb Const EC_KEY_dup
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:13:27 +02:00
Andy Polyakov
83151b73a4 evp/evp_enc.c: make assert error message more readable
and add EVPerr(PARTIALLY_OVERLAPPED)

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-31 17:03:11 +02:00
Richard J. Moore
22293ea1cc Ignore the serial number for now and just do the rest.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-30 15:19:24 -04:00
Richard J. Moore
1421aeadd7 Make some more X509 functions const.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-30 15:19:24 -04:00
Matt Caswell
65e2d67254 Simplify and rename SSL_set_rbio() and SSL_set_wbio()
SSL_set_rbio() and SSL_set_wbio() are new functions in 1.1.0 and really
should be called SSL_set0_rbio() and SSL_set0_wbio(). The old
implementation was not consistent with what "set0" means though as there
were special cases around what happens if the rbio and wbio are the same.
We were only ever taking one reference on the BIO, and checking everywhere
whether the rbio and wbio are the same so as not to double free.

A better approach is to rename the functions to SSL_set0_rbio() and
SSL_set0_wbio(). If an existing BIO is present it is *always* freed
regardless of whether the rbio and wbio are the same or not. It is
therefore the callers responsibility to ensure that a reference is taken
for *each* usage, i.e. one for the rbio and one for the wbio.

The legacy function SSL_set_bio() takes both the rbio and wbio in one go
and sets them both. We can wrap up the old behaviour in the implementation
of that function, i.e. previously if the rbio and wbio are the same in the
call to this function then the caller only needed to ensure one reference
was passed. This behaviour is retained by internally upping the ref count.

This commit was inspired by BoringSSL commit f715c423224.

RT#4572

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Dr. Stephen Henson
ba1a1c3783 Deprecate X509_LU_FAIL, X509_LU_RETRY
Instead of X509_LU_FAIL, X509_LU_RETRY use 0/1 for return values.

RT#4577

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 16:23:02 +01:00
Dr. Stephen Henson
0946a19886 Use X509_LOOKUP_TYPE for lookup type consistently.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 16:23:02 +01:00
Dr. Stephen Henson
4c4a2f670b Move X509_LU_RETRY, X509_LU_FAIL
X509_LU_RETRY and X509_LU_FAIL are not X509_OBJECT types so don't include
them in the enum.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 16:23:02 +01:00
FdaSilvaYY
9d7bfb14dd Discard BIO_set(BIO* bio) method
Simplify BIO init using OPENSSL_zalloc().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1261)
2016-07-25 13:48:32 -04:00
Richard Levitte
fe0169b097 Make it possible for external code to set the certiciate proxy path length
This adds the functions X509_set_proxy_pathlen(), which sets the
internal pc path length cache for a given X509 structure, along with
X509_get_proxy_pathlen(), which retrieves it.

Along with the previously added X509_set_proxy_flag(), this provides
the tools needed to manipulate all the information cached on proxy
certificates, allowing external code to do what's necessary to have
them verified correctly by the libcrypto code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:36:39 +02:00
Richard Levitte
3067095e8a Add X509_STORE lock and unlock functions
Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
store while they do their work.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:33:41 +02:00
Richard Levitte
0a5fe2eb94 Add setter and getter for X509_STORE's check_policy
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:20:58 +02:00
Richard Levitte
1060a50b6d Add getters / setters for the X509_STORE_CTX and X509_STORE functions
We only add setters for X509_STORE function pointers except for the
verify callback function.  The thought is that the function pointers
in X509_STORE_CTX are a cache for the X509_STORE functions.
Therefore, it's preferable if the user makes the changes in X509_STORE
before X509_STORE_CTX_init is called, and otherwise use the verify
callback to override any results from OpenSSL's internal
calculations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:20:58 +02:00
FdaSilvaYY
ceab33e2cf Typo and comment fix
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
2016-07-25 08:35:39 -04:00
FdaSilvaYY
67c93e6d9f Discard some unused typedefs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
2016-07-25 08:35:39 -04:00
FdaSilvaYY
c7d13c138c Constify X509|X509_CRL|X509_REVOKED_get_ext
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
7569362ebb Constify ... X509|X509_CRL|X509_REVOKED|_get_ext*()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
fdaf7beec5 Constify ...
X509_REVOKED_get0_extensions
X509_check_private_key

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
84de54b91e Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
a6a283b394 Constify i2s_ASN1_INTEGER, X509V3_get_d2i
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
333ed02c8a Constify input parameters of methods :
- X509_NAME_entry_count, X509_ATTRIBUTE_count
 - X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
e83f154f6c Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
dbf89a9b94 Constify ASN1_buf_print
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
08275a29c1 Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
0aa25a68c0 Constify SXNET_add_id_*
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
25d57dc71b Constify EC_KEY_*_oct2priv() input buffer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
c17dd597ac Constify CMS_decrypt_set1_key input buffer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
Jakub Zelenka
c1054bb4d2 Add EVP_ENCODE_CTX_copy
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1344)
2016-07-24 19:23:00 +01:00
Richard Levitte
9961cb7768 Make it possible for external code to flag a certificate as a proxy one.
This adds the function X509_set_proxy_flag(), which sets the internal flag
EXFLAG_PROXY on a given X509 structure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-23 11:35:23 +02:00
Kurt Roeckx
69588edbaa Check for errors allocating the error strings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
Dr. Stephen Henson
8cc44d970c Don't allocate r/s in DSA_SIG and ECDSA_SIG
To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().

RT#4590

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-20 14:02:54 +01:00
FdaSilvaYY
e8aa8b6c8f Fix a few if(, for(, while( inside code.
Fix some indentation at the same time

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)
2016-07-20 07:21:53 -04:00
Hannes Magnusson
c106eaa8ed Remove reduntant X509_STORE_CTX_set_verify_cb declaration
f0e0fd51fd added X509_STORE_CTX_set_verify_cb
with a typedef'd argument, making the original one redundant.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-20 11:42:35 +01:00
Richard Levitte
963f043d04 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-19 23:49:54 +02:00
Richard Levitte
c2e4e5d248 Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
That way, we have a way to check if the init function was successful
or not.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-19 23:49:54 +02:00
Richard Levitte
925d17f3ee Define a few internal macros for easy use of run_once functions
Because pthread_once() takes a function taking no argument and
returning nothing, and we want to be able to check if they're
successful, we define a few internal macros to get around the issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-19 23:49:54 +02:00
Matt Caswell
4fa88861ee Update error codes following tls_process_key_exchange() refactor
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-19 12:18:46 +01:00
Richard Levitte
bbba0a7dff make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 11:50:42 +02:00
Richard Levitte
384a5d25b1 Fixup collision between SSL_F_TLS_PROCESS_SKE and SSL_F_TLS_PROCESS_CKE macros
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 11:49:51 +02:00
Matt Caswell
05ec6a25f8 Fix up error codes after splitting up tls_construct_key_exchange()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-18 23:05:15 +01:00
Matt Caswell
c76a4aead2 Errors fix up following break up of CKE processing
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-18 22:55:07 +01:00
Dr. Stephen Henson
d166ed8c11 check return values for EVP_Digest*() APIs
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-15 14:09:05 +01:00
Dr. Stephen Henson
02fb7cfeb2 Add OCSP accessors.
RT#4605

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-13 14:41:58 +01:00
Viktor Dukhovni
5ae4ceb92c Perform DANE-EE(3) name checks by default
In light of potential UKS (unknown key share) attacks on some
applications, primarily browsers, despite RFC761, name checks are
by default applied with DANE-EE(3) TLSA records.  Applications for
which UKS is not a problem can optionally disable DANE-EE(3) name
checks via the new SSL_CTX_dane_set_flags() and friends.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-12 10:16:34 -04:00
Dr. Stephen Henson
5bd5dcd496 Add nameConstraints commonName checking.
New hostname checking function asn1_valid_host()

Check commonName entries against nameConstraints: any CN components in
EE certificate which look like hostnames are checked against
nameConstraints.

Note that RFC5280 et al only require checking subject alt name against
DNS name constraints.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-11 23:30:04 +01:00
Rich Salz
54478ac92a GH1278: Removed error code for alerts
Commit aea145e removed some error codes that are generated
algorithmically: mapping alerts to error texts.  Found by
Andreas Karlsson.  This restores them, and adds two missing ones.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-08 13:28:33 -04:00
Rich Salz
91da5e7710 Replace all #define's in pod pages.
Function-like macros are replaced with prototypes and a note
that they are implemented as macros.  Constants are just
referenced in-line in the text.

Tweak BIO_TYPE_... documentation.

Also fix RT4592.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-08 12:55:45 -04:00
Andy Polyakov
f1f5ee17b6 include/openssl: don't include <windows.h> in public headers.
If application uses any of Windows-specific interfaces, make it
application developer's respondibility to include <windows.h>.
Rationale is that <windows.h> is quite "toxic" and is sensitive
to inclusion order (most notably in relation to <winsock2.h>).
It's only natural to give complete control to the application developer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-08 11:49:44 +02:00
Richard Levitte
5534c16a87 Stop using and deprecate ENGINE_setup_bsd_cryptodev
The calls we made to it were redundant, as the same initialization is
done later in OPENSSL_init_crypto() anyway.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-05 23:52:09 +02:00
FdaSilvaYY
4aed8756d8 Improve some error management code in CT
Separate invalid input case from any internal (malloc) failure

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-05 17:45:58 +01:00
FdaSilvaYY
e57036f2bf Fix some memory error handling in CT
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-05 17:45:58 +01:00
Dr. Stephen Henson
c2d551c019 Reorganise asn1.h and add comments.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-05 01:19:00 +01:00
Kurt Roeckx
dd850bcb39 Add old locking constants back
Fixes #1260

Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1266
2016-07-01 17:02:33 +02:00
Kurt Roeckx
453bff2267 Make CRYPTO_num_locks() return 1
malloc(0) might return NULL and code for the old callbacks might fail,
instead just say they should allocate 1 entry.

Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1266
2016-07-01 17:02:33 +02:00
Viktor Szakats
533bf1df55 ssl.h: spelling in comment
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1275)
2016-07-01 10:40:13 -04:00
FdaSilvaYY
c0c9c0c026 Constify a bit more OPENSSL_sk_ API
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1244)
2016-06-30 12:58:21 -04:00
Matt Caswell
fb5b14b420 Add some compat macros for removed tmp RSA functions/macros
Commit 361a119 removed all ciphersuites that could support temporary
RSA keys, therefore the associated functions were removed. We should have
"no-op" compatibility macros for these.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-30 15:47:00 +01:00
FdaSilvaYY
02e112a885 Whitespace cleanup in crypto
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
FdaSilvaYY
9d22666eb8 Spelling
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
Andy Polyakov
e0685d2473 rsa/rsa_lib.c: const-ify RSA_get0_engine().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-27 23:31:55 +02:00
Rich Salz
6f4a6a5cd4 RT4586: Remove RSA_memory_lock; unused, not needed
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-06-27 07:39:53 -04:00
Matt Caswell
1aca3618ff Fix some OPENSSL_API_COMPAT values
There are 3 OPENSSL_API_COMPAT values that are incorrect in the header
files, and one inconsistency between the header and the .c

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-27 11:28:29 +01:00
Ben Laurie
24bf6f3c7f Deal with API changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-24 14:40:33 +01:00
Matt Caswell
a6211814c4 Add a getter to obtain the HMAC_CTX md
As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md.

GitHub Issue #1152

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-06-24 13:22:40 +01:00
FdaSilvaYY
3c82e437bb Add checks on sk_TYPE_push() returned result
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 14:03:29 +01:00
FdaSilvaYY
687b486859 Rework error handling from asn1_do_lock method.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 14:00:47 +01:00
Andy Polyakov
eeac54ef6d crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-22 20:20:37 +02:00
FdaSilvaYY
f430ba31ac Spelling... and more spelling
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1245)
2016-06-22 00:26:10 +02:00
Richard Levitte
d0ba7bc8a0 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Richard Levitte
c8223538cb Check that the subject name in a proxy cert complies to RFC 3820
The subject name MUST be the same as the issuer name, with a single CN
entry added.

RT#1852

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Dr. Matthias St. Pierre
54f24e3ed4 RT3925: Remove trailing semi from macro
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-20 15:08:23 -04:00
huangqinjin
14f4656058 doc and comment fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1233)
2016-06-20 09:53:21 -04:00
Emilia Kasper
9267c11bb5 Make DSA_SIG and ECDSA_SIG getters const.
Reorder arguments to follow convention.

Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0.

This complements GH1193 which adds non-const setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 14:58:36 +02:00
Matt Caswell
1dcb8ca2a4 Use a STACK_OF(OPENSSL_CSTRING) for const char * stacks
Better than losing the const qualifier.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
6b44f2597e OpenBSD has intypes.h
Update e_os2.h so that inttypes.h is included.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
ac94c8fdb9 Improve const correctness for stacks of EVP_MD
EVP_MDs are always const, so stacks of them should be too. This silences
a warning about type punning on OpenBSD.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
98370c2dd7 constify SRP
Add const qualifiers to lots of SRP stuff. This started out as an effort
to silence some "type-punning" warnings on OpenBSD...but the fix was to
have proper const correctness in SRP.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Rich Salz
d3b64b89ed Fix GCC build; make update; fix number re-use
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 15:48:03 -04:00
Nathaniel McCallum
ebad0b0beb Add EVP_PKEY_get0_hmac() function
Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)
2016-06-16 13:33:47 -04:00
Matt Caswell
cf3404fcc7 Change the return type of EVP_EncodeUpdate
Previously EVP_EncodeUpdate returned a void. However there are a couple
of error conditions that can occur. Therefore the return type has been
changed to an int, with 0 indicating error and 1 indicating success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-16 09:50:48 +01:00
Richard Levitte
fd809cfdbd Constify the parameter getters for RSA, DSA and DH
Including documentation changes

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 20:09:27 +02:00
FdaSilvaYY
c8f717fe87 Constify input buffers of some X509V3 and X509_PURPOSE -related methods
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
82643254d6 Constify X509_TRUST_add method.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
fa3a84422d Constify some input buffers in asn1
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
dc423f898e Constify CMS_get0_type input
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
472f727c55 Constify UI
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
82af00fbdd Constify PKCS12_create, PKCS12_add_key, PKCS12_add_safe.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
Rich Salz
cda3ae5bd0 RT4562: Fix misleading doc on OPENSSL_config
Also changed the code to use "appname" not "filename"

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-14 12:30:37 -04:00
Peter Mosmans
b4b576d3b7 RT3454: Re-enable nistp-64_gcc_128 on windows
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-13 18:33:02 -04:00
TJ Saunders
1d454d58a8 Forgot to update the setter argument ordering in the public headers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
TJ Saunders
6a571a18dd Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.
SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given
the R and S values, and the data to be signed, by the client.  Thus in order
to validate these signatures, SSH2 implementations will digest and sign
the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects.

Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting
those R and S values in these objects, which makes using OpenSSL for such
SSH2 implementations much more difficult.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
Rich Salz
6670d55a84 Make a2i_ipadd an internal function
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-09 17:15:42 -04:00
Jeffrey Walton
2a7de0fd5d Fixes to get -ansi working
Various fixes to get the following to compile:

./config no-asm -ansi -D_DEFAULT_SOURCE

RT4479
RT4480

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 20:18:04 +01:00
Rich Salz
e417070c9f Add some accessor API's
GH1098: Add X509_get_pathlen() (and a test)
GH1097:  Add SSL_is_dtls() function.

Documented.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 11:37:06 -04:00
Matt Caswell
30b967651c Add SSL_CTX_get_tlsext_status_type()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-07 17:05:52 +01:00
Alessandro Ghedini
4300aaf351 Add SSL_get_tlsext_status_type() method
The tlsext_status_type field in SSL is used by e.g. OpenResty to determine
if the client requested the certificate status, but SSL is now opaque.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-07 17:05:52 +01:00
Matt Caswell
5584f65a10 Deprecate the flags that switch off constant time
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
off the constant time implementation for RSA, DSA and DH have been made
no-ops and deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-06 11:09:06 +01:00
FdaSilvaYY
3470795171 Constify X509V3_EXT_*_conf*
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
009951d24d Constify ASN1_generate_nconf
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
12eaf3b849 Constify ASN1_generate_v3
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
13f74c66ce Constify s2i_ASN1_IA5STRING
Return directly NULL after ASN1_STRING_set, as it already has set an error code.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
2b91da968c Constify s2i_ASN1_INTEGER
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
7d7da288b8 Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
Rich Salz
d485806092 Fix re-used function code
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-04 15:01:37 -04:00
Rich Salz
255cf605d6 RT3895: Remove fprintf's from SSL library.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-04 07:08:29 -04:00
Richard Levitte
f6ce429084 Change inclusion of sys/types.h to stdlib.h in include/openssl/ebcdic.h
Needed to get size_t on Windows

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 01:22:08 +02:00
Richard Levitte
2d5724aa21 Add inclusion of stdlib.h in include/openssl/mdc2.h
Needed to get size_t

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 01:22:08 +02:00
Richard Levitte
e30dff9ee2 Add inclusion of openssl/x509.h in include/openssl/tls1.h
Needed to get the needed declarations for STACK_OF(X509)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 01:22:08 +02:00
Matt Caswell
2c4a056f59 Handle a memory allocation failure in ssl3_init_finished_mac()
The ssl3_init_finished_mac() function can fail, in which case we need to
propagate the error up through the stack.

RT#3198

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 20:29:04 +01:00