Commit graph

933 commits

Author SHA1 Message Date
Andy Polyakov
90edbfcce3 include/openssl/e_os2.h: fix 'noreturn' pre-processor logic.
Newer gcc still recognizes e.g. -std=c9x in which case it wouldn't
have used 'noreturn' at all with original logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-27 23:05:03 +02:00
Matt Caswell
dae00d631f Add error return for OPENSSL_INIT_set_config_filename()
The OPENSSL_INIT_set_config_filename() function can fail so ensure that it
provides a suitable error code.

GitHub Issue #920

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-23 23:30:24 +01:00
Rich Salz
0cd0a820ab Remove unused error/function codes.
Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 15:04:23 -04:00
Dr. Stephen Henson
05dba8151b Support for traditional format private keys.
Add new function PEM_write_bio_PrivateKey_traditional() to enforce the
use of legacy "traditional" private key format. Add -traditional option
to pkcs8 and pkey utilities.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 16:41:34 +01:00
Dr. Stephen Henson
4591e5fb41 Constify stack and lhash macros.
RT#4471

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-21 22:49:00 +01:00
Matt Caswell
fcb318c64b Fix Windows 64 bit crashes
The function InitOnceExceuteOnce is the best way to support the
implementation of CRYPTO_THREAD_run_once() on Windows. Unfortunately
WinXP doesn't have it. To get around that we had two different
implementations: one for WinXP and one for later versions. Which one was
used was based on the value of _WIN32_WINNT.

This approach was starting to cause problems though because other parts of
OpenSSL assume _WIN32_WINNT is going to be 0x0501 and crashes were
occurring dependant on include file ordering. In addition a conditional
based on _WIN32_WINNT had made its way into a public header file through
commit 5c4328f. This is problematic because the value of this macro can
vary between OpenSSL build time and application build time.

The simplest solution to this mess is just to always use the WinXP version
of CRYPTO_THREAD_run_once(). Its perhaps slightly sub-optimal but probably
not noticably.

GitHub Issue #1086

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-20 23:08:18 +01:00
Rich Salz
739a1eb196 Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxx
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK
Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE
Make lhash stuff opaque.
Use typedefs for function pointers; makes the code simpler.
Remove CHECKED_xxx macros.
Add documentation; remove old X509-oriented doc.
Add API-compat names for entire old API

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-20 10:48:29 -04:00
Viktor Dukhovni
f75b34c8c8 When strict SCT fails record verification failure
Since with SSL_VERIFY_NONE, the connection may continue and the
session may even be cached, we should save some evidence that the
chain was not sufficiently verified and would have been rejected
with SSL_VERIFY_PEER.  To that end when a CT callback returs failure
we set the verify result to X509_V_ERR_NO_VALID_SCTS.

Note: We only run the CT callback in the first place if the verify
result is still X509_V_OK prior to start of the callback.

RT #4502

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-19 00:25:42 -04:00
Viktor Dukhovni
a5a3722bc1 make update
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-19 00:06:19 -04:00
Mat
276fa9bda9 Fixes non __GNUC__ compilation
adds missing check for defined(__GNUC__)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1094)
2016-05-18 18:40:51 -04:00
Viktor Dukhovni
f3e235ed6f Ensure verify error is set when X509_verify_cert() fails
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 15:16:37 -04:00
hesiod
872759053b Make OPENSSL_die as noreturn
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/526)
2016-05-18 13:37:01 -04:00
Richard Levitte
bc77651098 Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()
Also adds 'esc_2254' to the possible command line name options

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 18:30:00 +02:00
Dr. Stephen Henson
52832e470f OID code tidy up.
Tidy up and simplify OBJ_dup() and OBJ_create().

Sanity check added OIDs: don't allow duplicates.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 15:33:11 +01:00
Matt Caswell
569d064609 Add some error messages for malloc fails
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
Rich Salz
b6cff313cb Manual fixes after copyright consolidation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 17:38:18 -04:00
Rich Salz
6ddbb4cd92 X509_STORE_CTX accessors.
Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 16:06:09 -04:00
Rich Salz
21dcbebc6e Copyright consolidation 03/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:24:17 -04:00
Steffan Karger
2194351fda const correctness: make HMAC_size() take a const *
CLA: none; trivial

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1070
2016-05-16 20:56:56 +02:00
Viktor Dukhovni
5c4328f04f Fold threads.h into crypto.h making API public
Document thread-safe lock creation

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 12:16:26 -04:00
Alessandro Ghedini
6385ffd12d Do not access SSL struct directly in TLS1_get_version and TLS1_get_client_version macros
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 15:58:52 +01:00
Alessandro Ghedini
6546e9b221 Add SSL_client_version() getter function
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 15:58:52 +01:00
jfigus
ba261f718b Propagate tlsext_status_type from SSL_CTX to SSL
To allow OCSP stapling to work with libcurl.

Github PR #200

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 14:42:30 +01:00
FdaSilvaYY
c5ebfcab71 Unify <TYPE>_up_ref methods signature and behaviour.
Add a status return value instead of void.
Add some sanity checks on reference counter value.
Update the docs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 10:17:33 +01:00
Dr. Stephen Henson
afdd82fb56 Fix stack constification definitions.
RT#4471

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-13 12:23:52 +01:00
Emilia Kasper
d82c27589b Appease ubsan
ERR_LIB_USER has value 128, and shifting into the sign bit upsets the
shift sanitizer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-12 18:47:06 +02:00
Andy Polyakov
bfcdd4d098 crypto/des: remove obsolete functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-10 20:32:20 +02:00
Richard Levitte
21e001747d Restore the ERR_remove_thread_state() API and make it a no-op
The ERR_remove_thread_state() API is restored to take a pointer
argument, but does nothing more.  ERR_remove_state() is also made into
a no-op.  Both functions are deprecated and users are recommended to
use OPENSSL_thread_stop() instead.

Documentation is changed to reflect this.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-10 11:31:05 +02:00
FdaSilvaYY
dccd20d1b5 fix tab-space mixed indentation
No code change

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:09:55 +01:00
J Mohan Rao Arisankala
cb1d435cac few missing allocation failure checks and releases on error paths
- Missing checks for allocation failure.
- releasing memory in few missing error paths

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:06:06 +01:00
Dr. Stephen Henson
049f5bbce3 Constify PKCS12_newpass()
PR#4449

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-06 21:21:54 +01:00
Matt Caswell
fc7f190c73 Handle no async jobs in libssl
If the application has limited the size of the async pool using
ASYNC_init_thread() then we could run out of jobs while trying to start a
libssl io operation. However libssl was failing to handle this and treating
it like a fatal error. It should not be fatal...we just need to retry when
there are jobs available again.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-05 19:39:14 +01:00
Marek Klein
e6c5dbc8e8 DEFINE_STACK_OF(ASN1_UTF8STRING) moved from ts_lcl.h to asn1.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1020)
2016-05-04 14:48:41 +02:00
Todd Short
e8408681b3 Secure memory fixes
Fix some of the variables to be (s)size_t, so that more than 1GB of
secure memory can be allocated. The arena has to be a power of 2, and
2GB fails because it ends up being a negative 32-bit signed number.

The |too_late| flag is not strictly necessary; it is easy to figure
out if something is secure memory by looking at the arena. As before,
secure memory allocations will not fail, but now they can be freed
correctly. Once initialized, secure memory can still be used, even if
allocations occured before initialization.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-02 12:58:03 -04:00
Matt Caswell
7cafbb4bd3 Fix some X509_STORE macros
Some X509_STORE macros do not work since the type was made opaque.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-29 23:13:58 +01:00
Dr. Stephen Henson
77076dc944 Add checks to X509_NAME_oneline()
Sanity check field lengths and sums to avoid potential overflows and reject
excessively large X509_NAME structures.

Issue reported by Guido Vranken.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-29 19:42:21 +01:00
Richard Levitte
3cd3f0024b Remove BIO_dummy, it's old cruft
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 18:59:20 +02:00
Richard Levitte
83f2695c31 Change 'struct bio_st' in all public header where applicable
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 18:57:58 +02:00
Rich Salz
be4ba1b06c Add asn1_mac
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-29 12:50:01 -04:00
Paul Kehrer
3b7a71b2f0 Make header signature of CRYPTO_mem_leaks BIO instead of struct bio_st
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1012)
2016-04-29 16:42:44 +01:00
Richard Levitte
1bfe73d500 VMS: It seems DEC C doesn't handle certain header files quite right
With DEC C on VMS, you can use __DECC_INCLUDE_PROLOGUE.H and
__DECC_INCLUDE_EPILOGUE.H to include some DEC C specific features or
pragmas without having to touch the other header files.

It seems, however, that the current version of the compiler requires
the file names to be upcased, or it doesn't handle them quite right.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-04-29 15:19:33 +02:00
Richard Levitte
1f644005ac make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-29 09:09:46 +02:00
FdaSilvaYY
8fdc99cb5d Fix an error code spelling.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)
2016-04-28 14:22:26 -04:00
FdaSilvaYY
8483a003bf various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)
2016-04-28 14:22:26 -04:00
Christian Heimes
f0c58c3212 Add getters for X509_STORE and X509_OBJECT members
OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl
module requires access to some of the struct members. Three new getters
are added:

int X509_OBJECT_get_type(X509_OBJECT *a);
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);

Signed-off-by: Christian Heimes <cheimes@redhat.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-28 20:02:27 +02:00
Viktor Dukhovni
c965487373 Implement X509_STORE_CTX_set_current_cert() accessor
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-28 13:50:13 -04:00
Kazuki Yamaguchi
3aec886ed4 GH975 Add ex_data functions for X509_STORE
Add X509_STORE_{set,get}_ex_data() function and
X509_STORE_get_ex_new_index() macro.

X509_STORE has ex_data and the documentation also mentions them but they
are not actually implemented.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-27 08:23:53 -04:00
Viktor Dukhovni
51227177b1 Added missing X509_STORE_CTX_set_error_depth() accessor
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-25 15:26:04 -04:00
Viktor Dukhovni
1755d46012 API compat macros for renamed X509_STORE_CTX functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-25 07:46:10 -04:00
Viktor Dukhovni
e2ab7fb343 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-22 10:41:57 -04:00
Viktor Dukhovni
9f6b22b814 Enabled DANE only when at least one TLSA RR was added
It is up to the caller of SSL_dane_tlsa_add() to take appropriate
action when no records are added successfully or adding some records
triggers an internal error (negative return value).

With this change the caller can continue with PKIX if desired when
none of the TLSA records are usable, or take some appropriate action
if DANE is required.

Also fixed the internal ssl_dane_dup() function to properly initialize
the TLSA RR stack in the target SSL handle.  Errors in ssl_dane_dup()
are no longer ignored.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-22 10:41:57 -04:00
Matt Caswell
54c010ab80 Fix no-dsa on Windows/VMS
The no-dsa option was failing on Windows because some symbols were not
correctly flagged in libcrypto.num. Problem found due to the new symbol
consistency test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 14:42:15 +01:00
Matt Caswell
04e381ff17 Fix the indentation of OPENSSL_NO_STDIO in pem.h
Some pre-processor macros were incorrectly indented

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 14:42:15 +01:00
Matt Caswell
b04e5c12c2 Fix no-cmac on Windows/VMS
no-cmac was failing on Windows/VMS due to libcrypto.num not marking the
CMAC functions properly. Found due to the new symbol consistency test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 14:39:30 +01:00
Matt Caswell
5951e840d9 Fix no-ocsp on Windows (and probably VMS)
The ocsp.h file did not have appropriate guards causing link failures on
Windows.

GH Issue 900

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 17:03:02 +01:00
Matt Caswell
00deac3ef6 Fix no-ui on Windows
Ensure public functions have appropriate guards in header files.

GH Issue 899

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 16:49:27 +01:00
Rich Salz
3fb2cf1ad1 Update copyright; generated files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:33:15 -04:00
Matt Caswell
f863ad0c59 Fix no-sock on Windows
Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_SOCK

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:46 +01:00
Matt Caswell
9fb80e3ceb Fix no-dgram on Windows
Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_DGRAM

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:45 +01:00
Rich Salz
e0a651945c Copyright consolidation: perl files
Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:45:40 -04:00
Matt Caswell
d979e7f567 Prepare for 1.1.0-pre6-dev
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-19 15:58:45 +01:00
Matt Caswell
68072bcfe1 Prepare for 1.1.0-pre5 release
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-19 15:57:51 +01:00
Rich Salz
14f051a0ae Make string_to_hex/hex_to_string public
Give the API new names, document it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 09:02:11 -04:00
Rich Salz
9021a5dfb3 Rename some lowercase API's
Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 08:22:00 -04:00
Richard Levitte
d32f5d8733 Restore OCSP_basic_verify() error return semantics
Recently, OCSP_basic_verify() was changed to always return 0 on error,
when it would previously return 0 on error and < 0 on fatal error.
This restores the previous semantics back.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-17 23:22:45 +02:00
Richard Levitte
4e727a8d87 Remove declaration of function that isn't implemented
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-17 23:22:29 +02:00
Dr. Stephen Henson
4dba585f79 Add X509_STORE_CTX_set0_untrusted function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-16 18:26:19 +01:00
Rich Salz
f0e0fd51fd Make many X509_xxx types opaque.
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-15 13:21:43 -04:00
Matt Caswell
1ee7b8b97c Fix ex_data locks issue
Travis identified a problem with freeing the ex_data locks which wasn't
quite right in ff2344052. Trying to fix it identified a further problem:
the ex_data locks are cleaned up by OPENSSL_cleanup(), which is called
explicitly by CRYPTO_mem_leaks(), but then later the BIO passed to
CRYPTO_mem_leaks() is freed. An attempt is then made to use the ex_data
lock already freed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-04-14 22:15:32 +01:00
Matt Caswell
c3a64b5278 The err_cleanup() funtion is internal so shouldn't be exported
Running a "make update" wanted to add err_cleanup to libcrypto.num which
is wrong.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 13:50:36 +01:00
Lyon Chen
4b6b848785 Add SSL_SESSION_get0_hostname()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-14 08:41:29 -04:00
Matt Caswell
ff2344052b Ensure all locks are properly cleaned up
Some locks were not being properly cleaned up during close down.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 13:19:04 +01:00
Matt Caswell
5158c763f5 Remove OPENSSL_NO_AES guards
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Dr. Stephen Henson
a535fe12f6 Remove check_defer()
The check_defer() function was used to ensure that EVP_cleanup() was always
called before OBJ_cleanup(). The new cleanup code ensures this so it is
no longer needed.

Remove obj_cleanup() call in OID config module: it is not needed
any more either.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:05:07 +01:00
Richard Levitte
13524b112e Move a declaration that's private to libcrypto
Don't expose purely libcrypto internal symbols, even to libssl.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:23:47 +02:00
Matt Caswell
b3599dbb6a Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:59:03 +01:00
Matt Caswell
6457615ac8 Fix explicit de-init macros
The no-op de-init macros may fail because of extraneous ";", so we use
a slightly different construct instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:59:03 +01:00
Matt Caswell
20c56358e6 Fix symbols missing from shared build
libssl needs to have access to some internal libcrypto symbols.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:58:59 +01:00
Matt Caswell
342c21cd8b Rename lots of *_intern or *_internal function to int_*
There was a lot of naming inconsistency, so we try and standardise on
one form.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:34 +01:00
Matt Caswell
cbf6959fe8 Deprecate CONF_modules_free() and make it a no-op
CONF_modules_free() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
6d4fb1d59e Deprecate ENGINE_cleanup() and make it a no-op
ENGINE_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
7b8cc9b345 Deprecate OBJ_cleanup() and make it a no-op
OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
22c84afa77 Deprecate EVP_cleanup() and make it a no-op
EVP_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
62d876ad17 Deprecate BIO_sock_cleanup() and make it a no-op
BIO_sock_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
a5e3ac13d6 Deprecate CRYPTO_cleanup_all_ex_data() and make it a no-op
CRYPTO_cleanup_all_ex_data() should not be called expicitly - we should
leave auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
f3cd81d653 Deprecate RAND_cleanup() and make it a no-op
RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
03b0e73555 Deprecate SSL_COMP_free_compression_methods() and make it a no-op
SSL_COMP_free_compression_methods() should not be called expicitly - we
should leave auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
6827cb3610 Deprecate ERR_free_strings() and make it a no-op
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
02a247e0fa Deprecate COMP_zlib_cleanup() and make it a no-op
COMP_zlib_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Kazuki Yamaguchi
9d5ac9532c Add SSL_CTX_get_ciphers()
Add an accessor for SSL_CTX.

Since libssl was made opaque, there is no way for users to access the
cipher_list, while users can set the cipher_list by
SSL_CTX_set_cipher_list().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-11 09:59:04 -04:00
Matt Caswell
17e01abbb0 Make DH_METHOD opaque
Move the dh_method structure into an internal header file and provide
relevant accessors for the internal fields.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Matt Caswell
0aeddcfa61 Make DH opaque
Move the dh_st structure into an internal header file and provide
relevant accessors for the internal fields.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Rich Salz
b9aec69ace Add SSL_DANE typedef for consistency.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-08 09:30:23 -04:00
Viktor Dukhovni
a4ccf06808 make update
Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 14:41:34 -04:00
Viktor Dukhovni
43341433a8 Suppress CT callback as appropriate
Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates.  Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records.  Also skip SCT processing
when the chain is fails verification.

Move and consolidate CT callbacks from libcrypto to libssl.  We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.

Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information.  When printing SCTs, print the
validation status if set and not valid.

Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 14:41:34 -04:00
Dr. Stephen Henson
26f2412d9b always use field names
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 18:57:48 +01:00
Richard Levitte
b72c912137 Make the RSA_METHOD structure opaque
Move rsa_meth_st away from public headers.
Add RSA_METHOD creator/destructor functions.
Add RSA_METHOD accessor/writer functions.
Adapt all other source to use the creator, destructor, accessors and writers.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-06 16:19:20 +02:00
Richard Levitte
9862e9aa98 Make the RSA structure opaque
Move rsa_st away from public headers.
Add accessor/writer functions for the public RSA data.
Adapt all other source to use the accessors and writers.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-06 16:19:17 +02:00
Matt Caswell
3e41ac3528 Fix no-ocsp
Misc fixes for no-ocsp

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 14:57:45 +01:00
Rich Salz
e771eea6d8 Revert "various spelling fixes"
This reverts commit 620d540bd4.
It wasn't reviewed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 16:11:43 -04:00
Rich Salz
9f2a142b13 Revert "Fix an error code spelling."
This reverts commit 2b0bcfaf83.
It wasn't reviewed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 16:11:04 -04:00
FdaSilvaYY
2b0bcfaf83 Fix an error code spelling.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 15:06:32 -04:00
FdaSilvaYY
620d540bd4 various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 15:06:32 -04:00
FdaSilvaYY
97458daade Add X509_REQ_get0_pubkey method
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 20:38:11 +02:00
Michał Trojnara
b5851bbc43 Removed no-ops for the old locking API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-03 22:33:12 -04:00
Viktor Dukhovni
fbb82a60dc Move peer chain security checks into x509_vfy.c
A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level.  For verification of SSL peers, this
is automatically set from the SSL security level.  Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.

The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.

New verify(1) tests added to check enforcement of chain signature
and public key security levels.  Also added new tests of enforcement
of the verify_depth limit.

Updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-03 11:35:35 -04:00
Matt Caswell
aa05e7caea Rename get/set_app_data to get0/set0_app_data
Also fixed a style issue

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
a517f7fcdc Various DSA opacity fixups
Numerous fixups based on feedback of the DSA opacity changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
6e9fa57c6d Make DSA_METHOD opaque
Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
1258396d73 Make the DSA structure opaque
Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Kirill Marinushkin
d3e6d6bcdf moved structure bio_buf_mem_st from headers to bss_mem.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-02 16:57:07 -04:00
Kirill Marinushkin
9fe9d0461e Optimized BIO mem read - without reallocation
Currently on every BIO mem read operation the remaining data is reallocated.
This commit solves the issue.
BIO mem structure includes additional pointer to the read position.
On every read the pointer moves instead of reallocating the memory for the remaining data.
Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer.
Also the flag is added to rewind the read pointer without losing the data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-02 16:57:07 -04:00
Dr. Stephen Henson
fa0a9d715e Fix X509_PUBKEY cached key handling.
Don't decode a public key in X509_PUBKEY_get0(): that is handled when
the key is parsed using x509_pubkey_decode() instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-02 17:34:27 +01:00
Ben Laurie
703f44e73c Make it legal C.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-30 12:14:56 +01:00
Matt Caswell
0c767ddcbb Fix build compilation failures
BIO_f_linebuffer() is now built by default instead of just on VMS, but
the prototype in the header was still only available on VMS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-30 10:59:32 +01:00
Todd Short
b6ca88ab9d Fixup SSL EX_DATA index
The SSL, SSL_CTX, and SSL_SESSION indices were being referenced
incorrectly in the "_get_ex_new_index" functions.

Remove the STORE EX_DATA index; that functionality is gone.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-29 16:22:08 -04:00
Matt Caswell
a146ae55ba Make BIO opaque
Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Fedor Indutny
ccae4a1582 Allow different protocol version when trying to reuse a session
We now send the highest supported version by the client, even if the session
uses an older version.

This fixes 2 problems:
- When you try to reuse a session but the other side doesn't reuse it and
  uses a different protocol version the connection will fail.
- When you're trying to reuse a session with an old version you might be
  stuck trying to reuse the old version while both sides support a newer
  version

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

GH: #852, MR: #2452
2016-03-27 23:58:50 +02:00
Jeffrey Walton
c828cd7cd0 RT4476: Fix some cast-alignment warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-25 15:43:54 -04:00
Rich Salz
c3ddb26331 More Borland removal.
And thanks to Miod Vallat for the nudge about ERR_PACK :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-24 14:05:48 -04:00
Rich Salz
921de151d2 Move dso.h to internal
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 09:12:11 -04:00
Rich Salz
3d8b2ec42b Remove several unused undocumented functions.
Removed the following:
    DSO_bind_var, DSO_bind_var, DSO_get_default_method,
    DSO_get_loaded_filename, DSO_get_loaded_filename, DSO_get_method,
    DSO_new_method, DSO_pathbyaddr, DSO_set_default_method, DSO_set_method,
    DSO_set_name_converter, DSO_set_name_converter

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 08:34:33 -04:00
Dr. Stephen Henson
d577a69a0f remove unused references field
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-22 19:42:19 +00:00
Rich Salz
38186bfd4e Have only one DSO_METHOD_openssl
Instead of have every DSO_METHOD_xxx in all platforms, ensure that only
one DSO_METHOD_openssl is available on all platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-22 13:35:03 -04:00
Rich Salz
73decf5975 Make DSO opaque.
This was really easy.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-22 13:16:54 -04:00
Dr. Stephen Henson
29fa0a1af4 Make X509_PUBKEY opaque
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 15:28:11 +00:00
David Benjamin
04f6b0fd91 RT4660: BIO_METHODs should be const.
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:49:10 -04:00
Matt Caswell
f9e5503412 Fix no-sock
Misc fixes for no-sock

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:33:59 +00:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Dr. Stephen Henson
99cccf3643 constify DSA_SIG_get0()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-20 19:56:56 +00:00
Dr. Stephen Henson
34c2db9b56 constify ECDSA_SIG_get0()
PR#4436

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-19 22:04:38 +00:00
Alex Gaynor
5a339364f7 GH36: Add casts to match the documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-19 12:17:31 -04:00
Richard Levitte
f38526357e Implement support for no-ts
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 20:17:19 +01:00
Matt Caswell
114de5b595 Ensure that no-comp functions are flagged as such
mkdef.pl was not detecting no-comp functions. This updates the header file
so that mkdef.pl detects that no-comp applies, and the functions are marked
accordingly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 12:09:27 +00:00
Rich Salz
1fbab1dc6f Remove Netware and OS/2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 17:06:57 -04:00
Rich Salz
23d38992fc Remove ultrix/mips support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 15:29:15 -04:00
Dr. Stephen Henson
a7e7bad168 Simplify define as we don't support MS-DOS anymore.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-17 14:29:01 +00:00
Richard Levitte
37d42aae2e Prepare for 1.1.0-pre5-dev
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-16 18:21:46 +01:00
Richard Levitte
e711d13af3 Prepare for 1.1.0-pre4 release
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-16 18:21:17 +01:00
Dr. Stephen Henson
a6eb1ce6a9 Make X509_SIG opaque.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 17:40:47 +00:00
Kurt Roeckx
208527a75d Review comments
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Bill Cox
2d0b441267 Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Rob Percival
680ddc996b constify CT_POLICY_EVAL_CTX getters
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 09:06:04 -05:00
Rob Percival
49e5db0b31 check reviewer --reviewer=emilia
Pass entire CTLOG_STORE to SCT_print, rather than just the SCT's CTLOG

SCT_print now looks up the correct CT log for you.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 14:53:04 -05:00
Rob Percival
8359b57f27 check reviewer --reviewer=emilia
Remove 'log' field from SCT and related accessors

In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.

Improved documentation for some CT functions in openssl/ssl.h.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 14:53:04 -05:00
Rich Salz
599eccfcbf RT3676 add: Export ASN.1 DHparams
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 20:58:08 -05:00
Viktor Dukhovni
dd60efea95 Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 20:41:28 -05:00
Richard Levitte
29f082603a Remove duplicate typedef of ECPKPARAMETERS in ec.h
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-03-10 02:35:12 +01:00
Kurt Roeckx
2b8fa1d56c Deprecate the use of version-specific methods
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
2016-03-09 19:45:05 +01:00
Kurt Roeckx
1fc7d6664a Fix usage of OPENSSL_NO_*_METHOD
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
2016-03-09 19:38:18 +01:00
Kurt Roeckx
b11836a63a Make SSL_CIPHER_get_version return a const char *
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
e4646a8963 Constify security callbacks
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
2016-03-09 19:10:28 +01:00
Rich Salz
60b350a3ef RT3676: Expose ECgroup i2d functions
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 12:25:21 -05:00
Rob Percival
9ddff1e83c Document importance of CTLOG_STORE outliving SCT if SCT_set0_log is used
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
eac84e8127 Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
14db9bbd71 Removes SCT_LIST_set_source and SCT_LIST_set0_logs
Both of these functions can easily be implemented by callers instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
21b908a8f9 Makes SCT_get0_log return const CTLOG*
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
12d2d28185 Makes CTLOG_STORE_get0_log_by_id return const CTLOG*
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
70073f3e3a Treat boolean functions as booleans
Use "!x" instead of "x <= 0", as these functions never return a negative
value.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
8c92c4eac0 Make parameters of CTLOG_get* const
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
5da65ef23c Extensive application of __owur to CT functions that return a boolean
Also improves some documentation of those functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
8fbb93d0e2 Makes SCT_LIST_set_source return the number of successes
No longer terminates on first error, but instead tries to set the source
of every SCT regardless of whether an error occurs with some.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Matt Caswell
2e52e7df51 Remove the old threading API
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 12:41:39 +00:00
Matt Caswell
8eed7e873b Convert rand code to new threading API
Replace the CRYPTO_LOCK_RAND and CRYPTO_LOCK_RAND2 locks with new thread
API style locks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 01:14:57 +00:00
Alessandro Ghedini
0b1a07c8a7 Convert RSA blinding to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 23:52:48 +00:00
Alessandro Ghedini
16203f7b71 Convert CRYPTO_LOCK_SSL_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 18:48:38 -05:00
Richard Levitte
be1251f73d Remove the transfer of lock hooks from bind_engine
With the new threads API, this is no longer needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 00:33:38 +01:00
Richard Levitte
6d5667110a Engine API repair - memory management hooks
The Engine API lost the setting of memory management hooks in
bind_engine.  Here's putting that back.

EX_DATA and ERR functions need the same treatment.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 00:33:38 +01:00
Matt Caswell
9471f7760d Convert mem_dbg and mem_sec to the new Thread API
Use new Thread API style locks, and thread local storage for mem_dbg

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 21:06:04 +00:00
Rich Salz
040d43b3ff OpenSSLDie --> OPENSSL_die
Also removed a bunch of unused define's from e_os.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08 14:46:17 -05:00
Dr. Stephen Henson
706a13f112 Make DSA_SIG opaque.
This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 17:02:16 +00:00
Alessandro Ghedini
c001ce3313 Convert CRYPTO_LOCK_X509_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
41cfbccc99 Convert CRYPTO_LOCK_UI to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
9b398ef297 Convert CRYPTO_LOCK_EC_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
03273d61e7 Convert CRYPTO_LOCK_EVP_PKEY to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
fb46be0348 Convert CRYPTO_LOCK_BIO to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Todd Short
3ec13237f0 Add cipher query functions
Add functions to determine authentication, key-exchange, FIPS and AEAD.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:19:15 -05:00
Alessandro Ghedini
7b8e12d24e Convert ERR_STRING_DATA to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 14:11:59 +00:00
Alessandro Ghedini
8509dcc9f3 Convert ERR_STATE to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 14:11:09 +00:00
Alessandro Ghedini
f75200115d Convert CRYPTO_LOCK_EX_DATA to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Alessandro Ghedini
c74471d293 Convert CRYPTO_LOCK_DSO to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Alessandro Ghedini
d188a53617 Convert CRYPTO_LOCK_{DH,DSA,RSA} to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Alessandro Ghedini
f989cd8c0b Convert CRYPTO_LOCK_GET*BYNAME to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Todd Short
817cd0d52f GH787: Fix ALPN
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-08 09:03:05 -05:00
Dr. Stephen Henson
e1d9f1ab39 Remove kinv/r fields from DSA structure.
The kinv/r fields in the DSA structure are not used by OpenSSL internally
and should not be used in general.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 22:15:04 +00:00
Matt Caswell
44ab2dfdf9 Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
49580f25b3 Add an SSL_has_pending() function
This is similar to SSL_pending() but just returns a 1 if there is data
pending in the internal OpenSSL buffers or 0 otherwise (as opposed to
SSL_pending() which returns the number of bytes available). Unlike
SSL_pending() this will work even if "read_ahead" is set (which is the
case if you are using read pipelining, or if you are doing DTLS). A 1
return value means that we have unprocessed data. It does *not* necessarily
indicate that there will be application data returned from a call to
SSL_read(). The unprocessed data may not be application data or there
could be errors when we attempt to parse the records.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:27 +00:00
Matt Caswell
dad78fb13d Add an ability to set the SSL read buffer size
This capability is required for read pipelining. We will only read in as
many records as will fit in the read buffer (and the network can provide
in one go). The bigger the buffer the more records we can process in
parallel.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:27 +00:00
Matt Caswell
d102d9df86 Implement write pipeline support in libssl
Use the new pipeline cipher capability to encrypt multiple records being
written out all in one go. Two new SSL/SSL_CTX parameters can be used to
control how this works: max_pipelines and split_send_fragment.

max_pipelines defines the maximum number of pipelines that can ever be used
in one go for a single connection. It must always be less than or equal to
SSL_MAX_PIPELINES (currently defined to be 32). By default only one
pipeline will be used (i.e. normal non-parallel operation).

split_send_fragment defines how data is split up into pipelines. The number
of pipelines used will be determined by the amount of data provided to the
SSL_write call divided by split_send_fragment. For example if
split_send_fragment is set to 2000 and max_pipelines is 4 then:
SSL_write called with 0-2000 bytes == 1 pipeline used
SSL_write called with 2001-4000 bytes == 2 pipelines used
SSL_write called with 4001-6000 bytes == 3 pipelines used
SSL_write_called with 6001+ bytes == 4 pipelines used

split_send_fragment must always be less than or equal to max_send_fragment.
By default it is set to be equal to max_send_fragment. This will mean that
the same number of records will always be created as would have been
created in the non-parallel case, although the data will be apportioned
differently. In the parallel case data will be spread equally between the
pipelines.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:27 +00:00
Matt Caswell
98ee75439d Update the dasync engine to add a pipeline cipher
Implement aes128-cbc as a pipeline capable cipher in the dasync engine.
As dasync is just a dummy engine, it actually just performs the parallel
encrypts/decrypts in serial.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:26:04 +00:00
Matt Caswell
4e3925227a Add defines for pipeline capable ciphers
Add a flag to indicate that a cipher is capable of performing
"pipelining", i.e. multiple encrypts/decrypts in parallel. Also add some
new ctrls that ciphers will need to implement if they are pipeline capable.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:21:45 +00:00
David Woodhouse
691064c47f Elide OPENSSL_INIT_set_config_filename() for no-stdio build
Strictly speaking, it isn't stdio and file access which offend me here;
it's the fact that UEFI doesn't provide a strdup() function. But the
fact that it's pointless without file access is a good enough excuse for
compiling it out.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 14:51:08 -05:00
David Woodhouse
b9bd7b06cc Elide DES_read_password() for no-ui build
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 14:51:08 -05:00
David Woodhouse
92d23b339c Move declaration of X509_aux_print() out of #ifndef OPENSSL_NO_STDIO
This isn't a file access function; it's still present.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 14:51:08 -05:00
David Woodhouse
db922318b3 Elide EVP_read_pw_string() and friends for no-ui
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-07 12:52:56 -05:00
Matt Caswell
667867cced Add a function to detect if we have async or not
Add the ASYNC_is_capable() function and use it in speed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:23:42 +00:00
Matt Caswell
c292b105b1 Remove use of CRYPTO_LOCK_INIT in init code
Swap the use of CRYPTO_LOCK_INIT in the init code to use the new threading
API mechanism for locking.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
Dr. Stephen Henson
54dbf42398 Make PKCS8_PRIV_KEY_INFO opaque.
Make PKCS8_PRIV_KEY_INFO opaque. Several accessor functions already exist
for this structure. Two new ones were added to handle attributes.

The old handling of broken formats has been removed and the corresponding
structures simplified.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:11:21 +00:00
Matt Caswell
15457b6203 Fix OPENSSL_INIT flags to avoid a clash.
The 0x00010000L OPENSSL_INIT flag appeared twice.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
6cba4a6661 Rework based on feedback:
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
   future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
Dr. Stephen Henson
5b70372d5d Add ASN.1 ADB callback.
Add support for application supplied any defined by callback. An
application can change the selector value if it wishes. This is
mainly intended for values which are only known at runtime, for
example dynamically created OIDs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 17:06:13 +00:00
Rob Percival
a930afb698 If a CT log entry in CTLOG_FILE is invalid, skip it and continue loading
Previously, the remaining CT log entries would not be loaded.
Also, CTLOG_STORE_load_file would return 1 even if a log entry was
invalid, resulting in no errors being shown.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:10 -05:00
Rob Percival
ed29e82ade Adds CT validation to SSL connections
Disabled by default, but can be enabled by setting the
ct_validation_callback on a SSL or SSL_CTX.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:10 -05:00
Alessandro Ghedini
aacfb134be GH355: Implement HKDF
This patch implements the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) as defined in RFC 5869.

It is required to implement the QUIC and TLS 1.3 protocols (among others).

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-03 18:21:20 -05:00
Emilia Kasper
062178678f Refactor ClientHello extension parsing
1) Simplify code with better PACKET methods.

2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.

3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.

4) Send an alert on ALPN protocol mismatch.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-03 13:53:26 +01:00
Dr. Stephen Henson
3e30fa0a6d Add KDF error codes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 21:30:56 +00:00
Dr. Stephen Henson
99119000ad EVP_PKEY_CTX utility functions.
Utility functions to pass a string or hex string to EVP_PKEY_CTX_ctrl().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:57:32 +00:00
Dr. Stephen Henson
e9b1c42f75 make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:48:12 +00:00
Dr. Stephen Henson
e2285d878d Handle KDF internally.
Handle KDF in ECDH_compute_key instead of requiring each implementation
support it. This modifies the compute_key method: now it allocates and
populates a buffer containing the shared secret.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:48:12 +00:00
Christian Heimes
0c452abc16 Provide getters for default_passwd_cb and userdata
This patch provides getters for default_passwd_cb and userdata for SSL
and SSL_CTX. The getter functions are required to port Python's ssl module
to OpenSSL 1.1.0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-02 17:15:46 +00:00
Dr. Stephen Henson
83f0e802ab make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 22:04:25 +00:00
Rob Percival
7d054e5ab2 CT policy validation
Specifies a callback that will, in the future, be used by the SSL code to
decide whether to abort a connection on Certificate Transparency grounds.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 20:03:25 +00:00
Rob Percival
8c6afbc55c Verify SCT signatures
Tests included in future commit, which adds CT policy validation.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 11:59:28 -05:00
Matt Caswell
ff75a25749 Refactor the async wait fd logic
Implementation experience has shown that the original plan for async wait
fds was too simplistic. Originally the async logic created a pipe internally
and user/engine code could then get access to it via API calls. It is more
flexible if the engine is able to create its own fd and provide it to the
async code.

Another issue is that there can be a lot of churn in the fd value within
the context of (say) a single SSL connection leading to continually adding
and removing fds from (say) epoll. It is better if we can provide some
stability of the fd value across a whole SSL connection. This is
problematic because an engine has no concept of an SSL connection.

This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a
proxy for an SSL connection down at the engine layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-29 12:58:44 +00:00
Matt Caswell
b32166b4fa Workaround for VisualStudio 2015 bug
VisualStudio 2015 has a bug where an internal compiler error was occurring.
By reordering the DEFINE_STACK_OF declarations for SSL_CIPHER and SSL_COMP
until after the ssl3.h include everything seems ok again.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-29 10:28:18 +00:00
Dr. Stephen Henson
1db3107ada TLS support for X25519
Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
4b0555ec9d Add no signing flag.
Add a flag to EC_METHOD for curves which do not support signing.
New function EC_KEY_can_sign() returns 1 is key can be used for signing.
Return an explicit error is an attempt is made to sign with
no signing curves.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
899cf48f17 Rename OIDs.
Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they
wont be used and EdDSA may use a different format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
FdaSilvaYY
b6453a68bb GH753: More spelling fix
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-27 10:58:16 -05:00
Rob Percival
a8d177acf0 Moves SCT struct typedef into ossl_typ.h
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 14:57:29 -05:00
Rob Percival
0cea8832df Public API for Certificate Transparency
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 14:57:29 -05:00
Alessandro Ghedini
71a04cfca0 Implement new multi-threading API
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-26 10:00:36 +00:00
Rich Salz
f2adbd85dd Fix indents
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 11:52:37 -05:00
Emilia Kasper
380f18ed5f CVE-2016-0798: avoid memory leak in SRP
The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.

Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.

Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.

In Apache, the seed directive is known as SSLSRPUnknownUserSeed.

To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.

Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-25 15:42:48 +01:00
Rich Salz
72e9be3d08 GH235: Set error status on malloc failure
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-25 08:37:36 -05:00
Rich Salz
6b2ebe4332 Add PKCS7_NO_DUAL_CONTENT flag
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-23 08:42:03 -05:00
Rich Salz
a773b52a61 Remove unused parameters from internal functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 13:39:44 -05:00
David Woodhouse
cbb259caaf RT4334: Check UEFI before __STDC_VERSION__ for <inttypes.h>
Adding -nostdinc to the EDK2 showed that we were including <inttypes.h>
for some UEFI builds, because the check for __STDC_VERSION__ happens
before the check for OPENSSL_SYS_UEFI. Fix that.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-22 12:10:00 -05:00
Matt Caswell
316fae2a94 Partial revert of 1288f26 and fix for no-async
The commit 1288f26 says that it fixes no-async, but instead seems to break
it. Therefore revert that change and fix no-async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:48:09 +00:00
David Woodhouse
d99d0d96a7 RT4309: Define PRIu64 for UEFI build
Provide an appropriate definition of PRIu64 for the EDK2 build, since
we don't have <inttypes.h> there.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-22 11:31:31 -05:00
Rich Salz
f9eca34c22 Missed an experimental.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 10:00:47 -05:00
Emilia Kasper
aa474d1fb1 TLS: reject duplicate extensions
Adapted from BoringSSL. Added a test.

The extension parsing code is already attempting to already handle this for
some individual extensions, but it is doing so inconsistently. Duplicate
efforts in individual extension parsing will be cleaned up in a follow-up.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-19 17:24:44 +01:00
Viktor Szakats
eaa7e483c5 GH712: Missed some no-filenames cases
crypto.h: honor no-filenames config setting in missing cases

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-19 10:03:49 -05:00
Richard Levitte
ce192ebed0 Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:43:09 +01:00
David Woodhouse
3ba84717a0 Finish 02f7114a7f
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 17:04:47 -05:00
Rich Salz
1288f26fb9 RT4310: Fix varous no-XXX builds
When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing.
This prevents md_rand.c from failing to build. Probably better to do it
this way than to wrap every instance in an explicit #ifdef.

A bunch of new socket code got added to a new file crypto/bio/b_addr.c.
Make it all go away if OPENSSL_NO_SOCK is defined.

Allow configuration with no-ripemd, no-ts, no-ui
We use these for the UEFI build.

Also remove the 'Really???' comment from no-err and no-locking. We use
those too.

We need to drop the crypto/engine directory from the build too, and also
set OPENSSL_NO_ENGINE

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 13:33:51 -05:00
David Woodhouse
21b80f9a12 RT4318: Fix OSSL_SSIZE_MAX for UEFI build
Commit e634b448c ("Defines OSSL_SSIZE_MAX") introduced a definition of
OSSL_SSIZE_MAX which broke the UEFI build. Fix that by making UEFI take
the same definition as Ultrix (ssize_t == int).

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 10:39:35 -05:00
Rich Salz
dba3177745 Remove JPAKE
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-17 09:46:10 -05:00
Richard Levitte
05c7b1631b Implement the use of heap manipulator implementions
- Make use of the functions given through CRYPTO_set_mem_functions().
- CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_secure_free() now receive
  __FILE__ and __LINE__.
- The API for CRYPTO_set_mem_functions() and CRYPTO_get_mem_functions()
  is slightly changed, the implementation for free() now takes a couple
  of extra arguments, taking __FILE__ and __LINE__.
- The CRYPTO_ memory functions will *always* receive __FILE__ and __LINE__
  from the corresponding OPENSSL_ macros, regardless of if crypto-mdebug
  has been enabled or not.  The reason is that if someone swaps out the
  malloc(), realloc() and free() implementations, we can't know if they
  will use them or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17 10:12:49 +01:00
Richard Levitte
c4fb3b3942 Prepare for 1.1.0-pre4-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-15 19:37:42 +01:00
Richard Levitte
c2bbf05873 Prepare for 1.1.0-pre3 release
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-15 19:37:20 +01:00
Richard Levitte
c35f5c3d3a Correct deprecation of OPENSSL_config
Reported in GH#684

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-15 16:25:10 +01:00
Richard Levitte
2c90015c06 Make sure the OPENSSL_INIT flags are 32 bits and document the ssl range
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-13 14:04:42 +01:00
Rob Percival
e634b448c3 Defines OSSL_SSIZE_MAX
Removes SSIZE_MAX definition from bss_bio.c and changes that file to use
OSSL_SSIZE_MAX.

No need to account for OPENSSL_SYS_VXWORKS, since that never actually
gets defined anywhere. It must be a historical artifact.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-13 10:22:54 +00:00
Dr. Stephen Henson
e314c34073 fix warnings on 32 bit builds
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-13 02:29:25 +00:00
Rich Salz
22e3dcb780 Remove TLS heartbeat, disable DTLS heartbeat
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:57:26 -05:00
Rich Salz
f3f1cf8444 Move to REF_DEBUG, for consistency.
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:40:32 -05:00
Rich Salz
27f172d9a3 GH620: second diff from rt-2275, adds error code
clean up and apply patches from RT-2275

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 09:33:51 -05:00
Rich Salz
7253fd550c Hide OPENSSL_INIT_SETTINGS.
Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 08:43:46 -05:00
Rich Salz
a4625290c3 After renaming init, update errors.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 15:52:32 -05:00
Richard Levitte
e09621ff57 Make it possible to get ENGINESDIR info from OpenSSL_versions
Have apps/openssl display the result along with OPENSSLDIR

As part of this, add ENGINESDIR in util/mk1mf.pl

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 19:36:48 +01:00
Matt Caswell
302f75887e Attempt to log an error if init failed
If init failed we'd like to set an error code to indicate that. But if
init failed then when the error system tries to load its strings its going
to fail again. We could get into an infinite loop. Therefore we just set
a single error the first time around. After that no error is set.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Matt Caswell
0fc32b0718 The new init functions can now fail so shouldn't be void
The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return value.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Viktor Dukhovni
d33def6624 Deprecate the -issuer_checks debugging option
This was a developer debugging feature and was never a useful public
interface.

Added all missing X509 error codes to the verify(1) manpage, but
many still need a description beyond the associated text string.

Sorted the errors in x509_txt.c by error number.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-10 12:34:06 -05:00
Richard Levitte
056be06b4d The guard macro to be defined didn't match the guard macro checked
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 18:02:59 +01:00
Rich Salz
f672aee494 Rename INIT funtions, deprecate old ones.
Man, there were a lot of renamings :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10 09:37:03 -05:00
Richard Levitte
0f53f939a1 clean away old VMS cruft
The old building scripts get removed, they are hopelessly gone in bit
rot by now.

Also remove the old symbol hacks.  They were needed needed to shorten
some names to 31 characters, and to resolve other symbol clashes.
Because we now compile with /NAMES=(AS_IS,SHORTENED), this is no
longer required.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:32 +01:00
Richard Levitte
e84193e43d unified build scheme: add a "unified" template for VMS descrip.mms
As part of this, change util/mkdef.pl to stop adding libraries to
depend on in its output.  mkdef.pl should ONLY output a symbol
vector.

Because symbol names can't be longer than 31 characters, we use the
compiler to shorten those that are longer down to 23 characters plus
an 8 character CRC.  To make sure users of our header files will pick
up on that automatically, add the DEC C supported extra headers files
__decc_include_prologue.h and __decc_include_epilogue.h.

Furthermore, we add a config.com, so VMS people can configure just as
comfortably as any Unix folks, thusly:

    @config

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:32 +01:00
Richard Levitte
5482dac9f4 Configure et al: move the installation directory logic to Makefiles
The logic to figure out the combinations of --prefix and --openssldir
has stayed in Configure so far, with Unix paths as defaults.

However, since we're making Configure increasingly platform agnostic,
these defaults need to change and adapt to the platform, along with
the logic to combine them.

The easiest to provide for this is to move the logic and the defaults
away from Configure and into the build files.

This also means that the definition of the macros ENGINESDIR and
OPENSSLDIR move away from include/openssl/opensslconf.h and into the
build files.

Makefile.in is adapted accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:34:06 +01:00
Rich Salz
7984f082d5 Remove store.
Rebased and merged by me, with Ben's approval.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-10 07:56:26 -05:00
Rich Salz
effaf4dee9 Use NON_EMPTY_TRANSLATION_UNIT, consistently.
This also closes RT 4123

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 20:13:29 -05:00
Matt Caswell
35d8fa563c Updates for auto init/deinit review comments
Fixes for the auto-init/deinit code based on review comments

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:12:02 +00:00
Matt Caswell
71567a6f41 Provide a thread stop API
Add the OPENSSL_INIT_thread_stop() function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
7fa792d14d Auto init/de-init libssl
Building on the pervious commit to auto initialise and de-initialise libssl

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
7b9f8f7f03 Auto init/deinit libcrypto
This builds on the previous commit to auto initialise/deinitialise
libcrypto.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
b184e3ef73 Provide framework for auto initialise/deinitialise of the library
This commit provides the basis and core code for an auto initialisation
and deinitialisation framework for libcrypto and libssl. The intention is
to remove the need (in many circumstances) to call explicit initialise and
deinitialise functions. Explicit initialisation will still be an option,
and if non-default initialisation is needed then it will be required.
Similarly for de-initialisation (although this will be a lot easier since
it will bring all de-initialisation into a single function).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Viktor Dukhovni
c0a445a9f2 Suppress DANE TLSA reflection when verification fails
As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa()
are expected to return a negative match depth and nothing else when
verification fails.  However, this only happened when verification
failed during chain construction.  Errors in verification of the
constructed chain did not have the intended effect on these functions.

This commit updates the functions to check for verify_result ==
X509_V_OK, and no longer erases any accumulated match information
when chain construction fails.  Sophisticated developers can, with
care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA
info even when verification fail.  They must of course first check
and save the real error, and restore the original error as quickly
as possible.  Hiding by default seems to be the safer interface.

Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find
matching TLSA records.  Previously reported via X509_V_ERR_CERT_UNTRUSTED.

This also changes the "-brief" output from s_client to include
verification results and TLSA match information.

Mentioned session resumption in code example in SSL_CTX_dane_enable(3).
Also mentioned that depths returned are relative to the verified chain
which is now available via SSL_get0_verified_chain(3).

Added a few more test-cases to danetest, that exercise the new
code.

Resolved thread safety issue in use of static buffer in
X509_verify_cert_error_string().

Fixed long-stating issue in apps/s_cb.c which always sets verify_error
to either X509_V_OK or "chain to long", code elsewhere (e.g.
s_time.c), seems to expect the actual error.  [ The new chain
construction code is expected to correctly generate "chain
too long" errors, so at some point we need to drop the
work-arounds, once SSL_set_verify_depth() is also fixed to
propagate the depth to X509_STORE_CTX reliably. ]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 14:46:09 -05:00
Dr. Stephen Henson
9fc65806d5 Remove ancient compatibility defines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 19:10:12 +00:00
Dr. Stephen Henson
116503cd51 Only use compatibility macros for < 1.1 API.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:49 +00:00
Dr. Stephen Henson
425f330007 use new function names
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:49 +00:00
Dr. Stephen Henson
293042c9d9 Reorganise functions.
Move all PKCS12_SAFEBAG functions into new file p12_sbag.c.

Move MAC functions into p12_mutl.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
1e1b48d151 pkcs12.h header reorganisation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
e8503762da Rename PKCS12 function
Rename ancient PKCS12 functions to use more logical names. Include
defines from old to new name.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
1387a2ecb8 pkcs12 accessors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
a40d594984 New PKCS12 accessors, change macros to functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
54c38b7f0d Make PKCS12 structures opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
b577fd0b81 Deprecate undocumented SSL_cache_hit().
Deprecate undocumented SSL_cache_hit(). Make SSL_session_reused() into a
real function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 16:57:07 +00:00
Matt Caswell
64f9f40696 Handle SSL_shutdown while in init more appropriately #2
Previous commit 7bb196a71 attempted to "fix" a problem with the way
SSL_shutdown() behaved whilst in mid-handshake. The original behaviour had
SSL_shutdown() return immediately having taken no action if called mid-
handshake with a return value of 1 (meaning everything was shutdown
successfully). In fact the shutdown has not been successful.

Commit 7bb196a71 changed that to send a close_notify anyway and then
return. This seems to be causing some problems for some applications so
perhaps a better (much simpler) approach is revert to the previous
behaviour (no attempt at a shutdown), but return -1 (meaning the shutdown
was not successful).

This also fixes a bug where SSL_shutdown always returns 0 when shutdown
*very* early in the handshake (i.e. we are still using SSLv23_method).

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-08 09:29:29 +00:00
Dr. Stephen Henson
696178edff Add SSL_get0_verified_chain() to return verified chain of peer
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-06 18:18:28 +00:00
Matt Caswell
7d1d48a2d0 Add a BIO_ADDR_clear function
Adds a new function BIO_ADDR_clear to reset a BIO_ADDR back to an
unitialised state, and to set the family to AF_UNSPEC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 20:47:36 +00:00
FdaSilvaYY
0d4fb84390 GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Matt Caswell
3edeb622ba Make DTLSv1_listen a first class function and change its type
The DTLSv1_listen function exposed details of the underlying BIO
abstraction and did not properly allow for IPv6. This commit changes the
"peer" argument to be a BIO_ADDR and makes it a first class function
(rather than a ctrl) to ensure proper type checking.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-05 19:12:18 +00:00
Viktor Dukhovni
895c2f84a6 Long overdue cleanup of X509 policy tree verification
Replace all magic numbers with #defined constants except in boolean
functions that return 0 for failure and 1 for success.  Avoid a
couple memory leaks in error recovery code paths.  Code style
improvements.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-05 11:13:11 -05:00
Dr. Stephen Henson
7fc7d1a7bd Add EC_KEY_priv2buf()
Add new function EC_KEY_priv2buf() to allocated and encode private
key octet in one call. Update and simplify ASN.1 and print routines.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dr. Stephen Henson
d810700b80 update EC ASN1 and print routines
Update EC ASN.1 and print routines to use EC_KEY_oct2priv and
EC_KEY_priv2oct.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dr. Stephen Henson
cf2413955c Add EC_KEY_oct2priv and EC_KEY_priv2oct
New functions EC_KEY_oct2priv and EC_KEY_priv2oct. These are private key
equivalents of EC_POINT_oct2point and EC_POINT_point2oct which convert
between the private key octet format and EC_KEY.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dr. Stephen Henson
26c255fcf8 Add ASN1_buf_print to print a buffer in ASN1_bn_print format.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dmitry Sobinov
43e5faa253 Add new DTLS-SRTP protection profiles from RFC 7714
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04 22:52:21 +00:00
Kurt Roeckx
c86d1f19fc Use WSAGetLastError() on windows
Windows doesn't have h_error or hstrerror()

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #1848
2016-02-04 16:05:59 +01:00
Dr. Stephen Henson
da15ce2212 update OID tables
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04 14:10:52 +00:00
Rich Salz
d9f7772674 RT2752: Add some EKU OID's
And some others found in the Internet.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-03 23:33:55 -05:00
Rich Salz
cde052f59c Tweak opensslconf.h.in for style
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-03 17:15:31 -05:00
Richard Levitte
52f5926c3c make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:40:32 +01:00
Richard Levitte
417be660e1 Refactoring BIO: adapt BIO_s_connect and BIO_s_accept
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:40:32 +01:00
Richard Levitte
4f1374e605 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:39:37 +01:00
Richard Levitte
2fcff74c87 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:38:07 +01:00
Richard Levitte
d33b215b33 Refactoring BIO: new socket-handling functions, deprecate older ones
Added functions:

BIO_socket
BIO_connect
BIO_listen
BIO_accept_ex
BIO_closesocket
BIO_sock_info

These get deprecated:

BIO_gethostbyname
BIO_get_port
BIO_get_host_ip
BIO_get_accept_socket
BIO_accept

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:38:07 +01:00
Richard Levitte
83be2778fe Refactoring BIO: add error macros & text, and make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:37:07 +01:00
Richard Levitte
28a0841bf5 Refactoring BIO: add wrappers around sockaddr et al
Because different platforms have different levels of support for IPv6,
different kinds of sockaddr variants, and some have getaddrinfo et al
while others don't, we could end up with a mess if ifdefs, duplicate
code and other maintainance nightmares.

Instead, we're introducing wrappers around the common form for socket
communication:
BIO_ADDR, closely related to struct sockaddr and some of its variants.
BIO_ADDRINFO, closely related to struct addrinfo.

With that comes support routines, both convenient creators and
accessors, plus a few utility functions:

BIO_parse_hostserv, takes a string of the form host:service and
splits it into host and service.  It checks for * in both parts, and
converts any [ipv6-address] syntax to ust the IPv6 address.

BIO_lookup, looks up information on a host.

All routines handle IPv4 (AF_INET) and IPv6 (AF_INET6) addresses, and
there is support for local sockets (AF_UNIX) as well.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:37:07 +01:00
Rich Salz
b5c5a97141 RT2353: Add ipsec IKE OID
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-02 14:41:06 -05:00