Commit graph

1843 commits

Author SHA1 Message Date
Viktor Dukhovni
822b5e2645 Make possible variant SONAMEs and symbol versions
This small change in the Unix template and shared library build
scripts enables building "variant" shared libraries.  A "variant"
shared library has a non-default SONAME, and non default symbol
versions.  This makes it possible to build (say) an OpenSSL 1.1.0
library that can coexist without conflict in the same process address
space as the system's default OpenSSL library which may be OpenSSL
1.0.2.

Such "variant" shared libraries make it possible to link applications
against a custom OpenSSL library installed in /opt/openssl/1.1 or
similar location, and not risk conflict with an indirectly loaded
OpenSSL runtime that is required by some other dependency.

Variant shared libraries have been fully tested under Linux, and
build successfully on MacOS/X producing variant DYLD names.  MacOS/X
Darwin has no symbol versioning, but has a non-flat library namespace.
Variant libraries may therefore support multiple OpenSSL libraries
in the same address space also with MacOS/X, despite lack of symbol
versions, but this has not been verified.

Variant shared libraries are optional and off by default.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-11-30 18:33:58 -05:00
Rich Salz
8a8d9e1905 Fix SOURCE_DATE_EPOCH bug; use UTC
Thanks to Juro Bystricky for the suggestion and prototype.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4644)
2017-11-27 14:34:14 -05:00
Paul Yang
665d899fa6 Support multi-prime RSA (RFC 8017)
* Introduce RSA_generate_multi_prime_key to generate multi-prime
  RSA private key. As well as the following functions:
    RSA_get_multi_prime_extra_count
    RSA_get0_multi_prime_factors
    RSA_get0_multi_prime_crt_params
    RSA_set0_multi_prime_params
    RSA_get_version
* Support EVP operations for multi-prime RSA
* Support ASN.1 operations for multi-prime RSA
* Support multi-prime check in RSA_check_key_ex
* Support multi-prime RSA in apps/genrsa and apps/speed
* Support multi-prime RSA manipulation functions
* Test cases and documentation are added
* CHANGES is updated

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4241)
2017-11-21 14:38:42 +08:00
Paul Yang
b000470873 Support public key and param check in EVP interface
EVP_PKEY_public_check() and EVP_PKEY_param_check()

Doc and test cases are added

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4647)
2017-11-20 07:20:30 +01:00
Ben Kaduk
f1d3de718b make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4573)
2017-11-11 20:04:42 -06:00
Josh Soref
46f4e1bec5 Many spelling fixes/typo's corrected.
Around 138 distinct errors found and fixed; thanks!

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3459)
2017-11-11 19:03:10 -05:00
Andy Polyakov
1097d2a39e util/copy.pl: work around glob quirk in some of earlier 5.1x Perl versions.
In earlier 5.1x Perl versions quoting globs works only if there is
white space. If there is none, it's looking for names starting with ".

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4695)
2017-11-10 09:39:29 +01:00
Matt Caswell
018632ae98 Fix race condition in TLSProxy
Normally TLSProxy waits for the s_server process to finish before
continuing. However in cases where serverconnects > 1 we need to keep the
s_server process around for a later test so we continue immediately. This
means that TAP test output can end up being printed to stdout at the same
time as s_server is printing stuff. This confuses the test runner and can
cause spurious test failures. This commit introduces a small delay in cases
where serverconnects > 1 in order to give s_server enough time to finish
what it was doing before we continue to the next test.

Fixes #4129

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4660)
2017-11-07 10:51:17 +00:00
Ronald Tse
67e247fad1 SM3: restructure to EVP internal and update doc to right location
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4616)
2017-11-06 07:21:15 +08:00
Jack Lloyd
a0c3e4fa90 SM3: Add SM3 hash function
SM3 is a secure hash function which is part of the Chinese
"Commercial Cryptography" suite of algorithms which use is
required for certain commercial applications in China.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4616)
2017-11-06 07:21:11 +08:00
FdaSilvaYY
cf72c75792 Implement Maximum Fragment Length TLS extension.
Based on patch from Tomasz Moń:
https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/1008)
2017-11-05 17:46:48 +01:00
Ronald Tse
8fa4d95e8e Synchronize man3 EVP cipher list with existing implementations, adding:
* ARIA, SEED, Camellia
* AES-XTS, OCB, CTR
* Key wrap for 3DES, AES
* RC4-MD5 AD
* CFB modes with 1-bit and 8-bit shifts

Split EVP_EncryptInit cipher list to individual man pages.

Consolidate cipher bit-lengths in EVP_EncryptInit cipher list.

Clarify

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4564)
2017-10-31 16:28:42 +01:00
Richard Levitte
287f5551d9 Fix EVP_PKEY_ASN1_METHOD manual
Missing names slipped through

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4629)
2017-10-31 12:19:02 +01:00
Ronald Tse
f19a5ff9ab SM4: Add SM4 block cipher to EVP
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4552)
2017-10-31 15:19:14 +10:00
Richard Levitte
5e00608219 EVP_PKEY_ASN1_METHOD: add functions to set siginf_set and pkey_check methods
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4589)
2017-10-30 18:16:29 +01:00
Paul Yang
3ceab379fb Add sk_TYPE_new_reserve() function
This is a combination of sk_new and sk_reserve, to make it more
convenient to allocate a new stack with reserved memory and comaprison
function (if any).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4559)
2017-10-26 09:35:36 +10:00
Rich Salz
3f2181e6fa Additional name for all commands
Add openssl-foo as a name for the openssl "foo" command.
Addresses an issue found by a usability study to be published.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4553)
2017-10-18 15:33:56 -04:00
Dr. Matthias St. Pierre
c16de9d832 Fix reseeding issues of the public RAND_DRBG
Reseeding is handled very differently by the classic RAND_METHOD API
and the new RAND_DRBG api. These differences led to some problems when
the new RAND_DRBG was made the default OpenSSL RNG. In particular,
RAND_add() did not work as expected anymore. These issues are discussed
on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API'
and in Pull Request #4328. This commit fixes the mentioned issues,
introducing the following changes:

- Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which
  facilitates collecting entropy by the get_entropy() callback.
- Don't use RAND_poll()/RAND_add() for collecting entropy from the
  get_entropy() callback anymore. Instead, replace RAND_poll() by
  RAND_POOL_acquire_entropy().
- Add a new function rand_drbg_restart() which tries to get the DRBG
  in an instantiated state by all means, regardless of the current
  state (uninstantiated, error, ...) the DRBG is in. If the caller
  provides entropy or additional input, it will be used for reseeding.
- Restore the original documented behaviour of RAND_add() and RAND_poll()
  (namely to reseed the DRBG immediately) by a new implementation based
  on rand_drbg_restart().
- Add automatic error recovery from temporary failures of the entropy
  source to RAND_DRBG_generate() using the rand_drbg_restart() function.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4328)
2017-10-18 08:39:20 -05:00
Rich Salz
e3713c365c Remove email addresses from source code.
Names were not removed.
Some comments were updated.
Replace Andy's address with openssl.org

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4516)
2017-10-13 10:06:59 -04:00
Rich Salz
0e598a3d18 Add CRYPTO_get_alloc_counts.
Use atomic operations for the counters
Rename malloc_lock to memdbg_lock
Also fix some style errors in mem_dbg.c

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4359)
2017-10-12 22:04:12 -04:00
Dr. Stephen Henson
549be25303 make update
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4485)
2017-10-12 02:41:27 +01:00
Dr. Stephen Henson
5368bf05ed Add RFC7919 documentation.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4485)
2017-10-12 02:40:30 +01:00
Dr. Stephen Henson
3f8b368a27 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4503)
2017-10-12 00:03:32 +01:00
Pauli
30ff41beab Add atomic write call
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4414)
2017-10-10 08:45:53 +10:00
Pauli
94683b7acb Add a CRYPTO_atomic_read call which allows an int variable to be read
in an atomic fashion.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4414)
2017-10-10 08:45:52 +10:00
Richard Levitte
9b9a8a712d Fix util/perl/OpenSSL/Test.pm input variable overwrite
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4507)
2017-10-09 17:56:17 +02:00
Richard Levitte
0ed78e7800 Fix util/find-doc-nits to correctly parse function signature typedefs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4499)
2017-10-09 14:31:59 +02:00
Pauli
1b3e2bbf64 Add a reserve call to the stack data structure.
This allows the caller to guarantee that there is sufficient space for a
number of insertions without reallocation.

The expansion ratio when reallocating the array is reduced to 1.5 rather than 2.

Change bounds testing to use a single size rather than both INT_MAX and
SIZE_MAX.  This simplifies some of the tests.

Switch the stack pointers to data from char * to void *

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4386)
2017-09-28 06:53:40 +10:00
Christian Heimes
3edabd3ccb Provide getters for min/max proto version
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new
API to set the minimum and maximum protocol version for SSL_CTX with
TLS_method(). Add getters to introspect the configured versions:

  int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
  int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
  int SSL_get_min_proto_version(SSL *ssl);
  int SSL_get_max_proto_version(SSL *ssl);

NOTE: The getters do not resolv the version in case when the minimum or
maxium version are configured as '0' (meaning auto-select lowest and
highst version number).

Signed-off-by: Christian Heimes <christian@python.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4364)
2017-09-15 10:04:47 -05:00
Paul Yang
0822e89add Support EVP_PKEY_meth_remove and pmeth internal cleanup
1. make app pkey methods cleanup internal
2. add EVP_PKEY_meth_remove

Fixes travis-ci failure in #4337

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4356)
2017-09-14 12:41:34 +08:00
Paul Yang
2aee35d37d Support key check in EVP interface
A new method is added to EVP_PKEY_METH as:

    int (*check) (EVP_PKEY_CTX *ctx);

and to EVP_PKEY_ASN1_METHOD as:

    int (*pkey_check) (EVP_PKEY_CTX *ctx);

This is used to check the validity of a specific key.

The order of calls is:
EVP_PKEY_check -> pmeth.check -> ameth.pkey_check.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4337)
2017-09-13 20:38:14 +02:00
David Benjamin
a9c0d8beea Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb.
"Early callback" is a little ambiguous now that early data exists.
Perhaps "ClientHello callback"?

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4349)
2017-09-08 13:58:59 -05:00
Richard Levitte
4e049e2c36 Add UI functions to set result with explicit length and to retrieve the length
This allows completely arbitrary passphrases to be entered, including
NUL bytes.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3821)
2017-09-08 20:06:06 +02:00
Alfred E. Heggestad
fa4b82cc7c add callback handler for setting DTLS timer interval
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4011)
2017-09-06 08:30:00 +02:00
Richard Levitte
607f4d564f Fix OpenSSL::Test::Utils::config to actualy load the config data
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4319)
2017-09-01 22:52:30 +02:00
Matt Caswell
4130016623 Fix Proxy where a timeout occurs waiting for both client and server
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4305)
2017-09-01 08:47:14 +01:00
Rich Salz
ed6b2c7938 Add CRYPTO_thread_glock_new
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4294)
2017-08-31 19:42:03 -04:00
Richard Levitte
721614a2b2 OpenSSL::Test::__fixup_prg: don't check program existence
The program will fail to run if it doesn't exist anyway, no need to
check its existence here.

Fixes #4306

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4309)
2017-08-31 19:36:00 +02:00
Richard Levitte
e66b62b86e util/mkdef.pl: handle line terminators correctly
When parsing the header files, mkdef.pl didn't clear the line
terminator properly.  In most cases, this didn't matter, but there
were moments when this caused parsing errors (such as CRLFs in certain
cases).

Fixes #4267

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4304)
2017-08-31 19:20:30 +02:00
Matt Caswell
67738645dc Add functions for getting/setting SNI/ALPN info in SSL_SESSION
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:03:34 +01:00
Matt Caswell
98e1d93454 Add SSL_SESSION_set_max_early_data()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
2017-08-31 15:02:58 +01:00
Paul Yang
50966bfa11 Introduce SSL_CIPHER_get_protocol_id
The returned ID matches with what IANA specifies (or goes on the
wire anyway, IANA notwithstanding).

Doc is added.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4107)
2017-08-30 14:01:13 -05:00
Jon Spillett
bc32673869 Implement Aria GCM/CCM Modes and TLS cipher suites
AEAD cipher mode implementation is based on that used for AES:

  https://tools.ietf.org/html/rfc5116

TLS GCM cipher suites as specified in:

  https://tools.ietf.org/html/rfc6209

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4287)
2017-08-30 12:33:53 +02:00
Kurt Roeckx
0b14a5b7cc Don't auto-instantiate a DRBG when trying to use it and it's not
The one creating the DRBG should instantiate it, it's there that we
know which parameters we should use to instantiate it.

This splits the rand init in two parts to avoid a deadlock
because when the global drbg is created it wands to call
rand_add on the global rand method.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #4268
2017-08-28 23:15:52 +02:00
Dr. Matthias St. Pierre
4871fa49cd RAND: Rename the RAND_poll_ex() callback and its typedef
With the introduction of RAND_poll_ex(), the `RAND_add()` calls were
replaced by meaningless cb(...). This commit changes the 'cb(...)'
calls back to 'rand_add(...)' calls by changing the signature as follows:

-int RAND_poll_ex(RAND_poll_fn cb, void *arg);
+int RAND_poll_ex(RAND_poll_cb rand_add, void *arg);

Changed the function typedef name to 'RAND_poll_cb' to emphasize the fact
that the function type represents a callback function.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4266)
2017-08-28 08:52:02 -04:00
Paul Yang
43f985fdbf Document missing EVP_PKEY_method_* items
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4104)
2017-08-21 11:47:17 -04:00
FdaSilvaYY
a303e9a6a8 fix some typos
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4172)
2017-08-16 10:36:34 -04:00
Benjamin Kaduk
0aed6e449d Add SSL_get_pending_cipher()
The existing function SSL_get_current_cipher() queries the
current session for the ciphersuite in use, but there is no way
for application code to determine what ciphersuite has been
negotiated and will be used in the future, prior to ChangeCipherState
(or the TLS 1.3 equivalent) causing the new cipher to take effect and
become visible in the session information.  Expose this information
to appropriate application callbacks to use during the handshake.

The name SSL_get_pending_cipher() was chosen for compatibility with
BoringSSL's routine of that name.

Improve the note on macro implementations in SSL_get_current_cipher.pod
while here.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4070)
2017-08-15 10:52:21 -05:00
Richard Levitte
e1a4ff7678 Add ERR_clear_last_mark()
This allows callers to set a mark, and then clear it without removing
the errors.  Useful in case an error is encountered that should be
returned up the call stack.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4094)
2017-08-15 14:26:12 +02:00
Richard Levitte
8d2214c0a4 File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-15 11:31:18 +02:00
Richard Levitte
cb6afcd6ee Consolidate the locations where we have our internal perl modules
Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-15 11:30:47 +02:00
Rich Salz
e75138abea Doc fixes
Write missing prime.pod and srp.pod
Implement -c in find-doc-nits (for command options)
Other fixes to some manpages
Use B<-I<digest|cipher>> notation
Split up multiple flags into a single entry in the synopsis.
Add -1 and missing-help to list command.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4144)
2017-08-14 09:32:07 -04:00
Andy Polyakov
cd8d1456c9 Add EVP_DigestFinalXOF, interface to extendable-output functions, XOFs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4137)
2017-08-12 12:20:06 +02:00
FdaSilvaYY
44e6995155 Fix some Typos and indents
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4108)
2017-08-11 10:16:33 -04:00
Rich Salz
8d50b9c15a Add -d flag to list -u details (now normally off)
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4125)
2017-08-09 12:25:35 -04:00
Matt Caswell
07927bedf3 Add an SSL_SESSION_dup() function
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4072)
2017-08-09 13:37:06 +10:00
Johannes Bauer
cefa762ee5 Add interface to the scrypt KDF by means of PKEY_METHOD
Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD.
This fixes #4021 (at least for the scrypt portion of the issue).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4026)
2017-08-08 15:44:49 +01:00
Todd Short
cf37aaa335 Consolidate to a single asn1_time_from_tm() function
Add missing ASN1_TIME functions

Do some cleanup of the ASN1_TIME code.
Add ASN1_TIME_normalize() to normalize ASN1_TIME structures.
Add ASN1_TIME_compare() to compare two ASN1_TIME structures.
Add ASN1_TIME_cmp_time_t() to compare an ASN1_TIME to time_t
(generic version of ASN1_UTCTIME_cmp_time_t()).

Replace '0' .. '9' compares with isdigit()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2753)
2017-08-04 11:24:03 +10:00
Rich Salz
ddc6a5c8f5 Add RAND_priv_bytes() for private keys
Add a new global DRBG for private keys used by RAND_priv_bytes.

Add BN_priv_rand() and BN_priv_rand_range() which use RAND_priv_bytes().
Change callers to use the appropriate BN_priv... function.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4076)
2017-08-03 10:45:17 -04:00
Rich Salz
ae3947de09 Add a DRBG to each SSL object
Give each SSL object it's own DRBG, chained to the parent global
DRBG which is used only as a source of randomness into the per-SSL
DRBG.  This is used for all session, ticket, and pre-master secret keys.
It is NOT used for ECDH key generation which use only the global
DRBG. (Doing that without changing the API is tricky, if not impossible.)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4050)
2017-08-03 10:24:03 -04:00
Rich Salz
75e2c87765 Switch from ossl_rand to DRBG rand
If RAND_add wraps around, XOR with existing. Add test to drbgtest that
does the wrap-around.

Re-order seeding and stop after first success.

Add RAND_poll_ex()

Use the DF and therefore lower RANDOMNESS_NEEDED.  Also, for child DRBG's,
mix in the address as the personalization bits.

Centralize the entropy callbacks, from drbg_lib to rand_lib.
(Conceptually, entropy is part of the enclosing application.)
Thanks to Dr. Matthias St Pierre for the suggestion.

Various code cleanups:
    -Make state an enum; inline RANDerr calls.
    -Add RAND_POLL_RETRIES (thanks Pauli for the idea)
    -Remove most RAND_seed calls from rest of library
    -Rename DRBG_CTX to RAND_DRBG, etc.
    -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the
     implementation of NIST DRBG.
    -Remove blocklength

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4019)
2017-08-03 09:23:28 -04:00
Dr. Stephen Henson
5f9602eb15 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4015)
2017-07-29 23:04:36 +01:00
Bernd Edlinger
4dae7cd3f0 Implement the CRYPTO_secure_clear_free function
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4044)
2017-07-29 19:26:06 +02:00
Paul Yang
190b9a03b7 Make SSL_set_tlsext_host_name no effect from server side
Documentation and test cases are also updated

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3783)
2017-07-28 11:51:59 -04:00
Richard Levitte
102c9e1296 Perl: Use File::Glob::bsd_glob rather than File::Glob::glob
File::Glob::glob is deprecated, it's use generates this kind of
message:

    File::Glob::glob() will disappear in perl 5.30. Use File::Glob::bsd_glob() instead. at ../master/Configure line 277.

So instead, use a construction that makes the caller glob() use
File::Glob::bsd_glob().

Note that we're still excluding VMS, as it's directory specs use '['
and ']', which have a different meaning with bsd_glob and would need
some extra quoting.  This might change, but later.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4040)
2017-07-28 14:45:17 +02:00
Hubert Kario
e15c95ce85 make scrypt ASN.1 parameter functions public
Since scrypt PBKDF can be used both in PKCS#5 and PKCS#12 files,
do share the code between them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1334)
2017-07-26 15:04:54 -04:00
Paul Yang
7b608d0828 Add test cases and docs for ASN1_STRING_TABLE_* functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3998)
2017-07-26 20:06:51 +02:00
Todd Short
a58eb06d52 Add support to free/allocate SSL buffers
OpenSSL already has the feature of SSL_MODE_RELEASE_BUFFERS that can
be set to release the read or write buffers when data has finished
reading or writing. OpenSSL will automatically re-allocate the buffers
as needed. This can be quite aggressive in terms of memory allocation.

This provides a manual mechanism. SSL_free_buffers() will free
the data buffers if there's no pending data. SSL_alloc_buffers()
will realloc them; but this function is not strictly necessary, as it's
still done automatically in the state machine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2240)
2017-07-26 11:42:17 -04:00
Andy Polyakov
91ce87c0d5 Add evp/m_sha3.c.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3943)
2017-07-25 21:40:23 +02:00
Paul Yang
bbb4ceb86e Support converting cipher name to RFC name and vice versa
Fixes: issue #3747

make SSL_CIPHER_standard_name globally available and introduce a new
function OPENSSL_cipher_name.

A new option '-convert' is also added to 'openssl ciphers' app.

Documentation and test cases are added.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3859)
2017-07-21 07:20:14 +10:00
Rich Salz
12fb8c3d2d Add DRBG random method
Ported from the last FIPS release, with DUAL_EC and SHA1 and the
self-tests removed.  Since only AES-CTR is supported, other code
simplifications were done.  Removed the "entropy blocklen" concept.

Moved internal functions to new include/internal/rand.h.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3789)
2017-07-19 03:25:16 -04:00
Rich Salz
e90fc053c3 Don't use "version" in "OpenSSL Version 1.1.0" etc
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3938)
2017-07-16 17:28:41 -04:00
Matt Caswell
07ff590f8f Update the version number for TLSv1.3 draft 21
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
Rich Salz
a95d7574db Various doc fixes
Fix a =head1 section name
Fix a typo in POD label
Remove a spurious =back
Add a missing blank line
Avoid 'legacy' -- use 'deprecated' if still needed if we cannot just reword.
Always do strict checking
Do not warn about missing "RETURN VALUES" unless -s is set.
Change OpenSSL version 1.1 -> 1.1.0

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3830)
2017-07-03 10:40:33 -04:00
Richard Levitte
48feaceb53 Remove the possibility to disable the UI module entirely
Instead, make it possible to disable the console reader that's part of
the UI module.  This makes it possible to use the UI API and other UI
methods in environments where the console reader isn't useful.

To disable the console reader, configure with 'no-ui-console' /
'disable-ui-console'.

'no-ui' / 'disable-ui' is now an alias for  'no-ui-console' /
'disable-ui-console'.

Fixes #3806

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3820)
2017-07-03 07:51:04 +02:00
Rich Salz
2915fe19a6 Add fork handlers, based on pthread_atfork
Only for Unix platforms

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3754)
2017-06-29 16:19:41 -04:00
Richard Levitte
0e288c2af2 util/mkdef.pl: Make symbol version processing Linux only
For Windows, we care which way it is, the resulting file is just a pile
of symbols.  For VMS, we really need to care about the numeric ordering,
and getting the symbols sorted by symbol version too didn't agree with
that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)
2017-06-29 21:19:53 +02:00
Richard Levitte
9c06cf04ee util/mkdef.pl: Add UNIX as a platform
This allows us to guard Unix specific functions with
#ifndef / #ifdef OPENSSL_SYS_UNIX

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)
2017-06-29 21:19:53 +02:00
Richard Levitte
f91ded1fc4 STORE: add ENGINE information to loaders
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
71a5516dcc Add the STORE module
This STORE module adds the following functionality:

- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
  that accesses a URI and helps loading the supported objects (PKEYs,
  CERTs and CRLs for the moment) from it.
- An opaque type OSSL_STORE_INFO that holds information on each loaded
  object.
- A few functions to retrieve desired data from a OSSL_STORE_INFO
  reference.
- Functions to register and unregister loaders for different URI
  schemes.  This enables dynamic addition of loaders from applications
  or from engines.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
0ffdaebf9a util/mkerr.pl: avoid getting an annoying warning about negative count
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3781)
2017-06-27 14:49:06 +02:00
Richard Levitte
4b2799c13c util/mkerr.pl: allow module names prefixed with OSSL_ or OPENSSL_
To make sure that our symbols don't clash with other libraries, we
claim the namespaces OSSL and OPENSSL.  Because C doesn't provide
namespaces, the only solution is to have them as prefixes on symbols,
thus we allow OSSL_ and OPENSSL_ as prefixes.

These namespace prefixes are optional for the foreseeable future, and
will only be used for new modules as needed on a case by case basis,
until further notice.

For extra safety, there's an added requirement that module names -
apart from the namespace prefix - be at least 2 characters long.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3781)
2017-06-27 14:49:06 +02:00
Benjamin Kaduk
d499a3e185 Add constants for TLS 1.3 SignatureScheme values
Put them into the TLSProxy::Message namespace along with the extension
type constants.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3326)
2017-06-24 19:25:43 -05:00
Sascha Steinbiss
db17e43d88 Add OCSP_resp_get1_id() accessor
Adding a get1 style accessor as brought up in mailing list post
https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.html

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1876)
2017-06-21 15:01:54 -04:00
Matt Caswell
8ead6158a9 Document SSL_set_psk_find_session_callback() and SSL_CTX equivalent
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21 14:45:36 +01:00
Matt Caswell
93a048a1d8 Document SSL_set_psk_use_session_callback() and SSL_CTX equivalent
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21 14:45:35 +01:00
Matt Caswell
5a43d5119e Add SSL_SESSION_set_protocol_version()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21 14:45:35 +01:00
Matt Caswell
1a993d1d56 Add SSL_SESSION_set_cipher()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21 14:45:35 +01:00
Matt Caswell
911d63f261 Add SSL_SESSION_set1_master_key()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21 14:45:35 +01:00
Matt Caswell
ba4df68286 Add a function to get the handshake digest for an SSL_CIPHER
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21 14:45:35 +01:00
Matt Caswell
f46184bd90 Add public API functions for setting TLSv1.3 PSK callbacks
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21 14:45:35 +01:00
Richard Levitte
979874a208 Rework writing crypto/err/openssl.txt
Reading the prologue of this file conserved the "# Function codes"
line, and then duplicated it when rewriting this file, adding a new
"# Function codes" line everytime there's an update.

Better then to skip over all comment lines and have the prologue
defined in mkerr.pl, just the same as we do with the other affected
files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3664)
2017-06-13 00:32:05 +02:00
Richard Levitte
964ff301d6 Add -module option to util/mkerr.pl
Sometimes, one might only want to rework a subset of all the internal
error codes.  -module allows the caller to specify exactly which
library modules to rewrite.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3662)
2017-06-12 22:35:28 +02:00
Rich Salz
5816586ba4 Put message strings in state files
Add "*" as indicator meaning the function/reason is removed, so put an
empty string in the function/reason string table; this preserves backward
compatibility by keeping the #define's.

In state files, trailing backslash means text is on the next line.

Add copyright to state files

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3640)
2017-06-12 15:03:40 -04:00
Benjamin Kaduk
193b5d769c Add SSL_early_get1_extensions_present()
It is an API to be used from the early callback that indicates what
extensions were present in the ClientHello, and in what order.
This can be used to eliminate unneeded calls to SSL_early_get0_ext()
(which itself scales linearly in the number of extensions supported
by the library).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2976)
2017-06-12 09:31:47 +01:00
Rich Salz
5c718b9e46 Remove leading space-before-tab
Reviewed-by: Kurt Roceckx <kurt@openssl.org>
2017-06-11 17:10:30 -04:00
Rich Salz
04e62715db Introduce ASN1_TIME_set_string_X509 API
Make funcs to deal with non-null-term'd string
in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm().

Fixes issue #3444.

This one is used to enforce strict format (RFC 5280) check and to
convert GeneralizedTime to UTCTime.

apps/ca has been changed to use the new API.

Test cases and documentation are updated/added

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3566)
2017-06-11 16:36:07 -04:00
Rich Salz
9a2dfc0feb List undocumented macros
The search is approximate; look only for those that look like
functions.

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3641)
2017-06-08 17:23:21 -04:00
Rich Salz
1722496fca Remove doc of non-existent functions
Fix test for "documenting private functions"
And add -p flag to doc-nits recipe
Mark when things were deprecated, if doc'd as such

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3624)
2017-06-08 15:18:38 -04:00
Todd Short
1c036c6443 Fix #340: Parse ASN1_TIME to struct tm
This works with ASN1_UTCTIME and ASN1_GENERALIZED_TIME

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3378)
2017-06-08 13:19:13 +01:00
Rich Salz
52df25cf2e make error tables const and separate header file
Run perltidy on util/mkerr
Change some mkerr flags, write some doc comments
Make generated tables "const" when genearting lib-internal ones.
Add "state" file for mkerr
Renerate error tables and headers
Rationalize declaration of ERR_load_XXX_strings
Fix out-of-tree build
Add -static; sort flags/vars for options.
Also tweak code output
Moved engines/afalg to engines (from master)
Use -static flag
Standard engine #include's of errors
Don't linewrap err string tables unless necessary

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3392)
2017-06-07 15:12:03 -04:00
Rich Salz
274d1beea2 Add -p (public only) flag to find-doc-nits
Report if any non-public items are documented.
Add util/private.num that lists items that aren't in the public
(lib*.num) files that we do want to document.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3603)
2017-06-01 16:26:26 -04:00
Richard Levitte
545360c4df Add UI functionality to duplicate the user data
This can be used by engines that need to retain the data for a longer time
than just the call where this user data is passed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3575)
2017-05-31 19:00:24 +02:00
Matt Caswell
142463c937 Wait longer for the server in TLSProxy to start
In a recent PR (#3566) it seems that TLSProxy gave up trying to connect to
the server process too quickly. This meant the test failed even though the
server *did* eventually start. Currently we try 3 times to connect with a
0.1 second pause between each attempt. That is probably too aggressive.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3587)
2017-05-31 11:26:49 +01:00
Rich Salz
2bcb232ebe Add stricter checking in NAME section
Require a comma between every name and a single space before the dash

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3559)
2017-05-29 19:17:40 -04:00
Matt Caswell
b72668a0d3 Fix a Proxy race condition
Issue #3562 describes a problem where a race condition can occur in the
Proxy such that a test "ok" line can appear in the middle of other text
causing the test harness to miss it. The issue is that we do not wait for
the client process to finish after the test is complete, so that process may
continue to write data to stdout/stderr at the same time that the test
harness does.

This commit fixes TLSProxy so that we always wait for the client process to
finish before continuing.

Fixes #3562

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3567)
2017-05-26 19:08:13 +01:00
Dr. Stephen Henson
c2bdf05f4b make update
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3409)
2017-05-11 12:59:25 +01:00
Matt Caswell
5e3766e2f1 Add test for no change following an HRR
Verify that we fail if we receive an HRR but no change will result in
ClientHello2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3414)
2017-05-09 17:23:58 +01:00
Benjamin Kaduk
7671342e55 Add PEM_bytes_read_bio_secmem()
Split the PEM_bytes_read_bio() implementation out into a
pem_bytes_read_bio_flags() helper, to allow it to pass PEM_FLAG_SECURE
as needed.  Adjust the cleanup to properly use OPENSSL_secure_free()
when needed, and reimplement PEM_bytes_read() as a wrapper around
the _flags helper.

Add documentation for PEM_bytes_read_bio() and the new secmem variant.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
2017-05-08 21:20:31 +02:00
Benjamin Kaduk
204afd81b1 Add PEM_read_bio_ex
The extended function includes a 'flags' argument to allow callers
to specify different requested behaviors.  In particular, callers can
request that temporary storage buffers are allocated from the secure heap,
which could be relevant when loading private key material.

Refactor PEM_read_bio to use BIO_mems instead of BUFs directly,
use some helper routines to reduce the overall function length, and make
some of the checks more reasonable.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
2017-05-08 21:17:28 +02:00
Rich Salz
37192a92d7 Fix curly braces on util/mkrc.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3368)
2017-05-03 14:16:58 -04:00
Rich Salz
199b246061 Run perltidy, use strict+warnings on mkrc.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3368)
2017-05-03 14:16:58 -04:00
Rich Salz
5038e325f7 Perltidy ck_errf
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3368)
2017-05-03 14:16:58 -04:00
Rich Salz
ce1e11bc6f Remove some unused scripts
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3368)
2017-05-03 14:16:58 -04:00
Matt Caswell
198d5021ae Update the TLSv1.3 version indicator for draft-20
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3371)
2017-05-03 17:23:02 +01:00
Matt Caswell
84c34ba876 Extend the SERVERINFO file format to include an extensions context
This enables us to know what messages the extensions are relevant for in
TLSv1.3. The new file format is not compatible with the previous one so
we call it SERVERINFOV2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
2017-05-03 14:37:42 +01:00
Marek Klein
f0ef20bf38 Added support for ESSCertIDv2
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/771)
2017-05-03 09:04:23 +02:00
Todd Short
c649d10d3f TLS1.3 Padding
Add padding callback for application control
Standard block_size callback
Documentation and tests included
Configuration file/s_client/s_srver option

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3130)
2017-05-02 09:44:43 +01:00
Richard Levitte
46d5e2b42e TLSProxy: When in debug mode, show the exact subprocess commands
When you want to debug a test that goes wrong, it's useful to know
exactly what subprocess commands are run.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3342)
2017-04-28 09:20:05 +02:00
Matt Caswell
e586eac885 Add support for SSL_SESSION_is_resumable()
Provide a way to test whether the SSL_SESSION object can be used to resume a
sesion or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
2017-04-26 16:42:29 +01:00
Dr. Stephen Henson
b69ae442a3 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
2017-04-25 22:12:35 +01:00
Dmitry Belyavskiy
b5c4209be9 Switch command-line utils to new nameopt API.
The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO_printf
Testing cyrillic output of X509_CRL_print_ex
Write and use X509_CRL_print_ex
Reduce usage of X509_NAME_online
Using X509_REQ_print_ex instead of X509_REQ_print
Fix nameopt processing.
Make dump_cert_text nameopt-friendly
Move nameopt getter/setter to apps/apps.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3262)
2017-04-25 12:37:17 -04:00
Matt Caswell
5114d8227e Add a BIO_lookup_ex() function
The existing BIO_lookup() wraps a call to getaddrinfo and provides an
abstracted capability to lookup addresses based on socket type and family.
However it provides no ability to lookup based on protocol. Normally,
when dealing with TCP/UDP this is not required. However getaddrinfo (at
least on linux) never returns SCTP addresses unless you specifically ask
for them in the protocol field. Therefore BIO_lookup_ex() is added which
provides the protocol field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Richard Levitte
20626cfd58 Add CRYPTO_mem_leaks_cb
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Rich Salz
cad3f9dacb Add -f -r flags to find-unused-errs
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3230)
2017-04-16 07:57:12 -04:00
Richard Levitte
f120fa1efe Fix util/mkdef.pl
The deprecation checking code here didn't work the same way as in
Configure, and used $config{options} to find an --api= option that
was never there.  This is replaced with checking $config{api}, which
is the controlling variable for deprecation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Richard Levitte
676cc3a67f Act on deprecation of LONG and ZLONG, step 3
Teach util/mkdef.pl to recognise these lines:

    #if OPENSSL_API_COMPAT < 0xXXXXXXXXL

    #if OPENSSL_API_COMPAT >= 0xXXXXXXXXL

and add corresponding markers in util/*.num

A final 'make update' sets those markers right for LONG and ZLONG.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Richard Levitte
64f11ee888 Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:10:59 +02:00
Rich Salz
2f61bc2ea3 Use 'over 2' for bullet lists.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
2017-04-07 13:48:19 -04:00
Rich Salz
e1271ac221 Standardize on =over 4 and check for it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
2017-04-07 13:30:04 -04:00
Rich Salz
5a3371e221 Check for L<foo|foo>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
2017-04-07 13:30:04 -04:00
Matt Caswell
43ae5eed6f Implement a new custom extensions API
The old custom extensions API was not TLSv1.3 aware. Extensions are used
extensively in TLSv1.3 and they can appear in many different types of
messages. Therefore we need a new API to be able to cope with that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Richard Levitte
5c7e65486c make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Richard Levitte
93f7d6fc10 Implement internal ASN.1 types INT32, UINT32, INT64, UINT64
Also Z varieties.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Dr. Stephen Henson
8edb4ee1a2 update ordinals
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
2017-04-03 23:47:22 +01:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
Rich Salz
3ba4dac67a Look for comma before - in POD pages
[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3021)
2017-03-23 13:18:31 -04:00
Richard Levitte
5d5835219e Fix find-doc-nits: { is significant in regexps
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3019)
2017-03-23 15:09:41 +01:00
Matt Caswell
c35cb287cb Add some HRR tests
Check that we handle changes of ciphersuite between HRR and ServerHello
correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
11c67eeaf4 HelloRetryRequest updates for draft-19
Draft-19 changes the HRR transcript hash so that the initial ClientHello
is replaced in the transcript with a special synthetic message_hash message
that just contains a hash of ClientHello1 as its message body.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
e984b535d9 Update the TLSv1.3 version indicator for draft-19
This change will mean we will lose interoperability with draft-18
implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Benjamin Kaduk
b00d5407b5 Remove unused typedefs from indent config
Some things were not removed from util/indent.pro when they were removed
from the code.

grep '^-T' util/indent.pro | awk '{print $2} > /tmp/a
grep -rF -f /tmp/a --exclude CHANGES --exclude 'INSTALL' --exclude 'LICENSE' --exclude 'NEWS' --exclude 'NOTES*' --exclude 'README*' --exclude indent.pro --exclude-dir corpora -o -h *|sort|uniq>/tmp/b
comm -23 <(sort /tmp/a) /tmp/b >/tmp/c
grep -v -E '(LHASH_OF|STACK_OF)' /tmp/c > /tmp/d
grep -v -Ff /tmp/d util/indent.pro > util/indent.pro

Manually adjusted to retain time_t and the ossl_*intmax_t types.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)
2017-03-16 11:39:34 +01:00
Benjamin Kaduk
f775245245 Remove some unused PEM structures
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)
2017-03-16 11:39:34 +01:00
Richard Levitte
26721d3212 Forgotten 'make update'
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-15 21:20:11 +01:00
Matt Caswell
db0e0abb88 Fix a hang in tests that use sessionfile
The logic for testing whether the sessionfile has been created or not
was faulty and could result in race conditions. If you "lose" the tests
hang waiting for a session file that's never going to arrive.

Fixes #2950

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2955)
2017-03-15 11:23:57 +00:00
Richard Levitte
1ae4c07e50 VMS: don't use /DSF, turn off CALL_DEBUG instead
It turns out that /DSF didn't do any good for our purposes.  Instead,
remove the CALL_DEBUG flag from any image we link.  This ensures that
we can have debugging information in the image files, but don't
automatically end up in a debugging session upon image activation.

Unfortunately, this means the CALL_DEBUG must be turned on when there
is a need to run with the debugger activated, and to turn it off when
done.  This has been documented in NOTES.VMS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2957)
2017-03-15 03:09:57 +01:00
Richard Levitte
a74db02a2e VMS: throw away [.util]shareable_image_wrap.c.in and add replacement scripts
[.util]shareable_image_wrap.c.in was never useful because lib$spawn()
insisted on combining stdout and stderr into one.

Instead, we introduce two scripts that create and destroy a temporary
environment where the local shareable images become available,
[.util]local_shlib.com and [.util]unlocal_shlib.com.  They also define
DBG$IMAGE_DSF_PATH, which is require so the debugger can find the Debug
Symbol Files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2947)
2017-03-14 22:27:17 +01:00
Rich Salz
d4ea9659d9 Fix some doc nits
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2909)
2017-03-12 08:27:30 -04:00
Rich Salz
9e183d2271 Fix many doc L<> errors
Add 2017 copyright year
Add missing typedef to NAME
Remove ec(7) and bn(7) doc links
Remove .pod link errors, bogus links, make a few typo corrections
Fix some typo's in links and some missing items.
Don't link to C runtime functions (See OPENSSL_malloc for example/precedent)
Document ASN1_tag2str(), add a few typedef's that were missing from NAME
Update doc-nits target; addresses
    https://github.com/openssl/openssl/pull/1900#issuecomment-259943891,
Merge check-doc-links into find-doc-nits; if run regularly, would have found
    https://github.com/openssl/openssl/pull/2825

    Reviewed-by: Richard Levitte <levitte@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2862)
2017-03-11 08:56:44 -05:00
Matt Caswell
717afd9337 Add a test to check that if a PSK extension is not last then we fail
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2896)
2017-03-10 15:29:24 +00:00
Richard Levitte
579a674533 util/process_docs.pl: make it possible to add a suffix to man docs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2863)
2017-03-06 21:38:19 +01:00
Matt Caswell
ee7002266c Add a test for TLSv1.3 cookies
We just check that if we insert a cookie into an HRR it gets echoed back
in the subsequent ClientHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2839)
2017-03-04 23:39:00 +00:00
Matt Caswell
0665b4edae Rename SSL_write_early() to SSL_write_early_data()
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
f533fbd44a Rename SSL_read_early() to SSL_read_early_data()
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
3eaa417095 Make SSL_write_early_finish() an internal only function
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
fcc4757823 Add a SSL_SESSION_get_max_early_data() function
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
1ea4d09a3c Construct the server side early_data extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
d781d247d1 Provide an SSL_read_early() function for reading early data
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
49e7fe12ea Provide functions to write early data
We provide SSL_write_early() which *must* be called first on a connection
(prior to any other IO function including SSL_connect()/SSL_do_handshake()).
Also SSL_write_early_finish() which signals the end of early data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:14 +00:00
Matt Caswell
3fc8d85610 Construct the ticket_early_data_info extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:14 +00:00
Richard Levitte
77baccd7fa Code health: make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2793)
2017-02-28 20:16:56 +01:00
Richard Levitte
96bc5d03b8 Code health: Remove VAX exceptions in util/mkdef.pl
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2793)
2017-02-28 20:16:56 +01:00
Emilia Kasper
8a05d6bb26 More Configure cleanup. Remove
- util/incore
- util/fipslink.pl
- the unused "baseaddr" configure switch

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:56 +01:00
Richard Levitte
57d0d048a8 Add a null UI method
There are cases when, if you pass a NULL UI_METHOD, the called
function will use an internal default.  This is well and good, but
there may be cases when this is undesirable and one would rather send
in a UI that does absolutely nothing (sort of a /dev/null).  UI_null()
is the UI_METHOD for this purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2744)
2017-02-26 01:00:26 +01:00
Benjamin Kaduk
6b1bb98fad Add SSL_CTX early callback
Provide a callback interface that gives the application the ability
to adjust the nascent SSL object at the earliest stage of ClientHello
processing, immediately after extensions have been collected but
before they have been processed.

This is akin to BoringSSL's "select_certificate_cb" (though it is not
API compatible), and as the name indicates, one major use is to examine
the supplied server name indication and select what certificate to
present to the client.  However, it can also be used to make more
sweeping configuration changes to the SSL object according to the
selected server identity and configuration.  That may include adjusting
the permitted TLS versions, swapping out the SSL_CTX object (as is
traditionally done in a tlsext_servername_callback), changing the
server's cipher list, and more.

We also wish to allow an early callback to indicate that it needs to perform
additional work asynchronously and resume processing later.  To that effect,
refactor the second half of tls_process_client_hello() into a subroutine to be
called at the post-processing stage (including the early callback itself), to
allow the callback to result in remaining in the same work stage for a later
call to succeed.  This requires allocating for and storing the CLIENTHELLO_MSG
in the SSL object to be preserved across such calls, but the storage is
reclaimed after ClientHello processing finishes.

Information about the CliehtHello is available to the callback by means of
accessor functions that can only be used from the early callback.  This allows
extensions to make use of the existing internal parsing machinery without
exposing structure internals (e.g., of PACKET), so that applications do not
have to write fragile parsing code.

Applications are encouraged to utilize an early callback and not use
a servername_callback, in order to avoid unexpected behavior that
occurs due to the relative order of processing between things like
session resumption and the historical servername callback.

Also tidy up nearby style by removing unnecessary braces around one-line
conditional bodies.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:26 +01:00
Benjamin Kaduk
ccb8e6e0b1 Export SSL_bytes_to_cipher_list()
Move ssl_bytes_to_cipher_list() to ssl_lib.c and create a public
wrapper around it.  This lets application early callbacks easily get
SSL_CIPHER objects from the raw ciphers bytes without having to
reimplement the parsing code.  In particular, they do not need to
know the details of the sslv2 format ClientHello's ciphersuite
specifications.

Document the new public function, including the arguably buggy behavior
of modifying the supplied SSL object.  On the face of it, such a function
should be able to be pure, just a direct translation of wire octets to
internal data structures.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:25 +01:00
Pauli
d42d0a4dc7 Implementation of the ARIA cipher as described in RFC 5794.
This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)
2017-02-21 11:51:45 +01:00
Matt Caswell
53d1d07d30 Add a SSL_get_key_update_type() function
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
Matt Caswell
44c04a2e06 Provide a function to send a KeyUpdate message
This implements the server side KeyUpdate sending capability as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
Matt Caswell
0adb641740 Update TLSProxy to know about HelloRetryRequest messages
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
2017-02-14 13:14:25 +00:00
Matt Caswell
38f5c30b31 Update the key_share tests for HelloRetryRequest
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
2017-02-14 13:14:25 +00:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Dr. Stephen Henson
377c5e98cb make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
2017-01-30 13:00:17 +00:00
Matt Caswell
1c361b4a39 Add a capability for TLSProxy to wait for a session before killing s_client
TLSProxy normally fires off s_client, which creates a connection to the
server. TLSProxy also pipes some data to send to the process and s_client
automatically exits when the pipe hits eof. Unfortunately this means that
it sends the data and closes before it has processed the NewSessionTicket
returned from the server in TLSv1.3. This commits adds an option for
s_client to stay loaded until the sesion has been processed. A side effect
of this is that s_client never sends a close_notify in this mode, so we
count success as seeing that data has been transferred.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:22 +00:00
Matt Caswell
b2f7e8c0fe Add support for the psk_key_exchange_modes extension
This is required for the later addition of resumption support.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:17:49 +00:00
Richard Levitte
2650515394 Better check of DH parameters in TLS data
When the client reads DH parameters from the TLS stream, we only
checked that they all are non-zero.  This change updates the check to
use DH_check_params()

DH_check_params() is a new function for light weight checking of the p
and g parameters:

    check that p is odd
    check that 1 < g < p - 1

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2017-01-26 10:54:01 +00:00
Todd Short
52ad5b60e3 Add support for Poly1305 in EVP_PKEY
Add Poly1305 as a "signed" digest.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2128)
2017-01-24 15:40:37 +01:00
Cory Benfield
2faa1b48fd Add support for key logging callbacks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1646)
2017-01-23 17:07:43 +01:00
Bernd Edlinger
57a19206b5 Check the exit code from the server process
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2205)
2017-01-23 11:30:21 +01:00
FdaSilvaYY
31a51151fc Clean dead macros and defines
... mostly related to some old discarded modules .

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)
2017-01-18 15:19:24 +01:00
Rich Salz
329f2f4a42 GH2176: Add X509_VERIFY_PARAM_get_time
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)
2017-01-12 09:54:09 -05:00
Richard Levitte
3ab3c8cb27 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
2017-01-11 18:27:27 +01:00
Matt Caswell
357d096a29 Teach TLSProxy how to re-encrypt a TLSv1.3 message after changes
This enables us to make changes to in-flight TLSv1.3 messages that appear
after the ServerHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
79d8c16785 Extend ServerKeyExchange parsing to work with a signature
Previously SKE in TLSProxy only knew about one anonymous ciphersuite so
there was never a signature. Extend that to include a ciphersuite that is
not anonymous. This also fixes a bug where the existing SKE processing was
checking against the wrong anon ciphersuite value. This has a knock on
impact on the sslskewith0p test. The bug meant the test was working...but
entirely by accident!

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
adb403dea9 Teach TLSProxy about the CertificateVerify message
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Rich Salz
121677b487 Doc nits: callback function typedefs
Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
2017-01-09 16:09:50 -05:00
Dr. Stephen Henson
d53b1dd448 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:50 +00:00
Matt Caswell
e96e0f8e42 Create Certificate messages in TLS1.3 format
Also updates TLSProxy to be able to understand the format and parse the
contained extensions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
2017-01-06 10:25:13 +00:00
Matt Caswell
397f4f7876 Add a test to check the EC point formats extension appears when we expect
The previous commit fixed a bug where the EC point formats extensions did
not appear in the ServerHello. This should have been caught by
70-test_sslmessages but that test never tries an EC ciphersuite. This
updates the test to do that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
2016-12-29 13:32:54 +00:00
Rich Salz
a47bc28317 Add X509_VERIFY_PARAM inheritance flag set/get
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)
2016-12-13 14:30:21 -05:00
Rich Salz
3dfda1a636 Fix various doc nits.
find-doc-nits warns if you don't give a "what to do flag"
Don't use regexps for section names, just strings:  More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)
2016-12-13 12:12:35 -05:00
Matt Caswell
9615387408 Fix various indentation
The indentation was a bit off in some of the perl files following the
extensions refactor.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:35 +00:00
Matt Caswell
a1448c26d2 Remove some spurious whitespace
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:22 +00:00
Matt Caswell
d70bde8805 Fix a bug in TLSProxy where zero length messages were not being recorded
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:38 +00:00
Matt Caswell
efab1586e0 Support renegotiation in TLSProxy
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:22 +00:00
Matt Caswell
9ce3ed2a58 Add tests for new extension code
Extend test_tls13messages to additionally check the expected extensions
under different options given to s_client/s_server.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:16 +00:00
Matt Caswell
70af3d8ed7 Avoid repeatedly scanning the list of extensions
Because extensions were keyed by type which is sparse, we were continually
scanning the list to find the one we wanted. The way we stored them also
had the side effect that we were running initialisers/finalisers in a
different oder to the parsers. In this commit we change things so that we
instead key on an index value for each extension.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:56 +00:00
Matt Caswell
e46f233444 Add EncryptedExtensions message
At this stage the message is just empty. We need to fill it in with
extension data.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:12 +00:00
Matt Caswell
71728dd8aa Send and Receive a TLSv1.3 format ServerHello
There are some minor differences in the format of a ServerHello in TLSv1.3.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:16:23 +00:00
Matt Caswell
b4c6e37e74 Add more TLS1.3 record tests
Add some tests for the new record construction

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00