Commit graph

20535 commits

Author SHA1 Message Date
Pauli
c2500f658b Test cleaning and modernisation
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3917)
2017-07-14 07:35:17 +10:00
Pauli
1f06acc08f Change return (x) to return x
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3912)
2017-07-14 07:32:58 +10:00
Pauli
a9a157e74a Avoid having an unsigned integer decrement below zero.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3912)
2017-07-14 07:32:58 +10:00
Pauli
9e206ce5f8 Fix some issues raise by coverity in the tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3846)
2017-07-14 07:31:29 +10:00
Dr. Stephen Henson
d72a00416a Add sanity test for certificate table
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
cd933ebd57 Move certificate table to header file so it can be tested.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
50a3a1f04b Add additional ECDSA/Ed25519 selection tests.
Add two tests with ECDSA+SHA256 preferred over Ed25519, the second also
excludes P-256 from the supported curves extension which will force the
use of Ed25519 in TLS 1.2, but not TLS 1.3: this would fail before the
certificate table updates.

Add TLS 1.3 test also with P-256 exclude from the groups extension: this
should have no effect as the groups extension is not used for signature
selection in TLS 1.3

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
13cc257423 Use cert tables in ssl_set_sig_mask
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
ebefced904 make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
dd24857b78 Use cert tables instead of X509_certificate_type
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
52fd27f978 Use certificate tables instead of ssl_cert_type
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
7f6b466b2c Use certificate tables instead of ssl_cipher_get_cert_index.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
b8858aec13 Replace tls12_get_pkey_idx
The functiontls12_get_pkey_idx is only used to see if a certificate index is
enabled: call ssl_cert_is_disabled instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
e4fb8b471c Add SSL_aCERT: this is used for any ciphersuite with a certificate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Dr. Stephen Henson
c04cd72827 Add certificate properties table.
Add certificate table giving properties of each certificate index:
specifically the NID associated with the index and the the auth mask
value for any cipher the certificate can be used with.

This will be used to generalise certificate handling instead of hard coding
algorithm specific cases.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
2017-07-13 12:38:42 +01:00
Pauli
084f9a7046 Demo style fixes and modernisation.
Address some style issues in the demos and modernise the C.
Fix the exit/return from main handling.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3914)
2017-07-13 07:34:40 +10:00
hongliang
6e2e6ed4fa coding style: remove extra whitespace charactor
CLA: trivial

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3913)
2017-07-12 21:27:35 +02:00
Rich Salz
e0c89df9e4 Rewrite RAND_egd
Use stdio and its buffering.
Limit to 255 bytes (could remove that if neceessary).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3888)
2017-07-12 11:09:39 -04:00
Bernd Edlinger
aa8dfbc421 Fix error handling in get_header_and_data.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3896)
2017-07-10 16:25:43 +02:00
Bernd Edlinger
e1ca9e1f6d Fix crash in BUF_MEM_grow_clean.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3896)
2017-07-10 16:25:43 +02:00
Andy Polyakov
c7c7a8e601 Optimize sha/asm/keccak1600-avx2.pl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-07-10 10:16:42 +02:00
Andy Polyakov
29724d0e15 Add sha/asm/keccak1600-avx2.pl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-07-10 10:16:31 +02:00
Pauli
a2371fa933 Trivial bounds checking.
Bounds checking strpy, strcat and sprintf.
These are the remaining easy ones to cover a recently removed commit.
Some are trivial, some have been modified and a couple left as they are because the reverted change didn't bounds check properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3871)
2017-07-07 15:45:55 +10:00
Richard Levitte
a7ff57965b Fix cipher_compare
Unsigned overflow.  Found by Brian Carpenter

Fixes #3889

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3890)
2017-07-08 22:13:24 +02:00
Rich Salz
04256277cb Update various RAND podpages
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3883)
2017-07-07 23:53:54 -04:00
Matt Caswell
222417eb71 Fix s_client crash where the hostname is provided as a positional arg
If the hostname is provided as a positional arg then s_client crashes.
The crash occurs as s_client exits (after either a successful or
unsuccessful connection attempt).

This issue was introduced by commit 729ef85611.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3881)
2017-07-07 16:19:03 +01:00
Matt Caswell
dd05bd4cb4 Some SSL_OP_ values can't be used in 1.1.x
SSL_OP_ALL was set in 0x0BFF so reusing some of these bits would cause
ABI compatibility issues.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)
2017-07-07 16:08:05 +01:00
Matt Caswell
4f11c7476b Choose a safer value for SSL_OP_ALLOW_NO_DHE_KEX
1.1.0 included the previous value for SSL_OP_ALLOW_NO_DHE_KEX in
SSL_OP_ALL. This might cause binary compatibility issues. We should choose
a value that is not in SSL_OP_ALL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)
2017-07-07 16:08:05 +01:00
Matt Caswell
4e2bd9cb0f Update the documentation for the new SSL_OP_ALLOW_NO_DHE_KEX option
Also the associated configuration parameters and command line switches.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)
2017-07-07 16:08:05 +01:00
Matt Caswell
e3c0d76bc7 Do not allow non-dhe kex_modes by default
Allow that mode to be configured if desired.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)
2017-07-07 16:08:05 +01:00
Matt Caswell
5159821540 Updates following review feedback of TLSv1.3 draft-21 code
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
Matt Caswell
8f81476145 Update SSL_trace() to know about ticket_nonce
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
Matt Caswell
b81bd33680 Update the early_secret generation to use the new ticket_nonce field
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
Matt Caswell
5a6ff161cc Update the test/session.pem to have a tick_nonce value
Otherwise the ClientHello test fails

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
Matt Caswell
a19ae67d8d Update tls13_hkdf_expand() to take the length of the data
In most scenarios the length of the input data is the hashsize, or 0 if
the data is NULL. However with the new ticket_nonce changes the length can
be different.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
Matt Caswell
de2f409ef9 The correct key length for a TLSv1.3 SHA384 ciphersuite is 48
Our test was using 32. The latest ticket nonce changes now validate this
value and so sslapitest was failing.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
Matt Caswell
9b6a825461 Send and receive the ticket_nonce field in a NewSessionTicket
This just adds the processing for sending and receiving the newly added
ticket_nonce field. It doesn't actually use it yet.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
Matt Caswell
07ff590f8f Update the version number for TLSv1.3 draft 21
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
Matt Caswell
9561e2a169 Fix memory leak when using PSK session files
We were not freeing the session created when loading a PSK session file.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3855)
2017-07-07 10:44:11 +01:00
Richard Levitte
4549ed12ec test/run_tests.pl: Make sure to exit with a code that's understood universally
TAP::Parser::Aggregator::has_errors may return any number, not just 0
and 1.  With Perl on VMS, any number from 2 and on is interpreted as a
VMS status, the 3 lower bits are the encoded severity (1 = SUCCESS,
for example), so depending on what has_errors returns, a test failure
might be interpreted as a success.  Therefore, it's better to make
sure the exit code is 0 or 1, nothing else (they are special on VMS,
and mean SUCCESS or FAILURE, to match Unix conventions).

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3880)
2017-07-07 11:31:03 +02:00
Richard Levitte
bfa3480f76 test/recipes/90-test_shlibload.t: Make sure to handle library renames
VMS renames our libraries to fit VMS conventions.  This must be accounted
for when we want to load them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3880)
2017-07-07 11:31:03 +02:00
Richard Levitte
984cf15eb5 VMS: When running a sub-MMS, make sure to give it the main MMS' qualifiers
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3880)
2017-07-07 11:31:03 +02:00
Andy Polyakov
313fa47fea Add sha/asm/keccak1600-avx512.pl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3861)
2017-07-07 10:04:33 +02:00
Pauli
86ba26c80a Address potential buffer overflows.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3878)
2017-07-07 13:37:06 +10:00
Pauli
b4df712aca change return (x) to return x
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3878)
2017-07-07 13:37:06 +10:00
Pauli
ab3e8f6315 Rearrange link line so the libraries come after the source.
Some linkers like it this way.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3879)
2017-07-07 11:44:52 +10:00
Rich Salz
1ef4541813 Remove some now-unneeded VMS controls
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3875)
2017-07-06 17:54:56 -04:00
Pauli
59e539e642 BIO range checking.
Add length limits to avoid problems with sprintf, strcpy and strcat.  This replaces recently removed code but also guards some previously missing function calls (for DOS & Windows).

Reworked the BIO_dump_indent_cb code to reduce temporary storage.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3870)
2017-07-07 07:18:41 +10:00
Rich Salz
9ee344f5cd Cleanup RAND_load_file,RAND_write_file
Document an internal assumption that these are only for use with files,
and return an error if not. That made the code much simpler.
Leave it as writing 1024 bytes, even though we don't need more than 256
from a security perspective.  But the amount isn't specified, now, so we
can change it later if we want.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3864)
2017-07-06 13:59:11 -04:00
Pauli
60eba30f60 Memory bounds checking in asn1 code.
Check that sprint, strcpy don't overflow.

Avoid some strlen operations when the previous sprintf return value can be used.

Also fix the undefined behaviour `*(long *)x = y` when x isn't a long or character pointer.
ISO/IEC 9899:1999 6.5/7 for the details.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3869)
2017-07-06 12:59:51 +10:00