Tomas Mraz
3f8d1216df
Fix af_alg engine failure on 32 bit architectures.
...
Add extra cast to unsigned long to avoid sign extension when
converting pointer to 64 bit data.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-15 23:30:45 +01:00
Matt Caswell
bb982ce753
Remove a stray unneeded line in 70-test_sslrecords.t
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Matt Caswell
78fcddbb8d
Address feedback on SSLv2 ClientHello processing
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Matt Caswell
a2a0c86bb0
Add some SSLv2 ClientHello tests
...
Test that we handle a TLS ClientHello in an SSLv2 record correctly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Matt Caswell
a01c86a251
Send an alert if we get a non-initial record with the wrong version
...
If we receive a non-initial record but the version number isn't right then
we should send an alert.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Matt Caswell
44efb88a21
Address feedback on SSLv2 ClientHello processing
...
Feedback on the previous SSLv2 ClientHello processing fix was that it
breaks layering by reading init_num in the record layer. It also does not
detect if there was a previous non-fatal warning.
This is an alternative approach that directly tracks in the record layer
whether this is the first record.
GitHub Issue #1298
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Rob Percival
c35d339d98
Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408 )
2016-08-15 12:57:00 -04:00
Rob Percival
11c68ceaa6
Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions
...
They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408 )
2016-08-15 12:56:47 -04:00
Rob Percival
a1bb7708ce
Improves CTLOG_STORE setters
...
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196 .
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408 )
2016-08-15 12:56:47 -04:00
Richard Levitte
a0ef6bb687
Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-15 17:16:47 +02:00
Dr. Stephen Henson
0a699a0723
Fix no-ec
...
Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-15 14:07:33 +01:00
Jakub Zelenka
0818dbadf3
Never return -1 from BN_exp
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1455 )
2016-08-14 20:52:13 +01:00
Dr. Stephen Henson
3d9a51f7ed
update CHANGES
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:06 +01:00
Dr. Stephen Henson
c082201a36
add documentation
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
23143e4da6
Print out names of other temp key algorithms.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
bc7bfb83b7
Remove old EC based X25519 code.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
ec24630ae2
Modify TLS support for new X25519 API.
...
When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
3bca6c2731
Add encoded points to other EC curves too.
...
Add encoded point ctrl support for other curves: this makes it possible
to handle X25519 and other EC curve point encoding in a similar way
for TLS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
c06f2aaa08
make update
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
5d6aaf8a9d
Add point ctrls to X25519
...
Add ctrl operations to set or retrieve encoded point in
EVP_PKEY structures containing X25519 keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
10f8d0eaa5
Update X25519 key format in evptests.txt
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
262bd85fde
Add X25519 methods to internal tables
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
873feeb9cf
add to build.info
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
59bf0f031f
make errors
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
756b198d24
X25519 public key methods
...
Add X25519 methods to match current key format defined in
draft-ietf-curdle-pkix-02
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
a4cb54d257
Fix type of ptr field.
...
Since "ptr" is used to handle arbitrary other types it should be
void *.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
4950f8885c
Use OIDs from draft-ietf-curdle-pkix-02
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Rich Salz
e928132343
GH1446: Add SSL_SESSION_get0_cipher
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451 )
2016-08-12 15:23:48 -04:00
Rich Salz
ce7a2232f8
Check for bad filename in evp_test
...
Thanks to Brian Carpter for reporting this.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-08-12 14:04:53 -04:00
Dr. Stephen Henson
721f398023
Update documentation for DSA_SIG and ECDSA_SIG.
...
RT#4590
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-12 14:21:21 +01:00
Andy Polyakov
d40a13af5d
crypto/sparcv9cap.c: add missing declaration.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-12 10:26:20 +02:00
Andy Polyakov
6ebce6803e
crypto/ui/ui_openssl.c: let new-line through after query in Windows path.
...
Originally new-line was suppressed, because double new-line was
observed under wine. But it appears rather to be a wine bug,
because on real Windows new-line is much needed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-11 14:36:54 +02:00
Andy Polyakov
a5a95f8d65
crypto/sparcv9cap.c: fix overstep in getisax.
...
Problem was introduced in 299ccadcdb
as future extension, i.e. at this point it wasn't an actual problem,
because uninitialized capability bit was not actually used.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-11 13:46:06 +02:00
Andy Polyakov
7123aa81e9
sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows.
...
RT#4530
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-11 13:39:57 +02:00
FdaSilvaYY
b4b42ce621
Fix doc and help about ca -valid option
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-11 10:59:21 +01:00
Emilia Kasper
be82f7b320
Don't attempt to load the CT log list with no-ec
...
In practice, CT isn't really functional without EC anyway, as most logs
use EC keys. So, skip loading the log list with no-ec, and skip CT tests
completely in that conf.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 18:46:06 +02:00
jamercee
e86e76a6c4
Fixed typo
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386 )
2016-08-10 11:07:42 -04:00
JimC
3b7a575897
Documented BIO_set_accept_port()/BIO_get_accept_port()
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386 )
2016-08-10 11:07:42 -04:00
jamercee
b4c1d72e9f
Adapt BIO_new_accept() to call BIO_set_accept_name()
...
Commit 417be66
broken BIO_new_accept() by changing the definition of the
macro BIO_set_accept_port() which stopped acpt_ctrl() from calling
BIO_parse_hostserv(). This commit completes the series of changes
initiated in 417be66
.
Updated pods to reflect new definition introduced by 417be66
.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386 )
2016-08-10 11:07:42 -04:00
Rich Salz
2301d91dd5
Change callers to use the new constants.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429 )
2016-08-10 10:07:37 -04:00
Rich Salz
f67cbb7443
Add #defines for magic numbers in API.
...
Binary- and backward-compatible. Just better.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429 )
2016-08-10 10:07:37 -04:00
Kurt Roeckx
5898b8eb87
Fix spelling of error code
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1421 )
2016-08-10 09:58:57 -04:00
Rich Salz
3663990760
Add some const casts
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1397 )
2016-08-10 09:53:58 -04:00
Rich Salz
446dffa7f6
GH1383: Add casts to ERR_PACK
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1385
2016-08-10 09:45:36 -04:00
Emilia Kasper
2f35e6a3eb
Gracefully free a NULL HANDSHAKE_RESULT
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
d61f00780a
Add TEST_check
...
Like OPENSSL_assert, but also prints the error stack before exiting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
da085d273c
SSL tests: port CT tests, add a few more
...
This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
validation success, and this commit doesn't change that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
b03fe23146
CT: fix documentation
...
Make method names match reality
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
6bd3379a58
SSL test ctx: fix tests
...
Some failure tests were failing for the wrong reason after the CTX
refactoring. Update those tests.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
David Woodhouse
eb633d03fe
Kill PACKET_starts() from bad_dtls_test
...
As discussed in PR#1409 it can be done differently.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-10 12:50:51 +01:00