Commit graph

17649 commits

Author SHA1 Message Date
Dr. Stephen Henson
ec24630ae2 Modify TLS support for new X25519 API.
When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
3bca6c2731 Add encoded points to other EC curves too.
Add encoded point ctrl support for other curves: this makes it possible
to handle X25519 and other EC curve point encoding in a similar way
for TLS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
c06f2aaa08 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
5d6aaf8a9d Add point ctrls to X25519
Add ctrl operations to set or retrieve encoded point in
EVP_PKEY structures containing X25519 keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
10f8d0eaa5 Update X25519 key format in evptests.txt
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
262bd85fde Add X25519 methods to internal tables
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
873feeb9cf add to build.info
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
59bf0f031f make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
756b198d24 X25519 public key methods
Add X25519 methods to match current key format defined in
draft-ietf-curdle-pkix-02

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
a4cb54d257 Fix type of ptr field.
Since "ptr" is used to handle arbitrary other types it should be
void *.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
4950f8885c Use OIDs from draft-ietf-curdle-pkix-02
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Rich Salz
e928132343 GH1446: Add SSL_SESSION_get0_cipher
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451)
2016-08-12 15:23:48 -04:00
Rich Salz
ce7a2232f8 Check for bad filename in evp_test
Thanks to Brian Carpter for reporting this.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-08-12 14:04:53 -04:00
Dr. Stephen Henson
721f398023 Update documentation for DSA_SIG and ECDSA_SIG.
RT#4590

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-12 14:21:21 +01:00
Andy Polyakov
d40a13af5d crypto/sparcv9cap.c: add missing declaration.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-12 10:26:20 +02:00
Andy Polyakov
6ebce6803e crypto/ui/ui_openssl.c: let new-line through after query in Windows path.
Originally new-line was suppressed, because double new-line was
observed under wine. But it appears rather to be a wine bug,
because on real Windows new-line is much needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-11 14:36:54 +02:00
Andy Polyakov
a5a95f8d65 crypto/sparcv9cap.c: fix overstep in getisax.
Problem was introduced in 299ccadcdb
as future extension, i.e. at this point it wasn't an actual problem,
because uninitialized capability bit was not actually used.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-11 13:46:06 +02:00
Andy Polyakov
7123aa81e9 sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows.
RT#4530

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-11 13:39:57 +02:00
FdaSilvaYY
b4b42ce621 Fix doc and help about ca -valid option
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-11 10:59:21 +01:00
Emilia Kasper
be82f7b320 Don't attempt to load the CT log list with no-ec
In practice, CT isn't really functional without EC anyway, as most logs
use EC keys. So, skip loading the log list with no-ec, and skip CT tests
completely in that conf.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 18:46:06 +02:00
jamercee
e86e76a6c4 Fixed typo
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
2016-08-10 11:07:42 -04:00
JimC
3b7a575897 Documented BIO_set_accept_port()/BIO_get_accept_port()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
2016-08-10 11:07:42 -04:00
jamercee
b4c1d72e9f Adapt BIO_new_accept() to call BIO_set_accept_name()
Commit 417be66 broken BIO_new_accept() by changing the definition of the
macro BIO_set_accept_port() which stopped acpt_ctrl() from calling
BIO_parse_hostserv(). This commit completes the series of changes
initiated in 417be66.

Updated pods to reflect new definition introduced by 417be66.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
2016-08-10 11:07:42 -04:00
Rich Salz
2301d91dd5 Change callers to use the new constants.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
2016-08-10 10:07:37 -04:00
Rich Salz
f67cbb7443 Add #defines for magic numbers in API.
Binary- and backward-compatible.  Just better.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
2016-08-10 10:07:37 -04:00
Kurt Roeckx
5898b8eb87 Fix spelling of error code
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1421)
2016-08-10 09:58:57 -04:00
Rich Salz
3663990760 Add some const casts
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1397)
2016-08-10 09:53:58 -04:00
Rich Salz
446dffa7f6 GH1383: Add casts to ERR_PACK
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1385
2016-08-10 09:45:36 -04:00
Emilia Kasper
2f35e6a3eb Gracefully free a NULL HANDSHAKE_RESULT
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
d61f00780a Add TEST_check
Like OPENSSL_assert, but also prints the error stack before exiting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
da085d273c SSL tests: port CT tests, add a few more
This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
validation success, and this commit doesn't change that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
b03fe23146 CT: fix documentation
Make method names match reality

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
6bd3379a58 SSL test ctx: fix tests
Some failure tests were failing for the wrong reason after the CTX
refactoring. Update those tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
David Woodhouse
eb633d03fe Kill PACKET_starts() from bad_dtls_test
As discussed in PR#1409 it can be done differently.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-10 12:50:51 +01:00
David Woodhouse
c14e790d6c Fix clienthellotest to use PACKET functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-10 12:50:51 +01:00
Adam Langley
eea8723cd0 Fix test of first of 255 CBC padding bytes.
Thanks to Peter Gijsels for pointing out that if a CBC record has 255
bytes of padding, the first was not being checked.

(This is an import of change 80842bdb from BoringSSL.)

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1431)
2016-08-08 13:36:55 -07:00
Cristian Stoica
358558eba8 speed.c: use size_t instead of int to match function signatures
Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1378)
2016-08-08 11:17:11 -04:00
Emilia Kasper
2ac6bdc029 NPN and ALPN: test resumption
In NPN and ALPN, the protocol is renegotiated upon resumption. Test that
resumption picks up changes to the extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-08 15:14:52 +02:00
Emilia Kasper
7b7cea6d71 Fix ALPN tests when NPN is off
OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-08 12:19:31 +02:00
Emilia Kasper
9f48bbacd8 Reorganize SSL test structures
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".

This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".

This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.

Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-08 12:06:26 +02:00
JimC
a4a18b2f89 Fix CIPHER_DEBUG
Commit 3eb2aff renamed a field of ssl_cipher_st from algorithm_ssl -> min_tls but neglected to update the fprintf reference which is included by -DCIPHER_DEBUG

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1417)
2016-08-06 10:03:25 -04:00
Richard Levitte
e8fd2a4cb4 Add a note about a perl issue on VMS and how to work around it
I bug in perl's File::Spec->canonpath() was uncovered.  There's
nothing we can do about it (except re-implementing canonpath()),
except working around the problem (a directory rename) and reporting
the issue to the perl module developers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-06 16:00:13 +02:00
Tomas Mraz
ca1cb0d434 Fix irregularities in GENERAL_NAME_print().
Add colon when printing Registered ID.
Remove extra space when printing DirName.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1401)
2016-08-05 21:36:42 -04:00
Rob Percival
a6f5d614c5 Mkae CT_log_new_from_base64 always return 0 on failure
In one failure case, it used to return -1. That failure case
(CTLOG_new() returning NULL) was not usefully distinct from all of the
other failure cases.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1407)
2016-08-05 21:34:59 -04:00
klemens
5e93e5fc37 fixing too optimistic typo-fix
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-05 19:07:30 -04:00
klemens
6025001707 spelling fixes, just comments and readme.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-05 19:07:30 -04:00
Rob Percival
1ccbe6b32c Removes CTLOG_new_null from the CT public API
This is an entirely useless function, given that CTLOG is publicly
immutable.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1406)
2016-08-05 18:49:58 -04:00
Richard Levitte
850864d81c openssl-format-source: A few more (DECLARE|IMPLEMENT) variants to care for
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 21:35:32 +02:00
Richard Levitte
25d498c176 The capi engine uses stdio, so don't build it when configuring 'no-stdio'
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 21:18:15 +02:00
Richard Levitte
e38da82047 Remove OPENSSL_NO_STDIO guards around certain SSL cert/key functions
These functions are:

    SSL_use_certificate_file
    SSL_use_RSAPrivateKey_file
    SSL_use_PrivateKey_file
    SSL_CTX_use_certificate_file
    SSL_CTX_use_RSAPrivateKey_file
    SSL_CTX_use_PrivateKey_file
    SSL_use_certificate_chain_file

Internally, they use BIO_s_file(), which is defined and implemented at
all times, even when OpenSSL is configured no-stdio.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 21:18:15 +02:00