Commit Graph

396 Commits

Author SHA1 Message Date
Dmitry Sobinov
43e5faa253 Add new DTLS-SRTP protection profiles from RFC 7714
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04 22:52:21 +00:00
Kurt Roeckx
c86d1f19fc Use WSAGetLastError() on windows
Windows doesn't have h_error or hstrerror()

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #1848
2016-02-04 16:05:59 +01:00
Dr. Stephen Henson
da15ce2212 update OID tables
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04 14:10:52 +00:00
Rich Salz
d9f7772674 RT2752: Add some EKU OID's
And some others found in the Internet.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-03 23:33:55 -05:00
Rich Salz
cde052f59c Tweak opensslconf.h.in for style
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-03 17:15:31 -05:00
Richard Levitte
52f5926c3c make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:40:32 +01:00
Richard Levitte
417be660e1 Refactoring BIO: adapt BIO_s_connect and BIO_s_accept
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:40:32 +01:00
Richard Levitte
4f1374e605 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:39:37 +01:00
Richard Levitte
2fcff74c87 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:38:07 +01:00
Richard Levitte
d33b215b33 Refactoring BIO: new socket-handling functions, deprecate older ones
Added functions:

BIO_socket
BIO_connect
BIO_listen
BIO_accept_ex
BIO_closesocket
BIO_sock_info

These get deprecated:

BIO_gethostbyname
BIO_get_port
BIO_get_host_ip
BIO_get_accept_socket
BIO_accept

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:38:07 +01:00
Richard Levitte
83be2778fe Refactoring BIO: add error macros & text, and make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:37:07 +01:00
Richard Levitte
28a0841bf5 Refactoring BIO: add wrappers around sockaddr et al
Because different platforms have different levels of support for IPv6,
different kinds of sockaddr variants, and some have getaddrinfo et al
while others don't, we could end up with a mess if ifdefs, duplicate
code and other maintainance nightmares.

Instead, we're introducing wrappers around the common form for socket
communication:
BIO_ADDR, closely related to struct sockaddr and some of its variants.
BIO_ADDRINFO, closely related to struct addrinfo.

With that comes support routines, both convenient creators and
accessors, plus a few utility functions:

BIO_parse_hostserv, takes a string of the form host:service and
splits it into host and service.  It checks for * in both parts, and
converts any [ipv6-address] syntax to ust the IPv6 address.

BIO_lookup, looks up information on a host.

All routines handle IPv4 (AF_INET) and IPv6 (AF_INET6) addresses, and
there is support for local sockets (AF_UNIX) as well.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:37:07 +01:00
Rich Salz
b5c5a97141 RT2353: Add ipsec IKE OID
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-02 14:41:06 -05:00
Dr. Stephen Henson
85a4807f94 New BN functions.
Add new function BN_bn2binpad() which checks the length of the output
buffer and pads the result with zeroes if necessary.

New functions BN_bn2lebinpad() and BN_lebin2bn() which use little endian
format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-02 17:17:38 +00:00
Rich Salz
8cdd6b6b47 Style; add "!= NULL"
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-01 11:23:55 -05:00
Emilia Kasper
b698174493 constify PACKET
PACKET contents should be read-only. To achieve this, also
- constify two user callbacks
- constify BUF_reverse.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-01 16:21:57 +01:00
Viktor Dukhovni
33cc5dde47 Compat self-signed trust with reject-only aux data
When auxiliary data contains only reject entries, continue to trust
self-signed objects just as when no auxiliary data is present.

This makes it possible to reject specific uses without changing
what's accepted (and thus overring the underlying EKU).

Added new supported certs and doubled test count from 38 to 76.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-31 21:24:12 -05:00
Viktor Dukhovni
0daccd4dc1 Check chain extensions also for trusted certificates
This includes basic constraints, key usages, issuer EKUs and auxiliary
trust OIDs (given a trust suitably related to the intended purpose).

Added tests and updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-31 21:23:23 -05:00
Dr. Stephen Henson
be2e334fce Add EC_GROUP_order_bits, EC_GROUP_get0_order and EC_GROUP_get0_cofactor
New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-31 22:18:30 +00:00
Daniel Kahn Gillmor
8ab31975ba RT4129: BUF_new_mem_buf should take const void *
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-31 14:05:13 -05:00
Rich Salz
769adcfe8b GH102: Extra volatile avoids GCC bug
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-01-30 20:19:19 -05:00
Rich Salz
9716b0b9de Remove extra level of indirection.
Remove OPENSSL_IMPORT as its only purpose is to define OPENSSL_EXTERN.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-30 18:11:12 -05:00
Rich Salz
94af0cd7f3 Move more BN internals to bn_lcl.h
There was an unused macro in ssl_locl.h that used an internal
type, so I removed it.
Move bio_st from bio.h to ossl_type.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-30 16:54:35 -05:00
Rich Salz
98ab57644f GH102: Add volatile to CRYPTO_memcmp
Can't hurt and seems to prevent problems from some over-aggressive
(LTO?) compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-30 14:37:43 -05:00
Dr. Stephen Henson
7ab507495b Add function to return internal enoding of X509_NAME.
PR#4280

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-30 16:02:48 +00:00
Viktor Dukhovni
aea6116146 Make it possible to check for explicit auxiliary trust
By default X509_check_trust() trusts self-signed certificates from
the trust store that have no explicit local trust/reject oids
encapsulated as a "TRUSTED CERTIFICATE" object.  (See the -addtrust
and -trustout options of x509(1)).

This commit adds a flag that makes it possible to distinguish between
that implicit trust, and explicit auxiliary settings.

With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted
via explicit trust settings.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-29 10:53:46 -05:00
Matt Caswell
cb389fe804 Correct value of DH_CHECK_PUBKEY_INVALID
A new return value for DH_check_pub_key was recently added:
DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other
return values it should have been set to the value 4 not 3.

RT#4278

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-29 11:53:32 +00:00
Richard Levitte
41a28cb294 Correct number of arguments in BIO_get_conn_int_port macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-28 18:19:55 +01:00
Matt Caswell
b128abc343 Prevent small subgroup attacks on DH/DHE
Historically OpenSSL only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for
generating X9.42 style parameter files such as those required for RFC
5114 support. The primes used in such files may not be "safe". Where an
application is using DH configured with parameters based on primes that
are not "safe" then an attacker could use this fact to find a peer's
private DH exponent. This attack requires that the attacker complete
multiple handshakes in which the peer uses the same DH exponent.

A simple mitigation is to ensure that y^q (mod p) == 1

CVE-2016-0701

Issue reported by Antonio Sanso.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-28 14:41:19 +00:00
Rich Salz
3444c36ab4 Fix typo in md2.h
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-28 09:18:21 -05:00
Rich Salz
3538c7da3d Add CRYPTO_secure_zalloc
Also turn B<foo> into foo() in the pod page.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-27 23:34:13 -05:00
Rich Salz
3e9e810f2e Remove outdated legacy crypto options
Many options for supporting optimizations for legacy crypto on legacy
platforms have been removed.  This simplifies the source code and
does not really penalize anyone.
        DES_PTR (always on)
        DES_RISC1, DES_RISC2 (always off)
        DES_INT (always 'unsigned int')
        DES_UNROLL (always on)
        BF_PTR (always on) BF_PTR2 (removed)
        MD2_CHAR, MD2_LONG (always 'unsigned char')
        IDEA_SHORT, IDEA_LONG (always 'unsigned int')
        RC2_SHORT, RC2_LONG (always 'unsigned int')
        RC4_LONG (only int and char (for assembler) are supported)
        RC4_CHUNK (always long), RC_CHUNK_LL (removed)
        RC4_INDEX (always on)
And also make D_ENCRYPT macro more clear (@appro)

This is done in consultation with Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-27 19:05:50 -05:00
Richard Levitte
d20a161f46 Complete the removal of /* foo.c */ comments
Some files that are automatically generated still had those comments
added by the generating scripts.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-27 18:42:23 +01:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Matt Caswell
a18a31e49d Add SSL_up_ref() and SSL_CTX_up_ref()
The SSL and SSL_CTX structures are reference counted. However since libssl
was made opaque there is no way for users of the library to manipulate the
reference counts. This adds functions to enable that.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-26 13:19:10 +00:00
Richard Levitte
9ab6fc5936 Generate warning text
Now that we're using templates, we should warn people not to edit the
resulting file.  We do it through util/dofile.pl, which is enhanced
with an option to tell what file it was called from.  We also change
the calls so the template files are on the command line instead of
being redirected through standard input.  That way, we can display
something like this (example taken from include/openssl/opensslconf.h):

    /* WARNING: do not edit! */
    /* Generated by Configure from include/openssl/opensslconf.h.in */

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 21:19:59 +01:00
Rich Salz
dc193c9c5e Move & split opensslconf.h.in
Move opensslconf.h.in to include/openssl.
Split off DES,BN,RC4 stuff into separate header file
templates in crypto/include/internal/*_conf.h.in

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-25 09:44:08 -05:00
Rich Salz
cf2cede4a7 Move pqueue into ssl
This is an internal facility, never documented, not for
public consumption.  Move it into ssl (where it's only used
for DTLS).

I also made the typedef's for pqueue and pitem follow our style: they
name structures, not pointers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-24 18:25:04 -05:00
Michał Trojnara
fa8edbbd59 Updated OSSL_DYNAMIC_VERSION/OSSL_DYNAMIC_OLDEST
Change to reflect changes in dynamic_fns

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-01-22 11:55:28 -05:00
Matt Caswell
7bb196a71a Handle SSL_shutdown while in init more appropriately
Calling SSL_shutdown while in init previously gave a "1" response, meaning
everything was successfully closed down (even though it wasn't). Better is
to send our close_notify, but fail when trying to receive one.

The problem with doing a shutdown while in the middle of a handshake is
that once our close_notify is sent we shouldn't really do anything else
(including process handshake/CCS messages) until we've received a
close_notify back from the peer. However the peer might send a CCS before
acting on our close_notify - so we won't be able to read it because we're
not acting on CCS messages!

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-20 13:58:12 +00:00
Dr. Stephen Henson
3aeb934865 make EVP_PKEY opaque
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-20 03:24:59 +00:00
Matt Caswell
a8eda4312d Remove the GOST engine
The GOST engine is now out of date and is removed by this commit. An up
to date GOST engine is now being maintained in an external repository.

See:
https://wiki.openssl.org/index.php/Binaries

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-19 22:29:32 +00:00
Viktor Dukhovni
928623825c API compat for SSLeay_add_ssl_algorithms
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-19 13:40:05 -05:00
Dr. Stephen Henson
1eff3485b6 Add TLS PRF method.
Add EVP_PKEY algorithm for TLS1 PRF.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-19 14:00:32 +00:00
Corinna Vinschen
8d35ceb98f Use POSIX functions on Cygwin, not Win32 function
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-18 16:16:00 +01:00
Rich Salz
ba1516987a Fix function declarations.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-17 17:36:17 -05:00
Rich Salz
9e5cd4bac7 Add some accessors.
Author: Remi Gacogne <rgacogne-github@coredump.fr>
GH334: Add an OCSP_SINGLERESP_get0_id() accessor to the OCSP_CERTID of
a OCSP_SINGLERESP. It is possible to do it the other way around using
OCSP_resp_find(), but this is more efficient when you have a tree indexed
by OCSP_CERTID, like haproxy does. (This is also RT4251)

Author: Marek Klein <kleinmrk@gmail.com>
GH556: OCSP_resp_get_produced_at() accessor to the producedAt of a
OCSP_BASICRESP
GH555: TS_STATUS_INFO_get_status(), TS_STATUS_INFO_get_text() and
TS_STATUS_INFO_get_failure_info() accessors for a TS_STATUS_INFO

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-17 10:38:03 -05:00
Dr. Stephen Henson
8e237299b0 fix no-engine build
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-16 22:29:48 +00:00
Benjamin Kaduk
0423f812dc Add a no-egd option to disable EGD-related code
The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-14 13:02:51 -05:00
Rich Salz
47153c7253 Make SSL_set_debug deprecated in 1.1
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-14 12:30:32 -05:00