Commit Graph

14719 Commits

Author SHA1 Message Date
Dr. Stephen Henson
4a640fb6c3 Fix declarations and constification for inline stack.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
411abf2dd3 Change STACK_OF to use inline functions.
Change DECLARE_STACK_OF into inline functions. This avoids the need for
auto generated mkstack.pl macros and now handles const properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Viktor Dukhovni
249d9719a6 DANE make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-06 18:53:15 -05:00
Viktor Dukhovni
63b658341e DANE documentation typos
Reported-by: Claus Assmann

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-06 14:15:12 -05:00
Rich Salz
700b4a4ae7 Remove more (rest?) of FIPS build stuff.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-06 12:07:26 -05:00
Rich Salz
0b0443af64 Remove some unused perl scripts
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-06 11:26:36 -05:00
Viktor Dukhovni
919ba00942 DANE support structures, constructructors and accessors
Also tweak some of the code in demos/bio, to enable interactive
testing of BIO_s_accept's use of SSL_dup.  Changed the sconnect
client to authenticate the server, which now exercises the new
SSL_set1_host() function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-05 19:31:49 -05:00
Viktor Dukhovni
e29c73c93b Fix X509_STORE_CTX_cleanup()
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-03 18:45:05 -05:00
Viktor Dukhovni
0e7abc9037 Drop incorrect id == -1 case from X509_check_trust
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-03 17:21:40 -05:00
Viktor Dukhovni
d9b8b89bec X509_verify_cert() cleanup
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-03 17:21:16 -05:00
Viktor Dukhovni
63c6aa6b93 Cleanup of verify(1) failure output
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-03 17:05:50 -05:00
Richard Levitte
1de1d7689a Instead of a local hack, implement SIZE_MAX in numbers.h if it's missing
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-02 21:11:02 +01:00
Richard Levitte
6aa0ba4bb2 Fix a possible memleak
If there's a failure allocating md_data, the destination pctx will have
a shared pointer with the source EVP_MD_CTX, which will lead to problems
when either the source or the destination is freed.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-02 20:39:24 +01:00
Viktor Dukhovni
4fa52141b0 Protocol version selection and negotiation rewrite
The protocol selection code is now consolidated in a few consecutive
short functions in a single file and is table driven.  Protocol-specific
constraints that influence negotiation are moved into the flags
field of the method structure.  The same protocol version constraints
are now applied in all code paths.  It is now much easier to add
new protocol versions without reworking the protocol selection
logic.

In the presence of "holes" in the list of enabled client protocols
we no longer select client protocols below the hole based on a
subset of the constraints and then fail shortly after when it is
found that these don't meet the remaining constraints (suiteb, FIPS,
security level, ...).  Ideally, with the new min/max controls users
will be less likely to create "holes" in the first place.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-01-02 10:49:06 -05:00
Viktor Dukhovni
57ce7b617c Refine and re-wrap Min/Max protocol docs
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-02 10:48:35 -05:00
Kurt Roeckx
7946ab33ce Add support for minimum and maximum protocol version
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-02 10:47:52 -05:00
Ben Laurie
1e0784ff95 Fix no-dh.
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-01 15:40:55 +00:00
Dr. Stephen Henson
f2c147685a remove invalid free
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-01 00:47:06 +00:00
Dr. Stephen Henson
8382fd3a93 Use X509_get0_pubkey where appropriate
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-31 18:44:46 +00:00
Rich Salz
39a6a4a707 Update to SHA256 for TSA signing digest.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-30 18:18:08 -05:00
Richard Levitte
211a68b41a Fix faulty check in the VMS version of opt_progname
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-12-30 16:57:05 +01:00
Richard Levitte
579415de54 Remove the #ifndef OPENSSL_SYS_VMS around SSL_add_dir_cert_subjects_to_stack
It served a purpose, but not any more.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-12-30 16:56:05 +01:00
Richard Levitte
e65780782a Correct missing prototype
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-30 14:57:16 +01:00
Richard Levitte
36830ecac7 SIZE_MAX doesn't exist everywhere, supply an alternative
SIZE_MAX is a great macro, and does unfortunately not exist everywhere.
Since we check against half of it, using bitwise shift to calculate the
value of half SIZE_MAX should be safe enough.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-30 14:56:59 +01:00
Richard Levitte
3dc9589cc8 Fix some missing or faulty header file inclusions
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-30 14:54:29 +01:00
Dr. Stephen Henson
72245f340c Check for missing DSA parameters.
If DSA parameters are absent return -1 (for unknown) in DSA_security_bits.

If parameters are absent when a certificate is set in an SSL/SSL_CTX
structure this will reject the certificate by default. This will cause DSA
certificates which omit parameters to be rejected but that is never (?)
done in practice.

Thanks to Brian 'geeknik' Carpenter for reporting this issue.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-12-30 13:34:53 +00:00
Dr. Stephen Henson
923ffa97d1 Convert RSA encrypt to use EVP_PKEY
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-29 23:20:20 +00:00
Richard Levitte
0d0769a4db Prefer ReuseAddr over Reuse, with IO::Socket::INET
Reuse is deprecated and ReuseAddr is prefered, according to documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-29 17:36:08 +01:00
Ben Laurie
33bed28b39 Fix no-engine.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-29 12:52:06 +00:00
Rich Salz
41977c53cd RT4202: Update rt URL's.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-28 16:40:40 -05:00
Rich Salz
5bec6e5637 make a "missed make update" update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-28 14:53:28 -05:00
Matt Caswell
057b6f797d Increase the max size limit for a CertificateRequest message
Previous versions of OpenSSL had the max size limit for a CertificateRequest
message as |s->max_cert_list|. Previously master had it to be
SSL3_RT_MAX_PLAIN_LENGTH. However these messages can get quite long if a
server is configured with a long list of acceptable CA names. Therefore
the size limit has been increased to be consistent with previous versions.

RT#4198

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-27 22:56:25 +00:00
Matt Caswell
b1931d432f Simplify calling of the OCSP callback
Move all calls of the OCSP callback into one place, rather than repeating it
in two different places.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-27 21:59:04 +00:00
Matt Caswell
43c34894d7 Add some documentation for the OCSP callback functions
Describe the usage of the OCSP callback functions on both the client and
the server side.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-27 21:59:04 +00:00
Matt Caswell
80e339fd09 Ensure we don't call the OCSP callback if resuming a session
It makes no sense to call the OCSP status callback if we are resuming a
session because no certificates will be sent.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-27 21:59:04 +00:00
Matt Caswell
bb1aaab428 Fix error when server does not send CertificateStatus message
If a server sends the status_request extension then it may choose
to send the CertificateStatus message. However this is optional.
We were treating it as mandatory and the connection was failing.

Thanks to BoringSSL for reporting this issue.

RT#4120

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-27 21:59:04 +00:00
Matt Caswell
ef96e4a28f Add test for missing CertificateStatus message
If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-27 21:59:04 +00:00
Dr. Stephen Henson
b22d71131a fix no-ec
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-24 00:23:29 +00:00
Dr. Stephen Henson
e2b420fdd7 Server side EVP_PKEY DH support
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-23 22:26:31 +00:00
Dr. Stephen Henson
6c4e6670d7 utility function
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-23 22:26:31 +00:00
Dr. Stephen Henson
fb79abe378 EVP_PKEY DH client support.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-23 22:26:31 +00:00
Dr. Stephen Henson
ffaef3f152 Always generate DH keys for ephemeral DH cipher suites.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-23 22:26:31 +00:00
Daniel Kahn Gillmor
d938e8dfee The functions take a SSL *, not a SSL_CTX *
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4192, MR: #1533
2015-12-23 22:30:31 +01:00
Roumen Petrov
0b081fcd08 redundant redeclaration of 'OPENSSL_strlcpy'
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #1523
2015-12-23 20:40:54 +01:00
Roumen Petrov
b9b154d1cf __STDC_VERSION__ is not defined for c89 compilers
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #1522
2015-12-23 20:40:54 +01:00
Roumen Petrov
3eabad02d6 remove duplicates in util/libeay.num
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4195, MR: #1521
2015-12-23 20:40:54 +01:00
Kurt Roeckx
1c9ed1d8a7 Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support.
Suggested by David Benjamin

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>

MR: #1520
2015-12-23 20:40:54 +01:00
Kurt Roeckx
933d108516 Avoid using a dangling pointer when removing the last item
When it's the last item that is removed int_thread_hash == hash and we would
still call int_thread_release(&hash) while hash is already freed.  So
int_thread_release would compare that dangling pointer to NULL which is
undefined behaviour.  Instead do already what int_thread_release() would do,
and make the call do nothing instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4155, MR: #1519
2015-12-23 20:36:32 +01:00
Todd Short
c849c6d9d3 Memory leak in state machine in error path
When EC is disabled, and an error occurs in ssl_generate_master_secret()
or RAND_bytes(), the error path does not free rsa_decrypt.

RT#4197

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-23 13:33:28 +00:00
Richard Levitte
87a595e554 Refactor DTLS cookie generation and verification
DTLS cookie generation and verification were exact copies of each
other save the last few lines.  This refactors them to avoid code
copying.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-23 12:44:55 +01:00