Commit graph

1601 commits

Author SHA1 Message Date
Viktor Dukhovni
895c2f84a6 Long overdue cleanup of X509 policy tree verification
Replace all magic numbers with #defined constants except in boolean
functions that return 0 for failure and 1 for success.  Avoid a
couple memory leaks in error recovery code paths.  Code style
improvements.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-05 11:13:11 -05:00
Dr. Stephen Henson
7fc7d1a7bd Add EC_KEY_priv2buf()
Add new function EC_KEY_priv2buf() to allocated and encode private
key octet in one call. Update and simplify ASN.1 and print routines.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dr. Stephen Henson
d810700b80 update EC ASN1 and print routines
Update EC ASN.1 and print routines to use EC_KEY_oct2priv and
EC_KEY_priv2oct.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dr. Stephen Henson
cf2413955c Add EC_KEY_oct2priv and EC_KEY_priv2oct
New functions EC_KEY_oct2priv and EC_KEY_priv2oct. These are private key
equivalents of EC_POINT_oct2point and EC_POINT_point2oct which convert
between the private key octet format and EC_KEY.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dr. Stephen Henson
26c255fcf8 Add ASN1_buf_print to print a buffer in ASN1_bn_print format.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dmitry Sobinov
43e5faa253 Add new DTLS-SRTP protection profiles from RFC 7714
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04 22:52:21 +00:00
Kurt Roeckx
c86d1f19fc Use WSAGetLastError() on windows
Windows doesn't have h_error or hstrerror()

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #1848
2016-02-04 16:05:59 +01:00
Dr. Stephen Henson
da15ce2212 update OID tables
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04 14:10:52 +00:00
Rich Salz
d9f7772674 RT2752: Add some EKU OID's
And some others found in the Internet.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-03 23:33:55 -05:00
Rich Salz
cde052f59c Tweak opensslconf.h.in for style
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-03 17:15:31 -05:00
Richard Levitte
52f5926c3c make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:40:32 +01:00
Richard Levitte
417be660e1 Refactoring BIO: adapt BIO_s_connect and BIO_s_accept
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:40:32 +01:00
Richard Levitte
4f1374e605 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:39:37 +01:00
Richard Levitte
2fcff74c87 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:38:07 +01:00
Richard Levitte
d33b215b33 Refactoring BIO: new socket-handling functions, deprecate older ones
Added functions:

BIO_socket
BIO_connect
BIO_listen
BIO_accept_ex
BIO_closesocket
BIO_sock_info

These get deprecated:

BIO_gethostbyname
BIO_get_port
BIO_get_host_ip
BIO_get_accept_socket
BIO_accept

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:38:07 +01:00
Richard Levitte
83be2778fe Refactoring BIO: add error macros & text, and make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:37:07 +01:00
Richard Levitte
28a0841bf5 Refactoring BIO: add wrappers around sockaddr et al
Because different platforms have different levels of support for IPv6,
different kinds of sockaddr variants, and some have getaddrinfo et al
while others don't, we could end up with a mess if ifdefs, duplicate
code and other maintainance nightmares.

Instead, we're introducing wrappers around the common form for socket
communication:
BIO_ADDR, closely related to struct sockaddr and some of its variants.
BIO_ADDRINFO, closely related to struct addrinfo.

With that comes support routines, both convenient creators and
accessors, plus a few utility functions:

BIO_parse_hostserv, takes a string of the form host:service and
splits it into host and service.  It checks for * in both parts, and
converts any [ipv6-address] syntax to ust the IPv6 address.

BIO_lookup, looks up information on a host.

All routines handle IPv4 (AF_INET) and IPv6 (AF_INET6) addresses, and
there is support for local sockets (AF_UNIX) as well.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:37:07 +01:00
Rich Salz
b5c5a97141 RT2353: Add ipsec IKE OID
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-02 14:41:06 -05:00
Dr. Stephen Henson
85a4807f94 New BN functions.
Add new function BN_bn2binpad() which checks the length of the output
buffer and pads the result with zeroes if necessary.

New functions BN_bn2lebinpad() and BN_lebin2bn() which use little endian
format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-02 17:17:38 +00:00
Rich Salz
8cdd6b6b47 Style; add "!= NULL"
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-01 11:23:55 -05:00
Emilia Kasper
b698174493 constify PACKET
PACKET contents should be read-only. To achieve this, also
- constify two user callbacks
- constify BUF_reverse.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-01 16:21:57 +01:00
Viktor Dukhovni
33cc5dde47 Compat self-signed trust with reject-only aux data
When auxiliary data contains only reject entries, continue to trust
self-signed objects just as when no auxiliary data is present.

This makes it possible to reject specific uses without changing
what's accepted (and thus overring the underlying EKU).

Added new supported certs and doubled test count from 38 to 76.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-31 21:24:12 -05:00
Viktor Dukhovni
0daccd4dc1 Check chain extensions also for trusted certificates
This includes basic constraints, key usages, issuer EKUs and auxiliary
trust OIDs (given a trust suitably related to the intended purpose).

Added tests and updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-31 21:23:23 -05:00
Dr. Stephen Henson
be2e334fce Add EC_GROUP_order_bits, EC_GROUP_get0_order and EC_GROUP_get0_cofactor
New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-31 22:18:30 +00:00
Daniel Kahn Gillmor
8ab31975ba RT4129: BUF_new_mem_buf should take const void *
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-31 14:05:13 -05:00
Rich Salz
769adcfe8b GH102: Extra volatile avoids GCC bug
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-01-30 20:19:19 -05:00
Rich Salz
9716b0b9de Remove extra level of indirection.
Remove OPENSSL_IMPORT as its only purpose is to define OPENSSL_EXTERN.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-30 18:11:12 -05:00
Rich Salz
94af0cd7f3 Move more BN internals to bn_lcl.h
There was an unused macro in ssl_locl.h that used an internal
type, so I removed it.
Move bio_st from bio.h to ossl_type.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-30 16:54:35 -05:00
Rich Salz
98ab57644f GH102: Add volatile to CRYPTO_memcmp
Can't hurt and seems to prevent problems from some over-aggressive
(LTO?) compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-30 14:37:43 -05:00
Dr. Stephen Henson
7ab507495b Add function to return internal enoding of X509_NAME.
PR#4280

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-30 16:02:48 +00:00
Viktor Dukhovni
aea6116146 Make it possible to check for explicit auxiliary trust
By default X509_check_trust() trusts self-signed certificates from
the trust store that have no explicit local trust/reject oids
encapsulated as a "TRUSTED CERTIFICATE" object.  (See the -addtrust
and -trustout options of x509(1)).

This commit adds a flag that makes it possible to distinguish between
that implicit trust, and explicit auxiliary settings.

With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted
via explicit trust settings.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-29 10:53:46 -05:00
Matt Caswell
cb389fe804 Correct value of DH_CHECK_PUBKEY_INVALID
A new return value for DH_check_pub_key was recently added:
DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other
return values it should have been set to the value 4 not 3.

RT#4278

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-29 11:53:32 +00:00
Richard Levitte
41a28cb294 Correct number of arguments in BIO_get_conn_int_port macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-28 18:19:55 +01:00
Matt Caswell
b128abc343 Prevent small subgroup attacks on DH/DHE
Historically OpenSSL only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for
generating X9.42 style parameter files such as those required for RFC
5114 support. The primes used in such files may not be "safe". Where an
application is using DH configured with parameters based on primes that
are not "safe" then an attacker could use this fact to find a peer's
private DH exponent. This attack requires that the attacker complete
multiple handshakes in which the peer uses the same DH exponent.

A simple mitigation is to ensure that y^q (mod p) == 1

CVE-2016-0701

Issue reported by Antonio Sanso.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-28 14:41:19 +00:00
Rich Salz
3444c36ab4 Fix typo in md2.h
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-28 09:18:21 -05:00
Rich Salz
3538c7da3d Add CRYPTO_secure_zalloc
Also turn B<foo> into foo() in the pod page.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-27 23:34:13 -05:00
Rich Salz
3e9e810f2e Remove outdated legacy crypto options
Many options for supporting optimizations for legacy crypto on legacy
platforms have been removed.  This simplifies the source code and
does not really penalize anyone.
        DES_PTR (always on)
        DES_RISC1, DES_RISC2 (always off)
        DES_INT (always 'unsigned int')
        DES_UNROLL (always on)
        BF_PTR (always on) BF_PTR2 (removed)
        MD2_CHAR, MD2_LONG (always 'unsigned char')
        IDEA_SHORT, IDEA_LONG (always 'unsigned int')
        RC2_SHORT, RC2_LONG (always 'unsigned int')
        RC4_LONG (only int and char (for assembler) are supported)
        RC4_CHUNK (always long), RC_CHUNK_LL (removed)
        RC4_INDEX (always on)
And also make D_ENCRYPT macro more clear (@appro)

This is done in consultation with Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-27 19:05:50 -05:00
Richard Levitte
d20a161f46 Complete the removal of /* foo.c */ comments
Some files that are automatically generated still had those comments
added by the generating scripts.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-27 18:42:23 +01:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Matt Caswell
a18a31e49d Add SSL_up_ref() and SSL_CTX_up_ref()
The SSL and SSL_CTX structures are reference counted. However since libssl
was made opaque there is no way for users of the library to manipulate the
reference counts. This adds functions to enable that.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-26 13:19:10 +00:00
Richard Levitte
9ab6fc5936 Generate warning text
Now that we're using templates, we should warn people not to edit the
resulting file.  We do it through util/dofile.pl, which is enhanced
with an option to tell what file it was called from.  We also change
the calls so the template files are on the command line instead of
being redirected through standard input.  That way, we can display
something like this (example taken from include/openssl/opensslconf.h):

    /* WARNING: do not edit! */
    /* Generated by Configure from include/openssl/opensslconf.h.in */

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 21:19:59 +01:00
Rich Salz
dc193c9c5e Move & split opensslconf.h.in
Move opensslconf.h.in to include/openssl.
Split off DES,BN,RC4 stuff into separate header file
templates in crypto/include/internal/*_conf.h.in

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-25 09:44:08 -05:00
Rich Salz
cf2cede4a7 Move pqueue into ssl
This is an internal facility, never documented, not for
public consumption.  Move it into ssl (where it's only used
for DTLS).

I also made the typedef's for pqueue and pitem follow our style: they
name structures, not pointers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-24 18:25:04 -05:00
Michał Trojnara
fa8edbbd59 Updated OSSL_DYNAMIC_VERSION/OSSL_DYNAMIC_OLDEST
Change to reflect changes in dynamic_fns

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-01-22 11:55:28 -05:00
Matt Caswell
7bb196a71a Handle SSL_shutdown while in init more appropriately
Calling SSL_shutdown while in init previously gave a "1" response, meaning
everything was successfully closed down (even though it wasn't). Better is
to send our close_notify, but fail when trying to receive one.

The problem with doing a shutdown while in the middle of a handshake is
that once our close_notify is sent we shouldn't really do anything else
(including process handshake/CCS messages) until we've received a
close_notify back from the peer. However the peer might send a CCS before
acting on our close_notify - so we won't be able to read it because we're
not acting on CCS messages!

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-20 13:58:12 +00:00
Dr. Stephen Henson
3aeb934865 make EVP_PKEY opaque
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-20 03:24:59 +00:00
Matt Caswell
a8eda4312d Remove the GOST engine
The GOST engine is now out of date and is removed by this commit. An up
to date GOST engine is now being maintained in an external repository.

See:
https://wiki.openssl.org/index.php/Binaries

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-19 22:29:32 +00:00
Viktor Dukhovni
928623825c API compat for SSLeay_add_ssl_algorithms
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-19 13:40:05 -05:00
Dr. Stephen Henson
1eff3485b6 Add TLS PRF method.
Add EVP_PKEY algorithm for TLS1 PRF.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-19 14:00:32 +00:00
Corinna Vinschen
8d35ceb98f Use POSIX functions on Cygwin, not Win32 function
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-18 16:16:00 +01:00
Rich Salz
ba1516987a Fix function declarations.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-17 17:36:17 -05:00
Rich Salz
9e5cd4bac7 Add some accessors.
Author: Remi Gacogne <rgacogne-github@coredump.fr>
GH334: Add an OCSP_SINGLERESP_get0_id() accessor to the OCSP_CERTID of
a OCSP_SINGLERESP. It is possible to do it the other way around using
OCSP_resp_find(), but this is more efficient when you have a tree indexed
by OCSP_CERTID, like haproxy does. (This is also RT4251)

Author: Marek Klein <kleinmrk@gmail.com>
GH556: OCSP_resp_get_produced_at() accessor to the producedAt of a
OCSP_BASICRESP
GH555: TS_STATUS_INFO_get_status(), TS_STATUS_INFO_get_text() and
TS_STATUS_INFO_get_failure_info() accessors for a TS_STATUS_INFO

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-17 10:38:03 -05:00
Dr. Stephen Henson
8e237299b0 fix no-engine build
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-16 22:29:48 +00:00
Benjamin Kaduk
0423f812dc Add a no-egd option to disable EGD-related code
The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-14 13:02:51 -05:00
Rich Salz
47153c7253 Make SSL_set_debug deprecated in 1.1
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-14 12:30:32 -05:00
Rich Salz
3a4e9367d8 RT4232: Extra space in help message.
It turns out that -pause calls the undocumented function SSL_set_debug.
That just sets flag inside the SSL structure.  That flag, despite
the command is never used.  So remove the flag, the field, and the
function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-14 11:32:18 -05:00
Richard Levitte
c60ebfdc08 Prepare for 1.1.0-pre3-dev
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-14 15:27:14 +01:00
Richard Levitte
bd31d02e41 Prepare for 1.1.0-pre2 release
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-14 15:26:56 +01:00
Viktor Dukhovni
d94a1a7065 For stro[ui]max require both C99 and UINTMAX_MAX/INTMAX_MAX
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-13 16:12:31 -05:00
Richard Levitte
555b66e45a Remove spurious ;
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 21:29:24 +01:00
Richard Levitte
6f84b383d3 VMS C doesn't provide intmax_t/uinmax_t, use our own
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 20:53:09 +01:00
Rich Salz
3aef36ffef Add CRYPTO_EX_DATA; remove EC_EXTRA_DATA
Add CRYPTO_EX_DATA add EndC_KEY_[gs]et_method, From Roumen Petrov.
Had to add various exdata calls to init/copy/free the exdata.
Had to remove const from some EC functions because exdata isn't
const-correct. :(
Also remove EC_EXTRA_DATA and use a union to hold the possible
pre-computed values and an enum to tell which value is in the
union. (Rich Salz)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-13 14:32:59 -05:00
Viktor Dukhovni
bdb1d0c24b Fix DES_LONG breakage
For some strange reason opensslconf.h was only defining DES_LONG
when included via des.h, but that's exceedingly fragile (as a
result of include guards the include via des.h might not actually
process the content again).

Ripped out the nesting constraint, now always define OSSL_DES_LONG
if not already defined.  Note, this could just be DES_LONG, but
trying to avoid exposing DES_LONG in places where it has never been
seen before, so it is up to des.h to actually define DES_LONG as
OSSL_DES_LONG.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 12:37:48 -05:00
Viktor Dukhovni
dbc8541b86 For stroimax need C99 inttypes.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 12:37:34 -05:00
Mathias Berchtold
917c343ef8 Fix missing casts for c++
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-13 03:44:56 +00:00
Viktor Dukhovni
03f887ca12 Maximize time_t when intmax_t is available
Well, I'm not actually changing time_t, just changing how time_t
valued opt values are converted from string to time_t.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 21:37:39 -05:00
Viktor Dukhovni
4b1fa408b2 STACK_OF(SSL_COMP) is a public type
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 14:16:04 -05:00
Dr. Stephen Henson
cf926b4563 fix jpaketest and correct comment
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 18:45:25 +00:00
Richard Levitte
512fdfdf7f Remove unused internal macros
The M_EVP_* macros related to EVP_CIPHER / EVP_CIPHER_CTX are not
public, and are unused.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:58:29 +01:00
Richard Levitte
ff4b7fafb3 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:58:29 +01:00
Richard Levitte
0ce56222d8 Add back deprecated functions in macro form
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
3dcb9e4e0f EVP_CIPHER_CTX_new_cipher_data was a temporary measure, not needed any more
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
e79f877333 Make EVP_CIPHER opaque and add creator/destructor/accessor/writer functions
We follow the method used for EVP_MD.
Also, move all the internal EVP_CIPHER building macros from evp_locl.h
to evp_int.h.  This will benefit our builtin EVP_CIPHERs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
480d33237d Remove EVP_CIPHER_CTX_flags, it's only confusing
EVP_CIPHER_CTX_flags was returning the flags of its associated
EVP_CIPHER.  However, EVP_CIPHER_CTX has flags of its own, so this
function is quite confusing and therefore error prone.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
83b0634702 Add accessors and writers for EVP_CIPHER_CTX
New functions:

- EVP_CIPHER_CTX_encrypting()
- EVP_CIPHER_CTX_iv()
- EVP_CIPHER_CTX_iv_noconst()
- EVP_CIPHER_CTX_original_iv()
- EVP_CIPHER_CTX_buf_noconst()
- EVP_CIPHER_CTX_num()
- EVP_CIPHER_CTX_set_num()
- EVP_CIPHER_CTX_cipher_data()
- EVP_CIPHER_CTX_new_cipher_data()

Note that the accessors / writers for iv, buf and num may go away, as
those rather belong in the implementation's own structure (cipher_data)
when the implementation would affect them (that would be the case when
they are flagged EVP_CIPH_CUSTOM_IV or EVP_CIPH_FLAG_CUSTOM_CIPHER).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
8baf9968df Make EVP_CIPHER_CTX opaque and renew the creator / destructor functions
Following the method used for EVP_MD_CTX and HMAC_CTX,
EVP_CIPHER_CTX_init and EVP_CIPHER_CTX_cleanup are joined together
into one function, EVP_CIPHER_CTX_reset, with EVP_CIPHER_CTX_init kept
as an alias.
EVP_CIPHER_CTX_cleanup fills no purpose of its own any more and is
therefore removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Dr. Stephen Henson
89d6aa10a2 Use ossl_inline and DEFINE_LHASH_OF
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:42 +00:00
Dr. Stephen Henson
26a884c217 Remove mkstack.pl: it is no longer needed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:42 +00:00
Dr. Stephen Henson
2a056de832 Add lh_doall_arg inlining
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
63c75cd688 Add lh_doall inlining
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
62d0577e0d Add lh_new() inlining
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Dr. Stephen Henson
e6b5c341b9 Inline LHASH_OF
Make LHASH_OF use static inline functions.

Add new lh_get_down_load and lh_set_down_load functions and their
typesafe inline equivalents.

Make lh_error a function instead of a macro.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-11 17:50:27 +00:00
Viktor Dukhovni
8106cb8b6d Make SSL{_CTX,}_{get,set,clear}_options functions
These now take and return unsigned long, and get is constified.
Updated related documentation and util/ssleay.num

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-11 10:51:02 -05:00
Dr. Stephen Henson
4e482ae6ff Add memory leak return value.
Make CRYPTO_mem_leaks() and CRYPTO_mem_leaks_fp() return a status value.
Update documentation. Don't abort() if there are leaks.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-11 02:41:16 +00:00
Viktor Dukhovni
c2e27310c7 Enable/disable crypto-mdebug just like other features
Also always abort() on leak failure.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-11 02:41:16 +00:00
Viktor Dukhovni
aea145e399 Regenerate SSL record/statem error strings
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-10 20:18:05 -05:00
Rich Salz
d594199bb4 RT41897: Add an CRYPTO_secure_actual_size
This is already documented, I just forgot to include the code :)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-09 19:13:15 -05:00
Mat
f820b79248 Fix c++ compilation
Fixes https://github.com/openssl/openssl/issues/532

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-09 19:05:44 -05:00
Mat
77f31b3a8a Adds missing type casts
This fixes https://github.com/openssl/openssl/issues/534

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-09 19:04:02 -05:00
Dr. Stephen Henson
c3be59a47c Correct header defines
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-09 21:52:03 +00:00
Rich Salz
6ac11bd0b9 Fix no CRYPTO_MDEBUG build (windows)
In order for mkdep to find #ifdef'd functions, they must be
wrapped (in the header file) with
        #ifndef OPENSSL_NO_...
So do that for various CRYPTO_mem_debug... things.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-08 14:35:04 -05:00
Viktor Dukhovni
64c711cd0e Simplify deprecated declaration exception
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-08 12:53:20 -05:00
Viktor Dukhovni
98186eb4e4 Backwards-compatibility subject to OPENSSL_API_COMPAT
Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 20:53:18 -05:00
Richard Levitte
0c1badc8af Remove all remaining traces if PEM_Seal
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-08 01:18:55 +01:00
Rich Salz
ebd8df0ed8 Fix build-break; 'make update'
Commit bbd86bf542 broke certain builds.
Commit 0674427f71 missing 'make update'

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 15:40:08 -05:00
Rich Salz
bbd86bf542 mem functions cleanup
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
        (Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 15:14:18 -05:00
Viktor Dukhovni
170b735820 DANE support for X509_verify_cert()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 13:48:59 -05:00
Dr. Stephen Henson
a8eba56ef6 use more descriptive name DEFINE_STACK_OF_CONST
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
4a1f3f2741 Only declare stacks in headers
Don't define stacks in C source files: it causes warnings
about unused functions in some compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
8588571572 Rename DECLARE*STACK_OF to DEFINE*STACK_OF
Applications wishing to include their own stacks now just need to include

DEFINE_STACK_OF(foo)

in a header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
c5e0c54047 remove unused PREDECLARE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
4a640fb6c3 Fix declarations and constification for inline stack.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
411abf2dd3 Change STACK_OF to use inline functions.
Change DECLARE_STACK_OF into inline functions. This avoids the need for
auto generated mkstack.pl macros and now handles const properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Rich Salz
700b4a4ae7 Remove more (rest?) of FIPS build stuff.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-06 12:07:26 -05:00
Viktor Dukhovni
919ba00942 DANE support structures, constructructors and accessors
Also tweak some of the code in demos/bio, to enable interactive
testing of BIO_s_accept's use of SSL_dup.  Changed the sconnect
client to authenticate the server, which now exercises the new
SSL_set1_host() function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-05 19:31:49 -05:00
Viktor Dukhovni
e29c73c93b Fix X509_STORE_CTX_cleanup()
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-03 18:45:05 -05:00
Viktor Dukhovni
d9b8b89bec X509_verify_cert() cleanup
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-03 17:21:16 -05:00
Richard Levitte
1de1d7689a Instead of a local hack, implement SIZE_MAX in numbers.h if it's missing
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-02 21:11:02 +01:00
Viktor Dukhovni
4fa52141b0 Protocol version selection and negotiation rewrite
The protocol selection code is now consolidated in a few consecutive
short functions in a single file and is table driven.  Protocol-specific
constraints that influence negotiation are moved into the flags
field of the method structure.  The same protocol version constraints
are now applied in all code paths.  It is now much easier to add
new protocol versions without reworking the protocol selection
logic.

In the presence of "holes" in the list of enabled client protocols
we no longer select client protocols below the hole based on a
subset of the constraints and then fail shortly after when it is
found that these don't meet the remaining constraints (suiteb, FIPS,
security level, ...).  Ideally, with the new min/max controls users
will be less likely to create "holes" in the first place.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-01-02 10:49:06 -05:00
Kurt Roeckx
7946ab33ce Add support for minimum and maximum protocol version
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-02 10:47:52 -05:00
Richard Levitte
579415de54 Remove the #ifndef OPENSSL_SYS_VMS around SSL_add_dir_cert_subjects_to_stack
It served a purpose, but not any more.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-12-30 16:56:05 +01:00
Ben Laurie
33bed28b39 Fix no-engine.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-29 12:52:06 +00:00
Dr. Stephen Henson
e2b420fdd7 Server side EVP_PKEY DH support
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-23 22:26:31 +00:00
Dr. Stephen Henson
ffaef3f152 Always generate DH keys for ephemeral DH cipher suites.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-23 22:26:31 +00:00
Roumen Petrov
0b081fcd08 redundant redeclaration of 'OPENSSL_strlcpy'
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #1523
2015-12-23 20:40:54 +01:00
Roumen Petrov
b9b154d1cf __STDC_VERSION__ is not defined for c89 compilers
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #1522
2015-12-23 20:40:54 +01:00
Kurt Roeckx
1c9ed1d8a7 Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support.
Suggested by David Benjamin

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>

MR: #1520
2015-12-23 20:40:54 +01:00
Dr. Stephen Henson
80e0ecbf58 Add ossl_inline
Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-22 23:03:56 +00:00
Dr. Stephen Henson
e091c83e72 remove unused error code
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-22 16:16:35 +00:00
Dr. Stephen Henson
a2074b9287 make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 15:14:14 +00:00
Dr. Stephen Henson
59b1696c0c SSL library configuration module.
This adds support for SSL/TLS configuration using configuration modules.
Sets of command value pairs are store and can be replayed through an
SSL_CTX or SSL structure using SSL_CTX_config or SSL_config.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 15:14:14 +00:00
Rich Salz
4fae386cb0 Cleanup CRYPTO_{push,pop}_info
Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 09:11:07 -05:00
Rich Salz
c99de0533d Rename *_realloc_clean to *_clear_realloc
Just like *_clear_free routines.  Previously undocumented, used
a half-dozen times within OpenSSL source.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 07:32:51 -05:00
Richard Levitte
31384753c7 Remove the "eay" c-file-style indicators
Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-18 13:08:40 +01:00
Richard Levitte
ff8428561a Modify the lower level memory allocation routines to take size_t
We've been using int for the size for a long time, it's about time...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-17 08:24:26 +01:00
Rich Salz
33eaf4c27e mem-cleanup, cont'd.
Remove LEVITTE_DEBUG_MEM.
Remove {OPENSSL,CRYPTO}_remalloc.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-16 22:23:57 -05:00
Rich Salz
7644a9aef8 Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 16:14:49 -05:00
Dr. Stephen Henson
2c61a5ecca Constify EC_KEY in ECDH_compute_key.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
57be4444c6 Remove SSL_OP_SINGLE_ECDH_USE code.
Since auto ecdh is now always used SSL_OP_SINGLE_ECDH_USE is
redundant. Simplify associated code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
981bd8a2f2 New EC functions.
New functions EC_POINT_point2buf and EC_KEY_key2buf which encode
a point and allocate a buffer in one call.

New function EC_KEY_oct2key() which sets public key in an EC_KEY
structure from an encoded point.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Rich Salz
2ab9687479 Remove GMP engine.
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-12-15 07:59:56 -05:00
Dr. Stephen Henson
c01ff880d4 New function X509_get0_pubkey
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
2872dbe1c4 Add EVP_PKEY_get0_* functions.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
7538cb82f9 remove ancient SSLeay bug workaround
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-13 00:43:43 +00:00
Richard Levitte
601ab3151f Adapt PEM routines to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Richard Levitte
a0be4fd17b Make EVP_ENCODE_CTX opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Rob Stradling
ba67253db1 Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

GH: #495, MR: #1435
2015-12-10 19:27:40 +01:00
Viktor Dukhovni
f8137a62d9 Restore full support for EVP_CTX_create() etc.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 11:05:07 -05:00
Matt Caswell
278d6b3663 Prepare for 1.1.0-pre2-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 14:24:22 +00:00
Matt Caswell
22c21b60af Prepare for 1.1.0-pre1 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 14:23:10 +00:00
Matt Caswell
ac7f47dce1 OpenSSL 1.1.0 is now in pre release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 14:21:59 +00:00
Andy Polyakov
bd30091c97 x86[_64] assembly pack: add optimized AES-NI OCB subroutines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:11:26 +01:00
Andy Polyakov
a76ba82ccb Wire ChaCha20-Poly1305 to TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:30 +01:00
Andy Polyakov
bd989745b7 crypto/evp: add e_chacha20_poly1305.c.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:00:29 +01:00
Andy Polyakov
72bb2f64fc Add ChaCha20-Poly1305 and ChaCha20 NIDs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 11:59:49 +01:00
Richard Levitte
f8d3ab4928 Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h
Most of all, that has inclusion of openssl/engine.h work even if EC
has been disabled.  This is the same as has been done for DH, DSA, RSA
and more...

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-12-09 23:56:57 +01:00
Dr. Stephen Henson
970e7b5bf8 add compatibility headers
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
7bb75a5d08 add block comment
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
f8d7d2d6df EC_KEY_METHOD accessors.
Set of accessors to set and get each field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
89313de5cb make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
7d711cbc33 Engine EC_KEY_METHOD functionality.
Rename ENGINE _EC_KEY functions to _EC.
Add support for EC_KEY_METHOD in ENGINE_set_default et al. Copy
ec_meth.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
1eb97c3ecd remove ECDSA_METHOD from ENGINE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
c8bfd40a92 remove ECDSA_METHOD typedef
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
180eec1666 add missing prototypes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
fb29bb5926 remove ecdsa.h header
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
cf517a6d3d add ECDSA_size to ec_asn1.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
6e73d12e76 return errors for unsupported operations
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
bd3602eb89 Move and adapt ECDSA sign and verify functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
7236e3c8f7 Add ECDSA_SIG accessor.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
ef5b2ba6fb move ECDSA_SIG prototypes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
8c661f76b6 make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
714b2abb29 move ECDSA_SIG definition
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
1e8622297d remove ECDH_METHOD typedef
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
30243c9523 remove ecdh.h header
Remove redundant ecdh.h header and any references to it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
f517ffbb83 remove ECDH_METHOD from ENGINE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
53e3189d0c make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
a22a7e7089 Add compute key support to EC_KEY_METHOD
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
768c53e1b6 Move ECDH_KDF_X9_62 to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
5a6a1029d2 EC_KEY_METHOD keygen support.
Add keygen to EC_KEY_METHOD. Redirect EC_KEY_generate_key through
method and set the current EC key generation function as the default.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
d2fa70d82b make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
28572b577c Support for EC_KEY_METHOD.
Add EC_KEY_METHOD. This is part of the EC revision and will make EC behave
more like other algorithms. Specifically:

EC_KEY_METHOD is part of EC_KEY.
It is part of ENGINE.
Default or key specific implementations can be provided to redirect some
or all operations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
4160936143 update errors
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:32:39 +00:00
Dr. Stephen Henson
e7f0d9210c Extended master secret fixes and checks.
Add new flag TLS1_FLAGS_RECEIVED_EXTMS which is set when the peer sends
the extended master secret extension.

Server now sends extms if and only if the client sent extms.

Check consistency of extms extension when resuming sessions following (where
practical) RFC7627.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:32:39 +00:00
Matt Caswell
686cf15e9d Fix merge error
Commit 6140f0365 added some new ctrl constants. However due to a
merge error one of these values was duplicated with an existing
value.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-08 13:00:59 +00:00
Dmitry Belyavskiy
6140f03653 Add some new cipher ctrl constants
These are needed for GOST

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 11:56:39 +00:00
Richard Levitte
dc0099e1dd Cleanup: rename HMAC_CTX_init to HMAC_CTX_reset
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
e0a3a803d9 Cleanup: support EVP_MD_CTX_(create|init|destroy) for deprecated use
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
959ed5316c Cleanup: rename EVP_MD_CTX_(create|init|destroy) to EVP_MD_CTX_(new|reset|free)
Looking over names, it seems like we usually use names ending with
_new and _free as object constructors and destructors.  Also, since
EVP_MD_CTX_init is now used to reset a EVP_MD_CTX, it might as well be
named accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
32fd54a9a3 Remove HMAC_CTX_cleanup and combine its functionality into EVP_MD_CTX_init
This follows the same idea as the combination of EVP_MD_CTX_cleanup
and EVP_MD_CTX_init into one function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
74cabf3fef Remove EVP_MD_CTX_cleanup and put its functionality into EVP_MD_CTX_init
The idea is that with EVP_MD_CTX_create() and EVP_MD_CTX_destroy(),
EVP_MD_CTX_cleanup and EVP_MD_CTX_init is not used the same as before.
Instead, we need a single function that can be used to reinitialise an
existing EVP_MD_CTX that's been created with EVP_MD_CTX_create()
previously.  Combining EVP_MD_CTX_cleanup and EVP_MD_CTX_init into
that one function is the answer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
3f43aecc59 Make the definition of HMAC_CTX opaque
This moves the definition to crypto/hmac/hmac_lcl.h.  Constructor and
destructor added, and the typedef moved to include/openssl/ossl_typ.h.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
2db6bf6f85 Make the definition of EVP_MD opaque
This moves the definition to crypto/include/internal/evp_int.h and
defines all the necessary method creators, destructors, writers and
accessors.  The name standard for the latter is inspired from the
corresponding functions to manipulate UI methods.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
6e59a892db Adjust all accesses to EVP_MD_CTX to use accessor functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
fa0c23de83 Adapt HMAC to the EVP_MD_CTX changes
This change required some special treatment, as HMAC is intertwined
with EVP_MD.  For now, all local HMAC_CTX variables MUST be
initialised with HMAC_CTX_EMPTY, or whatever happens to be on the
stack will be mistaken for actual pointers to EVP_MD_CTX.  This will
change as soon as HMAC_CTX becomes opaque.

Also, since HMAC_CTX_init() can fail now, its return type changes from
void to int, and it will return 0 on failure, 1 on success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:36:57 +01:00
Richard Levitte
7638370ca6 Make the definition of EVP_MD_CTX opaque
This moves the definitionto crypto/evp/evp_locl.h, along with a few
associated accessor macros.  A few accessor/writer functions added.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:36:57 +01:00
Kurt Roeckx
361a119127 Remove support for all 40 and 56 bit ciphers.
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #364
2015-12-05 17:45:59 +01:00
Kurt Roeckx
fe6ef2472d Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-04 22:30:36 +01:00
Kurt Roeckx
6f78b9e824 Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-04 22:22:31 +01:00
Viktor Dukhovni
1c86d8fd41 Revert unnecessary SSL_CIPHER_get_bits API change
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-04 13:58:22 -05:00
Dr. Stephen Henson
19c6d3ea2d Remove RSA_FLAG_SIGN_VER flag.
Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary
compatibility after RSA_METHOD was extended to include rsa_sign and
rsa_verify fields. It is no longer needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-02 18:23:29 +00:00
Dr. Stephen Henson
7f572e958b Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.

Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.

Remove now obsolete EVP_dss1() and EVP_ecdsa().

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-02 17:52:01 +00:00
Rich Salz
338f5727c8 typo fix on function
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-01 17:09:19 -05:00
Rich Salz
e6390acac9 ex_data part 2: doc fixes and CRYPTO_free_ex_index.
Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-01 11:48:37 -05:00
Dr. Stephen Henson
600fdc716f fix function code discrepancy
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-27 21:28:23 +00:00
Dr. Stephen Henson
9689a6aeed Remove X509_VERIFY_PARAM_ID
Now that X509_VERIFY_PARAM is opaque X509_VERIFY_PARAM_ID is no longer
needed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-26 16:07:14 +00:00
Matt Caswell
e113c9c59d Add documentation for BN_with_flags
Following on from the previous commit this adds some documentation for the
BN_with_flags function which is easy to misuse.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-11-26 10:20:36 +00:00
Dr. Stephen Henson
396d5fd091 Add EVP_MD_CTX_ctrl function.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Dr. Stephen Henson
93972b8c72 Add ssl3 ctrl to EVP_md5_sha1().
Add a ctrl to EVP_md5_sha1() to handle the additional operations needed
to handle SSL v3 client authentication and finished message.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Dr. Stephen Henson
2f142ada2c Add MD5+SHA1
Add digest combining MD5 and SHA1. This is used by RSA signatures for
TLS 1.1 and earlier.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Dmitry Belyavsky
e44380a990 Patch containing TLS implementation for GOST 2012
This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-23 16:09:42 +00:00
Matt Caswell
46ddbcf2b4 Fix a rebase error
During rebasing of the async changes some error codes ended up being
duplicated so that "make errors" fails. This removes the duplication.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-11-22 22:48:10 +00:00
Matt Caswell
22a34c2fab Implement windows async thread local variable support
Implements Thread Local Storage in the windows async port. This also has
some knock on effects to the posix and null implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:40:23 +00:00
Matt Caswell
68487a9b06 Convert __thread to pthreads for Thread Local Storage
In theory the pthreads approach for Thread Local Storage should be more
portable.

This also changes some APIs in order to accommodate this change. In
particular ASYNC_init_pool is renamed ASYNC_init_thread and
ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init
and ASYNC_cleanup.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:39:30 +00:00
Matt Caswell
27949c353e Simplify async pool handling
A lot of the pool handling code was in the arch specific files, but was
actually boiler plate and the same across the implementations. This commit
moves as much code as possible out of the arch specific files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:37:17 +00:00
Matt Caswell
2b2c78d4f0 Swap to using proper windows pipes
We were using _pipe to create a pipe on windows. This uses the "int" type
for its file descriptor for compatibility. However most windows functions
expect to use a "HANDLE". Probably we could get away with just casting but
it seems more robust to use the proper type and main stream windows
functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:37:17 +00:00
Matt Caswell
e8dfb5bf8e Add ASYNC_block_pause and ASYNC_unblock_pause
There are potential deadlock situations that can occur if code executing
within the context of a job aquires a lock, and then pauses the job. This
adds an ability to temporarily block pauses from occuring whilst performing
work and holding a lock.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:37:17 +00:00
Matt Caswell
7fecbf6f21 Rename start_async_job to ssl_start_async_job
Make it clear that this function is ssl specific.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:35:19 +00:00
Matt Caswell
add2f5ca6d Clean up libssl async calls
Tidy up the libssl async calls and make sure all IO functions are covered.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:35:19 +00:00
Matt Caswell
079a1a9014 Add ASYNC error codes
Add ASYNCerr support to give some meaningful error message in the event of
a failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Matt Caswell
44a27ac282 Remove ASYNC_in_job()
The ASYNC_in_job() function is redundant. The same effect can be achieved by
using ASYNC_get_current_job().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:34 +00:00
Matt Caswell
0ff2b9ac0b Implement local thread pools
Implement the ASYNC_JOB as a local thread pool. Remove the API support
for global pools.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
f4da39d200 Initial Async notify code changes
Initial API implemented for notifying applications that an ASYNC_JOB
has completed. Currently only s_server is using this. The Dummy Async
engine "cheats" in that it notifies that it has completed *before* it
pauses the job. A normal async engine would not do that.

Only the posix version of this has been implemented so far, so it will
probably fail to compile on Windows at the moment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
252d6d3aa6 Add ASYNC_JOB pools
It is expensive to create the ASYNC_JOB objects due to the "makecontext"
call. This change adds support for pools of ASYNC_JOB objects so that we
don't have to create a new ASYNC_JOB every time we want to use one.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
826760945d Async clean ups
Removed the function ASYNC_job_is_waiting() as it was redundant. The only
time user code has a handle on a job is when one is waiting, so all they
need to do is check whether the job is NULL. Also did some cleanups to
make sure the job really is NULL after it has been freed!

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:32:18 +00:00
Matt Caswell
5010830495 Async port to windows
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:32:18 +00:00
Matt Caswell
07bbc92ccb Make libssl async aware
The following entry points have been made async aware:
SSL_accept
SSL_read
SSL_write

Also added is a new mode - SSL_MODE_ASYNC. Calling the above functions with
the async mode enabled will initiate a new async job. If an async pause is
encountered whilst executing the job (such as for example if using SHA1/RSA
with the Dummy Async engine), then the above functions return with
SSL_WANT_ASYNC. Calling the functions again (with exactly the same args
as per non-blocking IO), will resume the job where it left off.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Matt Caswell
a14e9ff713 Add the Dummy Async engine (dasync)
This engine is for developers of async aware applications. It simulates
asynchronous activity with external hardware. This initial version supports
SHA1 and RSA. Certain operations using those algorithms have async job
"pauses" in them - using the new libcrypto async capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Matt Caswell
a3667c316a Add async sub-library to libcrypto
Provides support for running asynchronous jobs. Currently this is completely
stand alone. Future commits will integrate this into libssl and s_server/
s_client. An asynchronous capable engine will be required to see any benefit
from this capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:04 +00:00
Matt Caswell
5f3d93e4a3 Ensure all EVP calls have their returns checked where appropriate
There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the return value but don't.
This adds these checks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-20 15:47:02 +00:00
Dr. Stephen Henson
e20b472751 Add support for signer_digest option in TS.
Based on PR#2145

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-20 13:40:53 +00:00
Rich Salz
bf1605518a Rename RSA_eay_xxx to rsa_ossl_xxx
Final part of flushing out SSLEay API's.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-17 17:14:28 -05:00
Dr. Stephen Henson
699f163524 Use accessors for X509_print_ex().
Print certificate details using accessor functions.

Since X509_CERT_AUX_print is only used in one place and can't
be used by applications (it uses an internal X509_CERT_AUX structure)
this has been removed and replaced by a function X509_aux_print which
takes an X509 pointer instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-14 00:13:08 +00:00
Dr. Stephen Henson
748118a838 Add new X509 accessors
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-14 00:13:08 +00:00
Matt Caswell
a974e64aaa Fix SSL_use_certificate_chain_file
The new function SSL_use_certificate_chain_file was always crashing in
the internal function use_certificate_chain_file because it would pass a
NULL value for SSL_CTX *, but use_certificate_chain_file would
unconditionally try to dereference it.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-11-10 23:02:44 +00:00
Dr. Stephen Henson
36e79832d3 Replace L suffix with U
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-08 14:03:50 +00:00
Dr. Stephen Henson
90d9e49a4b Use uint32_t and int32_t for SSL_CIPHER structure.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-08 14:03:50 +00:00
Richard Levitte
009e9d99a3 Remove the state parameter from BIO_ctrl_set_connected
The actual implementation has the state of the connection being
controlled with the peer parameter, non-NULL meaning connected and
NULL meaning connected.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-02 17:36:49 +01:00
Richard Levitte
2443030466 BIO_s_datagram() ctrl doesn't support SEEK/TELL, so don't pretend it does
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-02 17:36:49 +01:00
Richard Levitte
f564acdaf5 Correct or add comments indicating what controls belong to what
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-02 17:36:49 +01:00
Richard Levitte
7281cbaaa7 Remove PROXY controls that aren't used anywhere
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-02 17:36:49 +01:00
Richard Levitte
8976eb249a Remove dummy argument from BIO_get_bind_mode
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-02 17:36:49 +01:00
Richard Levitte
4b72d5f80c Have BIO_get_conn_int_port use BIO_ctrl instead BIO_int_ctrl
BIO_int_ctrl isn't made for the purpose BIO_get_conn_int_port used it
for.

This also changes BIO_C_GET_CONNECT to actually return the port
instead of assigning it to a pointer that was never returned back to
the caller.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-02 17:36:49 +01:00
Rich Salz
b0700d2c8d Replace "SSLeay" in API with OpenSSL
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 17:21:42 -04:00
Matt Caswell
f0659bdb00 Fix various error codes
A number of error codes were wrong due to a rebase of the state machine
code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:47 +00:00
Matt Caswell
f3ae986218 Remove the old state defines
Remove all the defines for the old state machines states. Mapping old to new
is probably going to cause more problems than it solves so it is probably
better to just remove them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:47 +00:00
Matt Caswell
5998e29035 Remove SSL_state and SSL_set_state
SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer
supported.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Matt Caswell
7c8b535716 Don't depend on SSL structure internals
The macros SSL_in_connect_init() and SSL_in_accept_init() inadvertently
depended on SSL structure internals. This fixes it to use public API calls
instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Matt Caswell
35bf6e0537 Change HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE
Rename the enum HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE to ensure there are
no namespace clashes, and convert it into a typedef.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Matt Caswell
73999b62a2 Move PACKET creation into the state machine
Previously each message specific process function would create its own
PACKET structure. Rather than duplicate all of this code lots of times we
should create it in the state machine itself.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:38:18 +00:00
Matt Caswell
c64359db8a Redefine old state values
ssl.h and ssl3.h have a number of defines for the various states in the old
state machine code. Since this is public API it is not desirable to just
remove them. Instead redefine them to the closest equivalent state in the
new state machine code. If an application calls SSL_state then the return
value can still be compared against these old values if necessary. However
not all values have an equivalent state in the new code, so these are just
redefined to a dummy value.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:38:18 +00:00
Matt Caswell
49ae742398 Remove redundant code
Clean up and remove lots of code that is now no longer needed due to the
move to the new state machine.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:38:18 +00:00
Matt Caswell
c130dd8ea4 Move server side DTLS to new state machine
Implement all of the necessary changes to make DTLS on the server work
with the new state machine code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:38:18 +00:00
Matt Caswell
94836de2ae Move server side TLS to new state machine
Implement all of the necessary changes for moving TLS server side
processing into the new state machine code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:38:18 +00:00
Matt Caswell
e27f234a41 Split TLS server functions
Split the TLS server ssl3_get_* and ssl3_send_* functions into two ready
for the migration to the new state machine code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:38:18 +00:00
Matt Caswell
473483d42d Implement DTLS client move to new state machine
Move all DTLS client side processing into the new state machine code. A
subsequent commit will clean up the old dead code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:32:44 +00:00
Matt Caswell
76af303761 dtls_get_message changes for state machine move
Create a dtls_get_message function similar to the old dtls1_get_message but
in the format required for the new state machine code. The old function will
eventually be deleted in later commits.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:32:44 +00:00
Matt Caswell
b9908bf9b8 Split client message reading and writing functions
The new state machine code will split up the reading and writing of
hanshake messages into discrete phases. In order to facilitate that the
existing "get" type functions will be split into two halves: one to get
the message and one to process it. The "send" type functions will also have
all work relating to constructing the message split out into a separate
function just for that. For some functions there will also be separate
pre and post "work" phases to prepare or update state.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:32:44 +00:00
Matt Caswell
f8e0a55738 Add initial state machine rewrite code
This is the first drop of the new state machine code.

The rewrite has the following objectives:
- Remove duplication of state code between client and server
- Remove duplication of state code between TLS and DTLS
- Simplify transitions and bring the logic together in a single location
  so that it is easier to validate
- Remove duplication of code between each of the message handling functions
- Receive a message first and then work out whether that is a valid
  transition - not the other way around (the other way causes lots of issues
  where we are expecting one type of message next but actually get something
  else)
- Separate message flow state from handshake state (in order to better
  understand each)
  - message flow state = when to flush buffers; handling restarts in the
    event of NBIO events; handling the common flow of steps for reading a
    message and the common flow of steps for writing a message etc
  - handshake state = what handshake message are we working on now
- Control complexity: only the state machine can change state: keep all
  the state changes local to a file

This builds on previous state machine related work:
- Surface CCS processing in the state machine
- Version negotiation rewrite

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:27:59 +00:00
Matt Caswell
9ab930b27d Split ssl3_get_message
The function ssl3_get_message gets a whole message from the underlying bio
and returns it to the state machine code. The new state machine code will
split this into two discrete steps: get the message header and get the
message body. This commit splits the existing function into these two
sub steps to facilitate the state machine implementation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:27:59 +00:00
Rich Salz
6f5c030320 Remove HAMC_cleanup
Old API for use with OpenSSL-0.9.6.  Remove it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-27 16:07:56 -04:00
Alessandro Ghedini
3240e7cf5f Fix references to various RFCs
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Dr. Stephen Henson
47c9a1b509 embed support for ASN1_STRING
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-11 20:33:57 +01:00
Dr. Stephen Henson
a332635ea0 Embed various OCSP fields.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-11 20:33:57 +01:00
Emilia Kasper
3101154481 DTLS: remove unused cookie field
Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-09 15:32:35 +02:00
Adam Eijdenberg
3149baf83c Initial commit for Certificate Transparency support
Original authors:
Rob Stradling <rob@comodo.com>
Dr. Stephen Henson <steve@openssl.org>

Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-09 11:32:25 +02:00
Emilia Kasper
329428708d PACKET: simplify ServerKeyExchange parsing
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-08 16:44:39 +02:00
Matt Caswell
28dc5d1963 Fix no-ripemd on Windows
mkdef.pl was getting confused by:

 # ifdef OPENSSL_NO_RMD160
 #  error RIPEMD is disabled.
 # endif

Changing RIPEMD to RMD160 solves it. Fix suggested by Steve Henson.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-08 15:31:08 +01:00
Andy Polyakov
f4bd5de544 Address more Windows warnings illuminated by mingw.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-06 09:44:27 +02:00
Dmitry Belyavskiy
52ee3ed3a1 New cipher and cipher modes standardized in Russia
This change introduces short names and NIDs for Russian GOST ciphers
according to GOST R 34.13-2015

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05 21:55:10 +01:00
Emilia Kasper
b3e2272c59 ssl3_get_client_hello: rearrange logic
Move all packet parsing to the beginning of the method. This limits the
SSLv2 compatibility soup to the parsing, and makes the rest of the
processing uniform.

This is also needed for simpler EMS support: EMS servers need to do an
early scan for EMS to make resumption decisions. This'll be easier when
the entire ClientHello is parsed in the beginning.

As a side effect,
1) PACKETize ssl_get_prev_session and tls1_process_ticket; and
2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05 19:03:52 +02:00
Dr. Stephen Henson
f93ad22f6a Free up ASN.1 structures at top level only.
When a decoding error in ASN.1 occurs only free up the partial structure
at the top level. This simplifies embedded handling and fixes freeing
up of structures when presented with malformed input.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-05 03:31:41 +01:00
Rich Salz
9982cbbbf6 Remove BIO_s_file_internal macro.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-02 14:22:05 -04:00
Matt Caswell
57e4e926da Revert "Custom cipher constants"
This reverts commit 3aabc1dd1c.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-10-01 13:51:31 +01:00
Dmitry Belyavskiy
3aabc1dd1c Custom cipher constants
Add some custom ctrls for Engine specific use.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-01 10:09:11 +01:00
Matt Caswell
c84f7f4a74 Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.

Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-30 19:15:06 +01:00
Rich Salz
75f648aa06 Make update / libeay.num fix
Looks like someone forgot to do a "make update" since crypto/ts/Makefile
keeps changing.  So include that.

Second is that the declare_dh_bn macro fools the libeay.num script.
The declarations are only needed in one file (dh_rfc5114) so remove
them from the header and put the "raw" declarations directly into that
file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-30 11:15:14 -04:00
David Woodhouse
984d6c6052 Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>

   +Replace FILE BIO's with dummy ops that fail.
   +Include <stdio.h> for sscanf() even with no-stdio (since the declaration
    is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
    variable, since it can be larger than a 'long'. And we don't rely on the
    availability of strtoull().
   +Remove OPENSSL_stderr(); not used.
   +Make OPENSSL_showfatal() do nothing (currently without stdio there's
    nothing we can do).
   +Remove file-based functionality from ssl/. The function
    prototypes were already gone, but not the functions themselves.
   +Remove unviable conf functionality via SYS_UEFI
   +Add fallback definition of BUFSIZ.
   +Remove functions taking FILE * from header files.
   +Add missing DECLARE_PEM_write_fp_const
   +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
    so remove its prototype.
   +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
   +Eliminate SRP_VBASE_init() and supporting functions. Users will need to
    build the verifier manually instead.
   +Eliminate compiler warning for unused do_pk8pkey_fp().
   +Disable TEST_ENG_OPENSSL_PKEY.
   +Disable GOST engine as is uses [f]printf all over the place.
   +Eliminate compiler warning for unused send_fp_chars().

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-29 21:59:19 -04:00
Andy Polyakov
03cbd3b8fa asn1t.h: silence -Wmissing-prototype in Windows builds.
On Windows OPENSSL_EXPORT_VAR_AS_FUNCTION is defined and in a sense
this modification simply harmonizes it with "VAR_AS_VAR".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:05:13 +02:00
Nicholas Cooper
ef85320622 RT3948: Some structs have confusing names.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-28 22:07:29 -04:00
Matt Caswell
d84a7b20e3 Add ability to set default CA path and file locations individually
Previously you could only set both the default path and file locations
together. This adds the ability to set one without the other.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-25 14:49:59 +01:00
Matt Caswell
e3d0dae7cf DTLSv1_listen rewrite
The existing implementation of DTLSv1_listen() is fundamentally flawed. This
function is used in DTLS solutions to listen for new incoming connections
from DTLS clients. A client will send an initial ClientHello. The server
will respond with a HelloVerifyRequest containing a unique cookie. The
client the responds with a second ClientHello - which this time contains the
cookie.

Once the cookie has been verified then DTLSv1_listen() returns to user code,
which is typically expected to continue the handshake with a call to (for
example) SSL_accept().

Whilst listening for incoming ClientHellos, the underlying BIO is usually in
an unconnected state. Therefore ClientHellos can come in from *any* peer.
The arrival of the first ClientHello without the cookie, and the second one
with it, could be interspersed with other intervening messages from
different clients.

The whole purpose of this mechanism is as a defence against DoS attacks. The
idea is to avoid allocating state on the server until the client has
verified that it is capable of receiving messages at the address it claims
to come from. However the existing DTLSv1_listen() implementation completely
fails to do this. It attempts to super-impose itself on the standard state
machine and reuses all of this code. However the standard state machine
expects to operate in a stateful manner with a single client, and this can
cause various problems.

A second more minor issue is that the return codes from this function are
quite confused, with no distinction made between fatal and non-fatal errors.
Most user code treats all errors as non-fatal, and simply retries the call
to DTLSv1_listen().

This commit completely rewrites the implementation of DTLSv1_listen() and
provides a stand alone implementation that does not rely on the existing
state machine. It also provides more consistent return codes.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:26 +01:00
Matt Caswell
01b7851aa2 Add BIO_CTRL_DGRAM_SET_PEEK_MODE
Add the ability to peek at a message from the DTLS read BIO. This is needed
for the DTLSv1_listen rewrite.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:26 +01:00
Dr. Stephen Henson
d19a50c9fb New function X509_get0_subject_key_id()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Dr. Stephen Henson
2c81e476fa Make X509 opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Emilia Kasper
de8883e11b BUF_strndup: tidy
Fix comment, add another overflow check, tidy style

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:51:18 +02:00
Alessandro Ghedini
110f7b37de Make BUF_strndup() read-safe on arbitrary inputs
BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.

Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.

The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:50:53 +02:00
Dr. Stephen Henson
1f143e08a5 New accessor X509_REQ_get_X509_PUBKEY()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 13:07:22 +01:00
Dr. Stephen Henson
835911b845 Additional X509_CRL accessors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 13:07:06 +01:00
Dr. Stephen Henson
dc29030ab6 Add accessors for X509_REVOKED.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-22 12:28:45 +01:00
Dr. Stephen Henson
a9732d04fa Add accessors for request and CRL signatures
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-22 12:28:45 +01:00
Dr. Stephen Henson
8f463dbddd Move EVP_PKEY_METHOD into private headers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 03:46:16 +01:00
Dr. Stephen Henson
6e63c142f2 Embed various signature algorithms.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-17 17:18:59 +01:00
Dr. Stephen Henson
5cf6abd805 Embed X509_CINF
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16 22:33:25 +01:00
Dr. Stephen Henson
2869e79f42 Change X509_VAL in X509 structure to embedded.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16 22:17:39 +01:00
Dr. Stephen Henson
de17bd5d7f New ASN.1 embed macro.
New ASN.1 macro ASN1_EMBED. This is the same as ASN1_SIMPLE except the
structure is not allocated: it is part of the parent. That is instead of

FOO *x;

it must be:

FOO x;

This reduces memory fragmentation and make it impossible to accidentally
set a mandatory field to NULL.

This currently only works for SEQUENCE and since it is equivalent to
ASN1_SIMPLE it cannot be tagged, OPTIONAL, SET OF or SEQUENCE OF.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16 22:17:39 +01:00
Alessandro Ghedini
05e97f1d4f Fix build on mingw
When OPENSSL_EXPORT_VAR_AS_FUNCTION is defined, the static_ASN1_ITEM_start
macro doesn't exist so the build fails. This problem was introduced in
commit df2ee0e.

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-16 23:12:22 +01:00
Dr. Stephen Henson
aabd492320 Constify ECDSA_METHOD_new.
PR#3920.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-12 01:53:52 +01:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Dr. Stephen Henson
e7451ed137 EVP_PKEY_METHOD accessor functions.
Functions to retrieve the function pointer of an existing method: this
can be used to create a method which intercepts or modifies the behaviour
of an existing method while retaining most of the existing behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-10 18:20:27 +01:00
David Woodhouse
4d60c7e10f RT3969: Add OPENSSL_SYS_UEFI
This provides support for building in the EDK II reference implementation
of UEFI. Most UEFI firmware in existence uses OpenSSL for implementing
the core cryptographic functionality needed for Secure Boot.

This has always previously been handled with external patches to OpenSSL
but we are now making a concerted effort to eliminate those.

In this mode, we don't actually use the OpenSSL makefiles; we process
the MINFO file generated by 'make files' and incorporate it into the
EDK2 build system.

Since EDK II builds for various targets with varying word size and we
need to have a single prepackaged configuration, we deliberately don't
hard-code the setting of SIXTY_FOUR_BIT vs. THIRTY_TWO_BIT in
opensslconf.h. We bypass that for OPENSSL_SYS_UEFI and allow EDK II
itself to set those, depending on the architecture.

For x86_64, EDK II sets SIXTY_FOUR_BIT and thus uses 'long long' for the
64-bit type, even when building with GCC where 'long' is also 64-bit. We
do this because the Microsoft toolchain has 32-bit 'long'.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-08 23:14:36 -04:00
Dr. Stephen Henson
f728254a84 Replace X509 macros with functions
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 00:17:37 +01:00
Rich Salz
ca4a494cb7 Make TS structures opaque.
Most of the accessors existed and were already used so it was easy.
TS_VERIFY_CTX didn't have accessors/settors so I added the simple and
obvious ones, and changed the app to use them.  Also, within crypto/ts,
replaced the functions with direct access to the structure members
since we generally aren't opaque within a directory.

Also fix RT3901.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05 17:49:20 -04:00
David Woodhouse
d35ff2c0ad RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check
In some environments, such as firmware, the current system time is entirely
meaningless. Provide a clean mechanism to suppress the checks against it.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05 16:17:15 -04:00
Dr. Stephen Henson
44748efc85 make X509_REVOKED opaque
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05 12:29:51 +01:00
Rich Salz
b0809bc8ff RT3998: Allow scrypt to be disabled
This does 64-bit division and multiplication, and on 32-bit platforms
pulls in libgcc symbols (and MSVC does similar) which may not be
available.  Mostly done by David Woodhouse.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-09-04 14:09:14 -04:00
David Woodhouse
47bbaa5b60 Revert "OPENSSL_NO_xxx cleanup: RFC3779"
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.

In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 16:31:09 -04:00
David Bar
e968561d5e RT3674: Make no-cms build work.
Also has changes from from David Woodhouse <David.Woodhouse@intel.com>
and some tweaks from me.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 14:45:15 -04:00
Dr. Stephen Henson
d95466931d PBE lookup test
Add test to check PBE lookups: these can fail if the PBE table is not
correctly orders. Add to "make test".

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-03 18:37:27 +01:00
Rich Salz
b51bce9420 Add and use OPENSSL_zalloc
There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-02 22:05:37 -04:00
Dr. Stephen Henson
e3e571925c make X509_CRL opaque
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-02 21:26:17 +01:00
Dr. Stephen Henson
0b58c6ad9e delete unused structure
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-02 21:21:27 +01:00
Rich Salz
8d1d0f4d9e Move OPENSSL_ITEM to store.h
The only place that uses it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-02 11:12:36 -04:00
Tim Zhang
91d2728b38 Fix the comment for POINT_CONVERSION_UNCOMPRESSED
The |z| value should be 0x04 not 0x02

RT#3838

Signed-off-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-01 23:50:49 +01:00
Dr. Stephen Henson
063f1f0c69 functions to retrieve certificate flags
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-01 20:37:45 +01:00
Dr. Stephen Henson
af183984c3 use uint32_t for certificate flags
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-01 20:37:44 +01:00
Adam Eijdenberg
fb029cebae RT3984: Fix clang compiler warning on Mac OS X where %ld is used for uint64_t.
clang suggests %llu instead, but it isn't clear that is portable on
all platforms.

C99 and above define a handy macro for us, so we try to use that
definition and fall back to current definition if needed (though we
switch to 'u' for unsigned).

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-01 20:18:46 +02:00
Dr. Stephen Henson
05f0fb9f6a Add X509_up_ref function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 23:18:55 +01:00
Dr. Stephen Henson
65cbf983ca Add X509_CRL_up_ref function
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 23:18:54 +01:00
Dr. Stephen Henson
124055a96e make X509_REQ opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 20:58:33 +01:00
Dr. Stephen Henson
bc3686dfb0 make X509_CERT_AUX opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 20:58:33 +01:00
Rich Salz
4c42ebd2f3 Remove _locked memory functions.
Undocumented, unused, unnecessary (replaced by secure arena).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-26 07:02:33 -04:00
Dmitry Belyavsky
31001f8131 Add new GOST OIDs
Add new OIDs for latest GOST updates

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-17 15:34:30 +01:00
Dr. Stephen Henson
176f85a28e Add CCM ciphersuites from RFC6655 and RFC7251
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-14 06:57:32 +01:00
Dr. Stephen Henson
3d3701ea20 ccm8 support
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-14 06:56:11 +01:00
Dr. Stephen Henson
e75c5a794e CCM support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-14 06:56:11 +01:00
Rich Salz
ade44dcb16 Remove Gost94 signature algorithm.
This was obsolete in 2001.  This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-11 18:23:29 -04:00
Guy Leaver (guleaver)
61e72d761c Fix seg fault with 0 p val in SKE
If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
value of p set to 0 then a seg fault can occur. This commits adds a test to
reject p, g and pub key parameters that have a 0 value (in accordance with
RFC 5246)

The security vulnerability only affects master and 1.0.2, but the fix is
additionally applied to 1.0.1 for additional confidence.

CVE-2015-1794

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-11 19:57:01 +01:00
Matt Caswell
870063c83d Normalise make errors output
make errors wants things in a different order to the way things are
currently defined in the header files. The easiest fix is to just let it
reorder it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-11 19:57:01 +01:00
Rich Salz
fbfcb22439 RT3999: Remove sub-component version strings
Especially since after the #ifdef cleanups this is not useful.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-10 12:13:32 -04:00
Matt Caswell
496dbe1855 Fix make errors for the CCS changes
The move of CCS into the state machine was causing make errors to fail. This
fixes it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:06 +01:00
Matt Caswell
657da85eea Move TLS CCS processing into the state machine
The handling of incoming CCS records is a little strange. Since CCS is not
a handshake message it is handled differently to normal handshake messages.
Unfortunately whilst technically it is not a handhshake message the reality
is that it must be processed in accordance with the state of the handshake.
Currently CCS records are processed entirely within the record layer. In
order to ensure that it is handled in accordance with the handshake state
a flag is used to indicate that it is an acceptable time to receive a CCS.

Previously this flag did not exist (see CVE-2014-0224), but the flag should
only really be considered a workaround for the problem that CCS is not
visible to the state machine.

Outgoing CCS messages are already handled within the state machine.

This patch makes CCS visible to the TLS state machine. A separate commit
will handle DTLS.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:05 +01:00
Nicholas Cooper
119ab03aea RT3959: Fix misleading comment
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:07:11 -04:00
Dr. Stephen Henson
69a3a9f5d9 CAMELLIA PSK ciphersuites from RFC6367
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
5516fcc0c9 Add RFC4785 ciphersuites
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:36 +01:00
Dr. Stephen Henson
ea6114c6d0 Add RFC4279, RFC5487 and RFC5489 ciphersuites.
Note: some of the RFC4279 ciphersuites were originally part of PR#2464.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:36 +01:00
Dr. Stephen Henson
f40ecbc37c Initial new PSK ciphersuite defines
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
0096d8f7e0 New PSK keyex text constants
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Matt Caswell
57787ac814 Remove support for SSL3_FLAGS_DELAY_CLIENT_FINISHED
This flag was not set anywhere within the codebase (only read). It could
only be set by an app reaching directly into s->s3->flags and setting it
directly. However that method became impossible when libssl was opaquified.

Even in 1.0.2/1.0.1 if an app set the flag directly it is only relevant to
ssl3_connect(), which calls SSL_clear() during initialisation that clears
any flag settings. Therefore it could take effect if the app set the flag
after the handshake has started but before it completed. It seems quite
unlikely that any apps really do this (especially as it is completely
undocumented).

The purpose of the flag is suppress flushing of the write bio on the client
side at the end of the handshake after the client has written the Finished
message whilst resuming a session. This enables the client to send
application data as part of the same flight as the Finished message.

This flag also controls the setting of a second flag SSL3_FLAGS_POP_BUFFER.
There is an interesting comment in the code about this second flag in the
implementation of ssl3_write:

	/* This is an experimental flag that sends the
	 * last handshake message in the same packet as the first
	 * use data - used to see if it helps the TCP protocol during
	 * session-id reuse */

It seems the experiment did not work because as far as I can tell nothing
is using this code. The above comment has been in the code since SSLeay.

This commit removes support for SSL3_FLAGS_DELAY_CLIENT_FINISHED, as well
as the associated SSL3_FLAGS_POP_BUFFER.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-27 15:00:05 +01:00
Rich Salz
7e5363abe3 Rewrite crypto/ex_data
Removed ability to set ex_data impl at runtime.  This removed these
three functions:
    const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
    int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
    int CRYPTO_ex_data_new_class(void);
It is no longer possible to change the ex_data implementation at
runtime.  (Luckily those functions were never documented :)

Also removed the ability to add new exdata "classes."  We don't believe
this received much (if any) use, since you can't add it to OpenSSL objects,
and there are probably better (native) methods for developers to add
their own extensible data, if they really need that.

Replaced the internal hash table (of per-"class" stacks) with a simple
indexed array.  Reserved an index for "app" application.

Each API used to take the lock twice; now it only locks once.

Use local stack storage for function pointers, rather than malloc,
if possible (i.e., number of ex_data items is under a dozen).

Make CRYPTO_EX_DATA_FUNCS opaque/internal.

Also fixes RT3710; index zero is reserved.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-20 01:16:28 -04:00
Rich Salz
0bc2f36555 Remove obsolete key formats.
Remove support for RSA_NET and Netscape key format (-keyform n).

Also removed documentation of SGC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-16 01:06:48 -04:00
Viktor Dukhovni
0dc41520f2 Maintain backwards-compatible SSLv23_method macros
Reviewed-by: Tim Hudson	<tjh@openssl.org>
2015-07-15 01:46:03 -04:00
Dr. Stephen Henson
851fdda1a1 make stacks
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-09 16:04:09 +01:00
Matt Caswell
7f3f41d816 Extend -show_chain option to verify to show more info
The -show_chain flag to the verify command line app shows information about
the chain that has been built. This commit adds the text "untrusted" against
those certificates that have been used from the untrusted list.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-07 21:57:12 +01:00
Dr. Stephen Henson
57b272b01a Use single master secret generation function.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-29 11:47:59 +01:00
Dr. Stephen Henson
547dba74f3 Add PSK GCM ciphersuites from RFC5487
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-23 22:25:20 +01:00
Dr. Stephen Henson
124037fdc0 Tidy up ssl3_digest_cached_records logic.
Rewrite ssl3_digest_cached_records handling. Only digest cached records
if digest array is NULL: this means it is safe to call
ssl3_digest_cached_records multiple times (subsequent calls are no op).

Remove flag TLS1_FLAGS_KEEP_HANDSHAKE instead only update handshake buffer
if digest array is NULL.

Add additional "keep" parameter to ssl3_digest_cached_records to indicate
if the handshake buffer should be retained after digesting cached records
(needed for TLS 1.2 client authentication).

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-23 22:24:09 +01:00
Rich Salz
74924dcb38 More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-23 17:09:35 -04:00
Richard Levitte
30cf91784b Remove one extraneous parenthesis
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-06-16 13:10:24 +02:00
Matt Caswell
4b464e7b46 Fix ABI break with HMAC
Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX.
This backs that change out, and does it a different way.

Thanks to Timo Teras for the concept.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-12 13:16:09 +01:00
Emilia Kasper
a8e4ac6a2f Remove SSL_OP_TLS_BLOCK_PADDING_BUG
This is a workaround so old that nobody remembers what buggy clients
it was for. It's also been broken in stable branches for two years and
nobody noticed (see
https://boringssl-review.googlesource.com/#/c/1694/).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-10 13:55:11 +02:00
Matt Caswell
b8b12aadd8 Change BIO_number_read and BIO_number_written() to be 64 bit
The return type of BIO_number_read() and BIO_number_written() as well as
the corresponding num_read and num_write members in the BIO structure has
been changed from unsigned long to uint64_t. On platforms where an unsigned
long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is
transferred.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-10 10:40:50 +01:00
Rich Salz
51b04a6117 No fprintf in the txt_db component
Also removed a source file that isn't built, and moved
another one to test for eventual fixing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-09 12:39:08 -04:00
Kurt Roeckx
26c79d5641 Properly check certificate in case of export ciphers.
Reviewed-by: Matt Caswell <matt@openssl.org>
MR #588
2015-06-09 00:46:59 +02:00
Rich Salz
c0cf5b84dd Set error code, no fprintf stderr, on errors.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-04 18:03:33 -04:00
Sergey Agievich
3418f7b7b0 Add funtions to set item_sign and item_verify
PR#3872

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit ad0fb7f498)

Conflicts:
	crypto/asn1/ameth_lib.c
2015-06-03 15:39:29 +01:00
Richard Levitte
3f131556d6 Add the macro OPENSSL_SYS_WIN64
This is for consistency.
Additionally, have its presence define OPENSSL_SYS_WINDOWS as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-02 17:56:48 +02:00
Matt Caswell
98ece4eebf Fix race condition in NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

CVE-2015-1791

This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.

Parts of this patch were inspired by this Akamai change:
c0bf69a791

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-02 09:30:12 +01:00
Rich Salz
bca3f06b84 Use enum for X509_LOOKUP_TYPE
Using an enum with -Wswitch means all lookup routines handle
all cases.  Remove X509_LU_PKEY which was never used.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-28 12:54:27 -04:00
Matt Caswell
d9f1c639d5 Change return type of the new accessors
The new accessors SSL_get_client_random, SSL_get_server_random and
SSL_SESSION_get_master_key should return a size_t to match the type of the
|outlen| parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-28 16:55:15 +01:00
Matt Caswell
6b8f5d0d43 Change the new functions to use size_t
Change the new SSL_get_client_random(), SSL_get_server_random() and
SSL_SESSION_get_master_key() functions to use size_t for |outlen| instead of
int.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-28 16:05:56 +01:00
Nick Mathewson
858618e7e0 Add new functions to extract {client,server}_random, master_key
Tor uses these values to implement a low-rent clone of RFC 5705 (which,
in our defense, we came up with before RFC 5705 existed).  But now that
ssl_st is opaque, we need another way to get at them.

Includes documentation, with suitable warnings about not actually
using these functions.

Signed-off-by: Nick Mathewson <nickm@torproject.org>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-28 16:05:01 +01:00
Nick Mathewson
831eef2cf5 Add SSL_get_client_ciphers() to return ciphers from ClientHello
On the server side, if you want to know which ciphers the client
offered, you had to use session->ciphers.  But that field is no
longer visible, so we need a method to get at it.

Signed-off-by: Nick Mathewson <nickm@torproject.org>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-28 16:00:23 +01:00
Dr. Stephen Henson
6355d31538 Add function PKCS8_set0_pbe
This adds a new function which will encrypt a private key using PKCS#8
based on an X509_ALGOR structure and reimplements PKCS8_encrypt to use it.

Update pkcs8 utlity to use PKCS8_set0_pbe.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:09:26 +01:00
Dr. Stephen Henson
fef034f85e Error if memory limit exceeded.
Set a specific error if the parameters are otherwise valid but exceed the
memory limit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:09:25 +01:00
Matt Caswell
7cc18d8158 Reject negative shifts for BN_rshift and BN_lshift
The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-22 23:15:02 +01:00
Matt Caswell
e481f9b90b Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:10:51 +01:00
Dr. Stephen Henson
e98aa30d55 Add scrypt PBE algorithm code.
This adds support for the ASN.1 structures in draft-josefsson-scrypt-kdf-03
Private keys encrypted by scrypt can now be decrypted transparently as long
as they don't exceed the memory limits.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-21 12:48:02 +01:00
Dr. Stephen Henson
96b96d6c45 Add scrypt OID from draft-josefsson-scrypt-kdf-03
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-21 12:48:02 +01:00
Kurt Roeckx
ac38115c1a Correctly check for export size limit
40 bit ciphers are limited to 512 bit RSA, 56 bit ciphers to 1024 bit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 22:18:44 +02:00
Dr. Stephen Henson
c5f2810581 Add functions to convert between uint64_t and ASN1_INTEGER.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 15:04:19 +01:00
Dr. Stephen Henson
a95fb9e358 Add scrypt support.
Add scrypt algorithm as described in draft-josefsson-scrypt-kdf-03

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 12:21:31 +01:00
Dr. Stephen Henson
6c5b6cb035 ASN1 INTEGER refactor.
Rewrite and tidy ASN1_INTEGER and ASN1_ENUMERATED handling.

Remove code duplication.

New functions to convert between int64_t and ASN.1 types without the
quirks of the old long conversion functions.

Add documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-18 18:38:42 +01:00
Matt Caswell
d45ba43dab Updates following review comments
Miscellaneous updates following review comments on the version negotiation
rewrite patches.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:20:52 +01:00
Matt Caswell
a3680c8f9c Version negotiation rewrite cleanup
Following the version negotiation rewrite all of the previous code that was
dedicated to version negotiation can now be deleted - all six source files
of it!!

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:20:38 +01:00
Matt Caswell
13c9bb3ece Client side version negotiation rewrite
Continuing from the previous commit this changes the way we do client side
version negotiation. Similarly all of the s23* "up front" state machine code
has been avoided and again things now work much the same way as they already
did for DTLS, i.e. we just do most of the work in the
ssl3_get_server_hello() function.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:20:31 +01:00
Matt Caswell
32ec41539b Server side version negotiation rewrite
This commit changes the way that we do server side protocol version
negotiation. Previously we had a whole set of code that had an "up front"
state machine dedicated to the negotiating the protocol version. This adds
significant complexity to the state machine. Historically the justification
for doing this was the support of SSLv2 which works quite differently to
SSLv3+. However, we have now removed support for SSLv2 so there is little
reason to maintain this complexity.

The one slight difficulty is that, although we no longer support SSLv2, we
do still support an SSLv3+ ClientHello in an SSLv2 backward compatible
ClientHello format. This is generally only used by legacy clients. This
commit adds support within the SSLv3 code for these legacy format
ClientHellos.

Server side version negotiation now works in much the same was as DTLS,
i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to
that then when a ClientHello is received it will work out the most
appropriate version to respond with. Also, SSLv23_method and
SSLv23_server_method have been replaced with TLS_method and
TLS_server_method respectively. The old SSLv23* names still exist as
macros pointing at the new name, although they are deprecated.

Subsequent commits will look at client side version negotiation, as well of
removal of the old s23* code.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:19:56 +01:00
Rich Salz
756eff7a31 Remove unused #ifdef's from header files
And remove a duplicate comment, probably from a merge hiccup.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-15 14:39:27 -04:00
Rich Salz
857048a7f3 Use #error in openssl/srp.h
Follow the same convention the other OPENSSL_NO_xxx header files
do, and use #error instead of making the header file be a no-op.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-15 08:16:21 -04:00
Rich Salz
2eb264a14b Make up for a missed 'make update' update.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-15 06:48:14 -04:00
Richard Levitte
6857079791 Identify and move OpenSSL internal header files
There are header files in crypto/ that are used by the rest of
OpenSSL.  Move those to include/internal and adapt the affected source
code, Makefiles and scripts.

The header files that got moved are:

crypto/constant_time_locl.h
crypto/o_dir.h
crypto/o_str.h

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-14 15:13:49 +02:00
Richard Levitte
167f6c93b0 Move definition of INTxx_MIN et al to internal header
Having the INTxx_MIN et al macros defined in a public header is
unnecessary and risky.  Also, it wasn't done for all platforms that
might need it.

So we move those numbers to an internal header file, do the math
ourselves and make sure to account for the integer representations we
know of.

This introduces include/internal, which is unproblematic since we
already use -I$(TOP)/include everywhere.  This directory is different
from crypto/include/internal, as the former is more general internal
headers for all of OpenSSL, while the latter is for libcrypto only.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-14 12:22:18 +02:00
Dr. Stephen Henson
c1a623c55a Allow use of standard integer types.
Include appropriate headers for standard integer types in e_os2.h

This should use stdint.h, inttypes.h or a workaround for systems which
have neither.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-14 02:06:17 +01:00
Rich Salz
addaf977e2 Remove some outdated #defines.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-13 12:52:03 -04:00
Matt Caswell
e36827f6d1 Remove remaining Kerberos references
Following on from the removal of libcrypto and libssl support for Kerberos
this commit removes all remaining references to Kerberos.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:08:10 +01:00
Matt Caswell
60b3d36df3 Remove Kerberos support from libcrypto
Remove libcrypto support for Kerberos following on from the previous commit
which removed it from libssl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:08:04 +01:00
Matt Caswell
55a9a16f1c Remove Kerberos support from libssl
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:07:57 +01:00
Rich Salz
9a555706a3 Make COMP_CTX and COMP_METHOD opaque
Since COMP_METHOD is now defined in comp_lcl.h, it is no
longer possible to create new TLS compression methods without
using the OpenSSL source.  Only ZLIB is supported by default.
Also, since the types are opaque, #ifdef guards to use "char *"
instead of the real type aren't necessary.

The changes are actually minor.  Adding missing copyright to some
files makes the diff misleadingly big.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-12 10:24:48 -04:00
Dr. Stephen Henson
fae4772c24 Add SSL_use_certificate_chain_file function
Add SSL_use_certiicate_chain file functions: this is works the same
way as SSL_CTX_use_certificate_chain_file but for an SSL structure.

Update SSL_CONF code to use the new function.
Update docs.
Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-08 18:43:44 +01:00
Dr. Stephen Henson
656b26055c SSL_CONF table reorganisation.
Add command line switch entries to table and return SSL_CONF_TYPE_NONE for
them in SSL_CONF_cmd_value_type.

Update docs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-06 14:17:42 +01:00
Richard Levitte
2ed42bf639 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-05 21:49:51 +02:00
Richard Levitte
3c161d081e Remove the last traces of the fake RLE compression
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-05 21:48:43 +02:00
Matt Caswell
a89db885e0 Add Error state
Reusing an SSL object when it has encountered a fatal error can
have bad consequences. This is a bug in application code not libssl
but libssl should be more forgiving and not crash.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-05 19:45:17 +01:00
Rich Salz
8332f91cc0 fix various typo's
https://github.com/openssl/openssl/pull/176 (CHANGES)
 https://rt.openssl.org/Ticket/Display.html?id=3545 (objects.txt)
 https://rt.openssl.org/Ticket/Display.html?id=3796 (verify.pod)

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 08:50:34 -04:00
Dr. Stephen Henson
6f4d71ff9d make X509_VERIFY_PARAM opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-02 14:15:00 +01:00
Matt Caswell
c826988109 Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 23:12:39 +01:00
Rich Salz
895cba195a free cleanup 12
Don't check for NULL before calling free function.  This gets:
        NAME_CONSTRAINTS_free GENERAL_SUBTREE_free ECDSA_METHOD_free
        JPAKE_CTX_free OCSP_REQ_CTX_free SCT_free SRP_VBASE_free
        SRP_gN_free SRP_user_pwd_free TXT_DB_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 18:10:52 -04:00
Rich Salz
4b45c6e52b free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Matt Caswell
fb45690275 Remove redundant includes from dtls1.h
There were a set of includes in dtls1.h which are now redundant due to the
libssl opaque work. This commit removes those includes, which also has the
effect of resolving one issue preventing building on windows (i.e. the
include of winsock.h)

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 11:34:51 +01:00
Rich Salz
3e47caff48 ERR_ cleanup
Remove ERR_[gs]et_implementation as they were not undocumented and
useless (the data structure was opaque).

Halve the number of lock/unlock calls in almost all ERR_
functions by letting the caller of get_hash or int_thread_set
able to lock.  Very useful when looping, such as adding errors,
or when getting the hash and immediately doing a lookup on it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 10:50:54 -04:00
Emilia Kasper
e22d2199e2 Error checking and memory leak fixes in NISTZ256.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 16:21:48 +02:00
Dr. Stephen Henson
98c9ce2f55 SSL_CIPHER lookup functions.
Add tables to convert between SSL_CIPHER fields and indices for ciphers
and MACs.

Reorganise ssl_ciph.c to use tables to lookup values and load them.

New functions SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid.

Add documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-22 15:00:53 +01:00
Emilia Kasper
6e3d015363 Repair EAP-FAST session resumption
EAP-FAST session resumption relies on handshake message lookahead
to determine server intentions. Commits
980bc1ec61
and
7b3ba508af
removed the lookahead so broke session resumption.

This change partially reverts the commits and brings the lookahead back
in reduced capacity for TLS + EAP-FAST only. Since EAP-FAST does not
support regular session tickets, the lookahead now only checks for a
Finished message.

Regular handshakes are unaffected by this change.

Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-21 18:12:58 +02:00
Emilia Kasper
b65558328a Remove code for deleted function from ssl.h
ssl_cert_inst was removed in 2c3823491d

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-04-16 17:52:52 +02:00
Dr. Stephen Henson
865b55ac8e remove asn1_mac.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:31:15 +01:00
Dr. Stephen Henson
a469a6770a Remove old ASN.1 functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 18:30:09 +01:00
Dr. Stephen Henson
4fb6b0def1 Add macro to implement static encode functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-03 16:58:44 +01:00
Andy Polyakov
449e3f2601 Configure: android-arm facelift.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-02 09:36:32 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Ralf S. Engelschall
457c8a3965 Add include dir 1998-12-23 07:55:37 +00:00