wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
20318 commits 20 branches 302 tags 153 MiB
Commit graph

20318 commits

This branch
This branch
All branches
Author SHA1 Message Date
Matt Caswell
f13615c5b8 Fix OBJ_create() to tolerate a NULL sn and ln 
In 1.0.2 and before OBJ_create() allowed the sn or ln parameter to be NULL.
Commit 52832e47 changed that so that it crashed if they were NULL.

This was causing problems with the built-in config oid module. If a long
name was provided OBJ_create() is initially called with a NULL ln and
therefore causes a crash.

Fixes #3733

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3753)
 2017-06-22 17:00:15 +01:00
Alexey Komnin
f6373823c0 Fix tls1_generate_master_secret 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3751)
 2017-06-22 11:54:19 -04:00
David Benjamin
32bbf777d0 Fix the names of ChaCha20-Poly1305 cipher suites in t1_trce.c. 
Per RFC 7905, the cipher suite names end in "_SHA256". The original
implementation targeted the -03 draft, but there was a -04 draft right
before the RFC was published to make the names consistent.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3748)
 2017-06-22 16:43:03 +01:00
Pauli
a69de3f201 TAP line filter BIO. 
This is an implementation of a BIO filter that produce TAP compatible output
for the test framework.  The current test indentation level is honoured.

The test output functions have been modified to not attempt to indent
their output and to not include the leading '#' character.

The filter is applied to bio_err only.  bio_out is left unchanged, although
tests using bio_out have been modified to use bio_err instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3732)
 2017-06-22 09:35:08 +10:00
Richard Levitte
906eb3d031 Configure: give config targets the possibility to enable or disable features 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3745)
 2017-06-22 01:24:54 +02:00
Pauli
410e8c9356 Remove duplicate see also reference to BIO_s_mem. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3731)
 2017-06-22 08:13:11 +10:00
Sascha Steinbiss
db17e43d88 Add OCSP_resp_get1_id() accessor 
Adding a get1 style accessor as brought up in mailing list post
https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.html

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1876)
 2017-06-21 15:01:54 -04:00
Paul Yang
15b1688ac9 Avoid compiler complaining 
initialize some local variables

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3741)
 2017-06-21 14:36:02 -04:00
Matt Caswell
23cec1f4b4 Add documentation for the SSL_export_keying_material() function 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3735)
 2017-06-21 16:18:36 +01:00
Andy Polyakov
b5cdec2fea sha/asm/sha512p8-ppc.pl: add POWER8 performance data. 
[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3705)
 2017-06-21 16:26:59 +02:00
Andy Polyakov
53ddf7dd05 Add Keccak-1600 modules for PPC64 and POWER8. 
[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3705)
 2017-06-21 16:24:36 +02:00
Matt Caswell
9924087573 Fix DTLS failure when used in a build which has SCTP enabled 
The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with
the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately
due to this clash, this wasn't the case. The BIO ended up going into peek
mode and was continually reading the same data over and over - throwing it
away as a replay.

Fixes #3723

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3724)
 2017-06-21 14:56:24 +01:00
Matt Caswell
72257204bd PSK related tweaks based on review feedback 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:36 +01:00
Matt Caswell
adfc37868e Use constants rather than macros for the cipher bytes in the apps 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:36 +01:00
Matt Caswell
ca8c71ba35 Add some tests for the new TLSv1.3 PSK code 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:36 +01:00
Matt Caswell
011d768aba Fix some bugs in the TLSv1.3 PSK code 
Found while developing the PSK tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:36 +01:00
Matt Caswell
725b0f1e13 Make the input parameters for SSL_SESSION_set1_master_key const 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:36 +01:00
Matt Caswell
8ead6158a9 Document SSL_set_psk_find_session_callback() and SSL_CTX equivalent 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:36 +01:00
Matt Caswell
93a048a1d8 Document SSL_set_psk_use_session_callback() and SSL_CTX equivalent 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
dc87d5a922 Tweak the client side PSK callback 
Ensure that we properly distinguish between successful return (PSK
provided), successful return (no PSK provided) and failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
801d9fbd97 Add documentation for SSL_CTX_set_psk_use_session_callback() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
9c39fa1e38 Document SSL_CIPHER_get_handshake_digest() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
267869d3f3 Document SSL_SESSION_set_protocol_version() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
5eb7273669 Document SSL_SESSION_set1_master_key() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
7721978ca8 Add documentation for SSL_SESSION_set_cipher() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
14e353506a Fix no-psk 
Broken through previous PSK related commits

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
5ffff5990c Add the ability to set a TLSv1.3 PSK via just the key bytes 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
5a43d5119e Add SSL_SESSION_set_protocol_version() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
1a993d1d56 Add SSL_SESSION_set_cipher() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
911d63f261 Add SSL_SESSION_set1_master_key() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
df894947c4 Add the ability to use a server side TLSv1.3 external PSK in s_server 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
e261bdd185 Add the ability to use a client side TLSv1.3 external PSK in s_client 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
ba4df68286 Add a function to get the handshake digest for an SSL_CIPHER 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
f46184bd90 Add public API functions for setting TLSv1.3 PSK callbacks 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
9368f86526 Add TLSv1.3 client side external PSK support 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Matt Caswell
3a7c56b2c0 Add TLSv1.3 server side external PSK support 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
 2017-06-21 14:45:35 +01:00
Rich Salz
2556aec5d0 Add ecstress test 
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3720)
 2017-06-21 09:24:01 -04:00
Andy Polyakov
1d23bbccd3 Add sha/asm/keccak1600-c64x.pl 
[skip ci]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3708)
 2017-06-21 15:21:47 +02:00
Rich Salz
9018f3ce0f Add constant-time 64 
Standardize comments.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3727)
 2017-06-21 09:19:42 -04:00
Dr. Stephen Henson
d2916a5b29 Use EVP_PKEY_X25519, EVP_PKEY_ED25519 instead of NIDs where appropriate. 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
29b0cab017 Update test config file 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
fbe1af9dfe Add Ed25519 TLS 1.3 and 1.2 tests 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
60bbed3ff6 Add Ed25519 EE certificates 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
bc88fc7928 Ed25519 support for mkcert.sh 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
b2021556e4 Allow Ed25519 in TLS 1.2 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
72ceb6a692 Convert key exchange to one shot call 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
03327c8bf2 Print Ed25519 in s_client/s_server 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
881d2c5ed2 Add Ed25519 to trace output 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
168067b631 Handle signature algorithms with no associated digest 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00
Dr. Stephen Henson
3d234c9e5c Add Ed25519 signature algorithm 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
 2017-06-21 14:11:01 +01:00