wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
17612 commits 20 branches 302 tags 153 MiB
Commit graph

17612 commits

This branch
This branch
All branches
Author SHA1 Message Date
Matt Caswell
a2a0c86bb0 Add some SSLv2 ClientHello tests 
Test that we handle a TLS ClientHello in an SSLv2 record correctly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-15 23:14:30 +01:00
Matt Caswell
a01c86a251 Send an alert if we get a non-initial record with the wrong version 
If we receive a non-initial record but the version number isn't right then
we should send an alert.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-15 23:14:30 +01:00
Matt Caswell
44efb88a21 Address feedback on SSLv2 ClientHello processing 
Feedback on the previous SSLv2 ClientHello processing fix was that it
breaks layering by reading init_num in the record layer. It also does not
detect if there was a previous non-fatal warning.

This is an alternative approach that directly tracks in the record layer
whether this is the first record.

GitHub Issue #1298

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-15 23:14:30 +01:00
Rob Percival
c35d339d98 Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
 2016-08-15 12:57:00 -04:00
Rob Percival
11c68ceaa6 Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions 
They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
 2016-08-15 12:56:47 -04:00
Rob Percival
a1bb7708ce Improves CTLOG_STORE setters 
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
 2016-08-15 12:56:47 -04:00
Richard Levitte
a0ef6bb687 Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-15 17:16:47 +02:00
Dr. Stephen Henson
0a699a0723 Fix no-ec 
Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-15 14:07:33 +01:00
Jakub Zelenka
0818dbadf3 Never return -1 from BN_exp 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1455)
 2016-08-14 20:52:13 +01:00
Dr. Stephen Henson
3d9a51f7ed update CHANGES 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:06 +01:00
Dr. Stephen Henson
c082201a36 add documentation 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
23143e4da6 Print out names of other temp key algorithms. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
bc7bfb83b7 Remove old EC based X25519 code. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
ec24630ae2 Modify TLS support for new X25519 API. 
When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
3bca6c2731 Add encoded points to other EC curves too. 
Add encoded point ctrl support for other curves: this makes it possible
to handle X25519 and other EC curve point encoding in a similar way
for TLS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
c06f2aaa08 make update 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
5d6aaf8a9d Add point ctrls to X25519 
Add ctrl operations to set or retrieve encoded point in
EVP_PKEY structures containing X25519 keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
10f8d0eaa5 Update X25519 key format in evptests.txt 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
262bd85fde Add X25519 methods to internal tables 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
873feeb9cf add to build.info 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
59bf0f031f make errors 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
756b198d24 X25519 public key methods 
Add X25519 methods to match current key format defined in
draft-ietf-curdle-pkix-02

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
a4cb54d257 Fix type of ptr field. 
Since "ptr" is used to handle arbitrary other types it should be
void *.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
4950f8885c Use OIDs from draft-ietf-curdle-pkix-02 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:04 +01:00
Rich Salz
e928132343 GH1446: Add SSL_SESSION_get0_cipher 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451)
 2016-08-12 15:23:48 -04:00
Rich Salz
ce7a2232f8 Check for bad filename in evp_test 
Thanks to Brian Carpter for reporting this.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2016-08-12 14:04:53 -04:00
Dr. Stephen Henson
721f398023 Update documentation for DSA_SIG and ECDSA_SIG. 
RT#4590

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-12 14:21:21 +01:00
Andy Polyakov
d40a13af5d crypto/sparcv9cap.c: add missing declaration. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-12 10:26:20 +02:00
Andy Polyakov
6ebce6803e crypto/ui/ui_openssl.c: let new-line through after query in Windows path. 
Originally new-line was suppressed, because double new-line was
observed under wine. But it appears rather to be a wine bug,
because on real Windows new-line is much needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-11 14:36:54 +02:00
Andy Polyakov
a5a95f8d65 crypto/sparcv9cap.c: fix overstep in getisax. 
Problem was introduced in 299ccadcdb
as future extension, i.e. at this point it wasn't an actual problem,
because uninitialized capability bit was not actually used.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-11 13:46:06 +02:00
Andy Polyakov
7123aa81e9 sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows. 
RT#4530

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-11 13:39:57 +02:00
FdaSilvaYY
b4b42ce621 Fix doc and help about ca -valid option 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-11 10:59:21 +01:00
Emilia Kasper
be82f7b320 Don't attempt to load the CT log list with no-ec 
In practice, CT isn't really functional without EC anyway, as most logs
use EC keys. So, skip loading the log list with no-ec, and skip CT tests
completely in that conf.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-10 18:46:06 +02:00
jamercee
e86e76a6c4 Fixed typo 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
 2016-08-10 11:07:42 -04:00
JimC
3b7a575897 Documented BIO_set_accept_port()/BIO_get_accept_port() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
 2016-08-10 11:07:42 -04:00
jamercee
b4c1d72e9f Adapt BIO_new_accept() to call BIO_set_accept_name() 
Commit 417be66 broken BIO_new_accept() by changing the definition of the
macro BIO_set_accept_port() which stopped acpt_ctrl() from calling
BIO_parse_hostserv(). This commit completes the series of changes
initiated in 417be66.

Updated pods to reflect new definition introduced by 417be66.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
 2016-08-10 11:07:42 -04:00
Rich Salz
2301d91dd5 Change callers to use the new constants. 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
 2016-08-10 10:07:37 -04:00
Rich Salz
f67cbb7443 Add #defines for magic numbers in API. 
Binary- and backward-compatible.  Just better.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
 2016-08-10 10:07:37 -04:00
Kurt Roeckx
5898b8eb87 Fix spelling of error code 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1421)
 2016-08-10 09:58:57 -04:00
Rich Salz
3663990760 Add some const casts 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1397)
 2016-08-10 09:53:58 -04:00
Rich Salz
446dffa7f6 GH1383: Add casts to ERR_PACK 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1385
 2016-08-10 09:45:36 -04:00
Emilia Kasper
2f35e6a3eb Gracefully free a NULL HANDSHAKE_RESULT 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-10 14:41:21 +02:00
Emilia Kasper
d61f00780a Add TEST_check 
Like OPENSSL_assert, but also prints the error stack before exiting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-10 14:41:21 +02:00
Emilia Kasper
da085d273c SSL tests: port CT tests, add a few more 
This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
validation success, and this commit doesn't change that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-10 14:41:21 +02:00
Emilia Kasper
b03fe23146 CT: fix documentation 
Make method names match reality

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-10 14:41:21 +02:00
Emilia Kasper
6bd3379a58 SSL test ctx: fix tests 
Some failure tests were failing for the wrong reason after the CTX
refactoring. Update those tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-10 14:41:21 +02:00
David Woodhouse
eb633d03fe Kill PACKET_starts() from bad_dtls_test 
As discussed in PR#1409 it can be done differently.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-10 12:50:51 +01:00
David Woodhouse
c14e790d6c Fix clienthellotest to use PACKET functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-10 12:50:51 +01:00
Adam Langley
eea8723cd0 Fix test of first of 255 CBC padding bytes. 
Thanks to Peter Gijsels for pointing out that if a CBC record has 255
bytes of padding, the first was not being checked.

(This is an import of change 80842bdb from BoringSSL.)

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1431)
 2016-08-08 13:36:55 -07:00
Cristian Stoica
358558eba8 speed.c: use size_t instead of int to match function signatures 
Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1378)
 2016-08-08 11:17:11 -04:00