Commit Graph

1104 Commits

Author SHA1 Message Date
Todd Short
c649d10d3f TLS1.3 Padding
Add padding callback for application control
Standard block_size callback
Documentation and tests included
Configuration file/s_client/s_srver option

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3130)
2017-05-02 09:44:43 +01:00
Rich Salz
595b2a4237 Check fflush on BIO_ctrl call
Bug found and fix suggested by Julian Rüth.
Push error if fflush fails

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3266)
2017-04-28 14:14:59 -04:00
Bernd Edlinger
37659ea430 Add parentheses on public macros where appropriate.
Fixes #3063.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3100)
2017-04-27 11:31:09 +01:00
Matt Caswell
e586eac885 Add support for SSL_SESSION_is_resumable()
Provide a way to test whether the SSL_SESSION object can be used to resume a
sesion or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
2017-04-26 16:42:29 +01:00
Dr. Stephen Henson
786dd2c22c Add support for custom signature parameters
Many signature types define the digest and public key type by a single OID
such as ecdsa_with_sha256.

Some types (RSA-PSS for example) use a single OID to indicate the signature
scheme and additional parameters are encoded in the AlgorithmIdentifier.

Add an X509_SIG_INFO structure to contain details about the signature type:
specifically the digest algorithm, public key algorithm, security bits and
various flags. This supports both existing algorithms and more complex
types.

Add accessors for the structure and a special case that retrieves signature
information from a certificate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
2017-04-25 22:12:34 +01:00
Dmitry Belyavskiy
b5c4209be9 Switch command-line utils to new nameopt API.
The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO_printf
Testing cyrillic output of X509_CRL_print_ex
Write and use X509_CRL_print_ex
Reduce usage of X509_NAME_online
Using X509_REQ_print_ex instead of X509_REQ_print
Fix nameopt processing.
Make dump_cert_text nameopt-friendly
Move nameopt getter/setter to apps/apps.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3262)
2017-04-25 12:37:17 -04:00
Matt Caswell
e829142846 Document BIO_lookup_ex()
We also change the enum type to an int.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
aefb925647 Don't attempt to send fragments > max_send_fragment in DTLS
We were allocating the write buffer based on the size of max_send_fragment,
but ignoring it when writing data. We should fragment handshake messages
if they exceed max_send_fragment and reject application data writes that
are too large.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
dcf88c5b79 Add better error logging if SCTP AUTH chunks are not enabled
In order to use SCTP over DTLS we need ACTP AUTH chunks to be enabled in
the kernel.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
5114d8227e Add a BIO_lookup_ex() function
The existing BIO_lookup() wraps a call to getaddrinfo and provides an
abstracted capability to lookup addresses based on socket type and family.
However it provides no ability to lookup based on protocol. Normally,
when dealing with TCP/UDP this is not required. However getaddrinfo (at
least on linux) never returns SCTP addresses unless you specifically ask
for them in the protocol field. Therefore BIO_lookup_ex() is added which
provides the protocol field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Rich Salz
b3c42fc250 Fix typo in OPENSSL_LH_new compat API
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3292)
2017-04-24 20:33:31 -04:00
Richard Levitte
20626cfd58 Add CRYPTO_mem_leaks_cb
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Rich Salz
c0452248ea Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.

Raise errors if empty or malformed files are read when loading certificates
and CRLs.

Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}

Refactor these two routines into one.

Bring the unit test for duplicate certificates up to date using the test
framework.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
2017-04-20 15:33:42 -04:00
Richard Levitte
f46f69f409 VMS: Copy DECC inclusion epi- and prologues to internals
Because many of our test programs use internal headers, we need to make
sure they know how, exactly, to mangle the symbols.  So far, we've done
so by specifying it in the affected test programs, but as things change,
that will develop into a goose chase.  Better then to declare once and
for all how symbols belonging in our libraries are meant to be treated,
internally as well as publically.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3259)
2017-04-20 13:10:06 +02:00
Richard Levitte
49005bb8b3 ASN.1: extend the possibilities to embed data instead of pointers
Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free().  Call prim_clear() instead.

Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
2017-04-13 10:23:31 +02:00
Todd Short
3bb0f989b5 OCSP Updates: error codes and multiple certificates
RT3877: Add X509 OCSP error codes and messages
Add additional OCSP error codes for X509 verify usage

RT3867: Support Multiple CA certs in ocsp app
Add the ability to read multiple CA certs from a single file in the
ocsp app.

Update some missing X509 errors in documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/941)
2017-04-12 14:41:10 -04:00
Richard Levitte
7eb4c1eb50 Discourage the use of LONG and ZLONG, and deprecate it in the future
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Richard Levitte
64f11ee888 Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:10:59 +02:00
Rich Salz
79b4c806a1 Make default_method mostly compile-time (cont'd)
Forgot to include this commit as requested by review.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)
2017-04-07 13:27:53 -04:00
Rich Salz
076fc55527 Make default_method mostly compile-time
Document thread-safety issues
Have RSA_null return NULL (always fails)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)
2017-04-07 12:19:46 -04:00
Matt Caswell
cd17bb190c Prefix custom extension API callback types with SSL_
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Matt Caswell
43ae5eed6f Implement a new custom extensions API
The old custom extensions API was not TLSv1.3 aware. Extensions are used
extensively in TLSv1.3 and they can appear in many different types of
messages. Therefore we need a new API to be able to cope with that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Matt Caswell
fe874d27d3 Move the extensions context codes into the public API
This move prepares for the later addition of the new custom extensions
API. The context codes have an additional "SSL_" added to their name to
ensure we don't have name clashes with other applications.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Qin Long
005f676628 e_os2.h: Refine OSSL_SSIZE definition under UEFI environment
Under UEFI build environment, we may encounter the OSSL_SSIZE macro
re-definition error in e_os2.h if any module call OpenSSL API directly
by including "openssl/xxxx.h" (caused by the predefined _WIN32/_WIN64
macro, which should have been un-defined under OPENSSL_SYS_UEFI).

Though it's not one recommended usage, this patch could still eliminate
the possible build issue by refining the OSSL_SSIZE definition under
OPENSSL_SYS_UEFI.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3121)
2017-04-06 16:16:05 +02:00
Richard Levitte
5c7e65486c make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Richard Levitte
93f7d6fc10 Implement internal ASN.1 types INT32, UINT32, INT64, UINT64
Also Z varieties.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Dr. Stephen Henson
86135bedd5 Constify SSL_dup_CA_list()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
2017-04-03 23:47:22 +01:00
Dr. Stephen Henson
fa7c263747 New certificate_authorities functions
Add functions to add/retrieve the certificate_authorities. The older
client_CA functions mainly just call the new versions now.

Rename fields sice new extension can be generated by client and server.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
2017-04-03 23:47:21 +01:00
Matt Caswell
ff79a24402 Add missing macros for DHxparams
DHparams has d2i_DHparams_fp, d2i_DHxparams_bio etc, but the equivalent
macros for DHxparams were omitted.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3111)
2017-04-03 20:04:06 +01:00
Kazuki Yamaguchi
a8e75d5680 Fix a typo in the SSL_get_max_early_data() declarations
SSL_get_max_early_data() recently added by 3fc8d85610 ("Construct the
ticket_early_data_info extension", 2017-02-17) is supposed to take an
SSL, but it doesn't.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3113)
2017-04-03 13:45:39 +01:00
Andy Polyakov
5f5840139e e_os.h: drop now-redundant PRIu64 [and fix OSSLzu].
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3083)
2017-03-30 19:34:24 +02:00
Richard Levitte
1e53a9fd1a Add z modifier parsing to the BIO_printf et all format string
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-29 16:16:25 +02:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
Rich Salz
43708c1545 Move PRIu64, OSSLzu to e_os.h
Those macros are private, not public.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3044)
2017-03-28 08:43:48 -04:00
Hannes Magnusson
feb891990a Remove redundant decl of 509_STORE_set_flags
a47bc283 accidentally adds another define for X509_STORE_set_flags
It is already defined 5lines prior

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3047)
2017-03-28 08:37:44 -04:00
Ian Spence
f5fd3848fe Fix function documentation
CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2972)
2017-03-24 13:39:02 +01:00
Bernd Edlinger
b3c31a6572 Fix the error handling in CRYPTO_dup_ex_data.
Fix a strict aliasing issue in ui_dup_method_data.
Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2988)
2017-03-20 13:11:31 +01:00
Kurt Roeckx
497910833e Make the CRYPTO_memcmp() prototype match memcmp()
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2633
2017-03-19 14:33:54 +01:00
Dr. Stephen Henson
45615c5fac Implement certificate_authorities extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2918)
2017-03-17 18:41:56 +00:00
Dr. Stephen Henson
5d6cca05b0 Move parsing and construction of CA names to separate functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2918)
2017-03-17 18:41:56 +00:00
Matt Caswell
11c67eeaf4 HelloRetryRequest updates for draft-19
Draft-19 changes the HRR transcript hash so that the initial ClientHello
is replaced in the transcript with a special synthetic message_hash message
that just contains a hash of ClientHello1 as its message body.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
6594189fa1 Merge early_data_info extension into early_data
As per draft-19

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
ef6c191bce Update end of early data processing for draft-19
The end of early data is now indicated by a new handshake message rather
than an alert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
e984b535d9 Update the TLSv1.3 version indicator for draft-19
This change will mean we will lose interoperability with draft-18
implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Benjamin Kaduk
f775245245 Remove some unused PEM structures
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)
2017-03-16 11:39:34 +01:00
Richard Levitte
d1da335c55 Add EC_KEY_get0_engine()
Just as for DH, DSA and RSA, this gives the engine associated with the
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2960)
2017-03-15 15:03:11 +01:00
Matt Caswell
8a585601fe Fix out-of-memory condition in conf
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.

Credit to OSS-Fuzz for finding this problem.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
2017-03-12 00:19:14 +00:00
Matt Caswell
42c28b637c Use the new TLSv1.3 certificate_required alert where appropriate
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2898)
2017-03-10 15:33:31 +00:00
Matt Caswell
524420d845 Check TLSv1.3 ServerHello, Finished and KeyUpdates are on record boundary
In TLSv1.3 the above messages signal a key change. The spec requires that
the end of these messages must align with a record boundary. We can detect
this by checking for decrypted but as yet unread record data sitting in
OpenSSL buffers at the point where we process the messages.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2875)
2017-03-07 16:41:25 +00:00
Matt Caswell
4321969513 Tweak the TLSv1.3 record overflow limits
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2861)
2017-03-06 20:07:40 +00:00