Commit graph

18656 commits

Author SHA1 Message Date
Matt Caswell
fb83f20c30 Update tls13secretstest to use the new simpler test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:44:08 +00:00
Matt Caswell
6530c4909f Fix some style issues with TLSv1.3 state machine PR
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:38:32 +00:00
Matt Caswell
f5ca0b04bb Fix some style issues identified during review
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:22 +00:00
Matt Caswell
c805f6189e Fix SSL_IS_TLS13(s)
The SSL_IS_TLS13() macro wasn't quite right. It would come back with true
in the case where we haven't yet negotiated TLSv1.3, but it could be
negotiated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:22 +00:00
Matt Caswell
cc24a22b83 Extend test_tls13messages
Add various different handshake types that are possible.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
acf65ae5c8 Add an s_server capability to read an OCSP Response from a file
Current s_server can only get an OCSP Response from an OCSP responder. This
provides the capability to instead get the OCSP Response from a DER encoded
file.

This should make testing of OCSP easier.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
c11237c23e Add a test for the TLSv1.3 state machine
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
20b65c7bdd Fix some TLSProxy warnings
After the client processes the server's initial flight in TLS1.3 it may
respond with either an encrypted, or an unencrypted alert. We needed to
teach TLSProxy about this so that it didn't issue spurious warnings.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
5abeaf3596 Ensure unexpected messages are handled consistently
In one case we weren't always sending an unexpected message alert if we
don't get what we expect.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
7776a36cfa Ensure the end of first server flight processing is done
There is a set of miscellaneous processing for OCSP, CT etc at the end of
the ServerDone processing. In TLS1.3 we don't have a ServerDone, so this
needs to move elsewhere.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
9970290e1d Fix the tests following the state machine changes for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
6484776f17 Create the Finished message payload
The previous commit had a dummy payload for the Finished data. This commit
fills it in with a real value.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
92760c21e6 Update state machine to be closer to TLS1.3
This is a major overhaul of the TLSv1.3 state machine. Currently it still
looks like TLSv1.2. This commit changes things around so that it starts
to look a bit less like TLSv1.2 and bit more like TLSv1.3.

After this commit we have:

ClientHello
+ key_share          ---->
                           ServerHello
                           +key_share
                           {CertificateRequest*}
                           {Certificate*}
                           {CertificateStatus*}
                     <---- {Finished}
{Certificate*}
{CertificateVerify*}
{Finished}           ---->
[ApplicationData]    <---> [Application Data]

Key differences between this intermediate position and the final TLSv1.3
position are:
- No EncryptedExtensions message yet
- No server side CertificateVerify message yet
- CertificateStatus still exists as a separate message
- A number of the messages are still in the TLSv1.2 format
- Still running on the TLSv1.2 record layer

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
0d9824c171 Implement tls13_change_cipher_state()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
9362c93ebc Remove old style NewSessionTicket from TLSv1.3
TLSv1.3 has a NewSessionTicket message, but it is *completely* different to
the TLSv1.2 one and may as well have been called something else. This commit
removes the old style NewSessionTicket from TLSv1.3. We will have to add the
new style one back in later.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
82c9c03017 Fix EXTMS error introduced by commit 94ed2c6
Commit 94ed2c6 dropped a ! operator by mistake, which causes extended
master secret connections to fail. This puts in back.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-23 09:50:26 +00:00
Richard Levitte
19cb71ef6e Clarify what X509_NAME_online does with the given buffer and size
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1980)
2016-11-23 00:34:50 +01:00
Kurt Roeckx
55ab86e4c2 Add missing -zdelete for some linux arches
b6d5ba1a9f forgot to update some linux arches.

Reviewed-by: Richard Levitte <levitte@openssl.org>

GH: #1977
2016-11-21 22:47:27 +01:00
Todd Short
024d681e69 Skipping tests in evp_test leaks memory
When configured with "no-mdc2 enable-crypto-mdebug" the evp_test
will leak memory due to skipped tests, and error out.

Also fix a skip condition

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1968)
2016-11-21 16:04:39 -05:00
Kurt Roeckx
beacb0f0c1 Make SSL_read and SSL_write return the old behaviour and document it.
This reverts commit 4880672a9b.

Fixes: #1903

Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1931
2016-11-21 21:54:28 +01:00
Dr. Stephen Henson
52fe14e662 Add test to check EVP_PKEY method ordering.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-20 00:22:02 +00:00
Robert Scheck
7524c52017 Avoid warnings like unused enum value (as suggested by Rich Salz)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1945)
2016-11-18 07:37:41 -05:00
Robert Scheck
1d8a94fb7d Shift inside of switch back one level (code style change, as requested by Rich Salz)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1945)
2016-11-18 07:37:41 -05:00
Robert Scheck
9576545a51 Add LMTP support (RFC 2033) to s_client ("-starttls lmtp")
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1945)
2016-11-18 07:37:41 -05:00
Beat Bolli
5defbe6f38 Use consistent variable names in example
In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called
"loc", but the one used in the for loop is called "lastpos". Make the names match.

CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1949)
2016-11-18 07:30:07 -05:00
Beat Bolli
663ece0faa Update the location of the pod files
CLA: trivial
Since 99d63d4 ("Move manpages to man[1357] structure.", 2016-10-26), the location
of the pod files has changed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1951)
2016-11-18 07:28:03 -05:00
Kurt Roeckx
0a3dce8257 Fix name of "locked" variable
It's called with 0 when it's already locked, with 1 when it's not.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1500
2016-11-17 22:02:25 +01:00
Kurt Roeckx
2f545ae45d Add support for reference counting using C11 atomics
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1500
2016-11-17 22:02:25 +01:00
Dr. Stephen Henson
b6c6898234 Support MSBLOB format if RC4 is disabled
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-17 18:45:42 +00:00
Andy Polyakov
32bbb62ea6 sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case.
In non-__KERNEL__ context 32-bit-style __ARMEB__/__ARMEL__ macros were
set in arm_arch.h, which is shared between 32- and 64-bit builds. Since
it's not included in __KERNEL__ case, we have to adhere to official
64-bit pre-defines, __AARCH64EB__/__AARCH64EL__.

[If we are to share more code, it would need similar adjustment.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-17 19:29:58 +01:00
Matt Caswell
657a43f662 Fix missing SSL_IS_TLS13(s) usage
We should use the macro for testing if we are using TLSv1.3 rather than
checking s->version directly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-17 11:03:16 +00:00
Nicola Tuveri
86ff6cc6b2 Handle "int_ctx_new:unsupported algorithm" error
Calling EVP_PKEY_CTX_new_id(curve_NID, NULL) causes an error for most
curves that are implemented through the EC low-level API, and in the
last commit we call it for every curve to avoid treating X25519 as a
special case.

Last commit code already handles correctly this failure, but does not
remove these events from the thread error queue, thus some
false-positive warnings are printed at the end of execution.

This commit ensures that the error queue is clean, without flushing
other errors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
b756d694b6 Do not handle R_EC_X25519 as a special case
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
79438087fe Remove leftover KDF pointer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
9bffdebc38 Use CRYPTO_memcmp for comparing derived secrets
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
f7d984ddd4 Reintroduce preliminary sanity check in ECDH speed and remove further checks in the benchmark loop.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
db1dd9368a Remove ECDH_EVP_derive_key wrapper function
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
2e4c3b5caa More coding style fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
29dd15b18d Run util/openssl-format-source against apps/speed.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
cc98e63938 bugfix: calculate outlen for each curve
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
dfdd45f72c Handle EVP_PKEY_derive errors and fix coding style issues
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
c29c7aadb9 Fix coding style and remove some stale code/comments
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
ed7377dba9 Use EVP interface for ECDH in apps/speed.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Dr. Stephen Henson
d922634d0c Add conversion test for MSBLOB format.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-17 03:53:03 +00:00
Dr. Stephen Henson
b379598747 Make MSBLOB format work with dsa utility.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-17 03:53:03 +00:00
Dr. Stephen Henson
159f6e7ecf Fix MSBLOB format with RSA.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-17 03:53:02 +00:00
FdaSilvaYY
bad6b116a2 Raise an error on memory alloc failure.
Both strdup or malloc failure should raise à err.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)
2016-11-16 20:54:53 -05:00
FdaSilvaYY
2d13250fd6 Missing free item on push failure
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)
2016-11-16 20:54:53 -05:00
Rich Salz
71a8b85574 Merge find-undoc-api into find-doc-nits
Use \b on NOEXIST and EXPORT_VAR_AS_FUNC patterns as suggested by Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1912)
2016-11-16 20:11:50 -05:00
Rob Percival
e1940e9f7a Move SCT_LIST_free definition into a more logical place
This reflects its position in include/openssl/ct.h.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:54:17 +00:00