Matt Caswell
d08086645f
Ensure we don't call memcpy with a NULL pointer
...
Commit d5aa14dd
simplified the bn_expand_internal() and BN_copy() functions.
Unfortunately it also removed some checks which are still required,
otherwise we call memcpy passing in NULL which is not allowed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2836 )
2017-03-03 23:49:24 +00:00
Dr. Stephen Henson
8336ca13b1
Update and add test
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 22:02:39 +00:00
Dr. Stephen Henson
5528d68f6d
Set specific error is we have no valid signature algorithms set
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 22:02:39 +00:00
Dr. Stephen Henson
b0e9ab95dd
Signature algorithm enhancement.
...
Change tls12_sigalg_allowed() so it is passed a SIGALG_LOOKUP parameter,
this avoids multiple lookups.
When we copy signature algorithms return an error if no valid TLS message
signing algorithm is present. For TLS 1.3 this means we need at least one
signature algorithm other than RSA PKCS#1 or SHA1 both of which can only be
used to sign certificates and not TLS messages.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 22:02:39 +00:00
Dr. Stephen Henson
8f12296e23
Disallow zero length signature algorithms
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 21:58:33 +00:00
Dr. Stephen Henson
224b4e37c0
Don't allow DSA for TLS 1.3
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 21:58:33 +00:00
edelangh
dbaa069a5e
use OSSLzu instead of lu format for size_t display
...
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2660 )
2017-03-03 08:04:47 -05:00
Bernd Edlinger
d734582275
Reset executable bits on files where not needed.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2835 )
2017-03-03 09:13:40 +01:00
Pauli
f2bcff43bc
Update the cipher(1) documentation to explicitly state that the RSA cipher
...
string means the same a kRSA.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2821 )
2017-03-02 19:26:47 -05:00
Rich Salz
332dc4fa5e
sh_malloc & sh_free prototype change to match POSIX
...
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2823 )
2017-03-02 19:16:57 -05:00
Matt Caswell
42f50fdf8a
Silence some more clang warnings
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2832 )
2017-03-03 00:05:57 +00:00
Matt Caswell
30d1bab146
Silence some clang warnings
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2831 )
2017-03-02 23:56:36 +00:00
Matt Caswell
83750d9b2b
More early data documentation updates following feedback
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
cd9f7f624e
Update the API documentation for the latest early data changes
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
09f2887482
Update early data API for writing to unauthenticated clients
...
Change the early data API so that the server must use
SSL_write_early_data() to write to an unauthenticated client.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
0665b4edae
Rename SSL_write_early() to SSL_write_early_data()
...
This is for consistency with the rest of the API where all the functions
are called *early_data*.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
f533fbd44a
Rename SSL_read_early() to SSL_read_early_data()
...
This is for consistency with the rest of the API where all the functions
are called *early_data*.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
ef466accdc
Updates to the early data documentation
...
Following on from the latest API changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
ade1e88806
Updates to s_server and s_client for the latest early_data API changes
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
3eaa417095
Make SSL_write_early_finish() an internal only function
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
5f9820380f
Add early_data tests
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
f7e393be47
Various fixes required to allow SSL_write/SSL_read during early data
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
d7f8783ff9
Enable the server to call SSL_write() without stopping the ability to call SSL_read_early()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
564547e482
Enable the client to call SSL_read() without stopping the ability to call SSL_write_early()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
4004ce5f6c
Introduce a new early_data state in the state machine
...
Also simplifies the state machine a bit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
bc908c679b
Improve the early data sanity check in SSL_do_handshake()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
6437b802f1
Add documentation for the new s_client and s_server early_data options
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
0a5ece5bd2
Tighten sanity checks when calling early data functions
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
fd6c102520
Add documentation for the early data functions
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
f5b519c416
Make SSL_get_early_data_status() take a const
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
46dcb9457e
Make SSL_get_max_early_data() and SSL_CTX_get_max_early_data() take a const
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
fcc4757823
Add a SSL_SESSION_get_max_early_data() function
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
7daf7156d8
Don't attempt to write more early_data than we know the server will accept
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
f637004037
Only accept early_data if the negotiated ALPN is the same
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
a832b5ef7a
Skip early_data if appropriate after a HelloRetryRequest
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
38df5a4527
Don't accept early_data if we are going to issue a HelloRetryRequest
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
538bea6c81
Add extra validation parsing the server-to-client early_data extension
...
Check that we actually resumed the session, and that we selected the first
identity.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
329114f91f
Remove some TLSv1.3 TODOs that are no longer relevant
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
2c604cb9af
Validate the ticket age for resumed sessions
...
If the ticket age calcualtions do not check out then we must not accept
early data (it could be a replay).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
6746648c42
Ensure the max_early_data option to s_server can be 0
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
bfa9a9afe8
Provide a default value for max_early_data
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
70ef40a05e
Check max_early_data against the amount of early data we actually receive
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
67f78eadd0
Make sure we reset the read sequence when skipping records
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
10109364bf
Disallow handshake messages in the middle of early_data
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
c117af6765
Fix seg fault when sending early_data using CCM ciphersuites
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
576eb3958c
Get s_client to report on whether early data was accepted or not
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
b2cc7f313e
Implement client side parsing of the early_data extension
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
e0655186f9
Add a "-early_data" option to s_server
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
fe5e20fd26
Fix changing of the cipher state when dealing with early data
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00
Matt Caswell
1ea4d09a3c
Construct the server side early_data extension
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00