Commit Graph

21843 Commits

Author SHA1 Message Date
Jack Bates
693be9a2cb Convert _meth_get_ functions to const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2181)
2018-03-21 10:37:05 +00:00
Matt Caswell
424afe931e Don't wait for dry at the end of a handshake
For DTLS/SCTP we were waiting for a dry event during the call to
tls_finish_handshake(). This function just tidies up various internal
things, and after it completes the handshake is over. I can find no good
reason for waiting for a dry event here, and nothing in RFC6083 suggests
to me that we should need to. More importantly though it seems to be
wrong. It is perfectly possible for a peer to send app data/alerts/new
handshake while we are still cleaning up our handshake. If this happens
then we will never get the dry event and so we cannot continue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)
2018-03-21 10:27:29 +00:00
Matt Caswell
2e92af5ea5 Check for alerts while waiting for a dry event
At a couple of points in a DTLS/SCTP handshake we need to wait for a dry
event before continuing. However if an alert has been sent by the peer
then we will never receive that dry event and an infinite loop results.

This commit changes things so that we attempt to read a message if we
are waiting for a dry event but haven't got one yet. This should never
succeed, but any alerts will be processed.

Fixes #4763

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)
2018-03-21 10:27:29 +00:00
Peter Wu
696de86f8e Fix stack-use-after-scope
Fixes regression from #5667.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5701)
2018-03-21 09:38:07 +00:00
Andy Polyakov
9d9dc6ac85 o_fopen.c,rand/randfile.c: compensate for e_os.h omission.
At earlier point e_os.h was omitted from a number of headers (in order
to emphasize OS neutrality), but this affected o_fopen.c and randfile.c
which are not OS-neutral, and contain some Win32-specific code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5676)
2018-03-21 10:12:36 +01:00
Matthias Kraft
4af14b7b01 Add dladdr() for AIX
Although it deviates from the actual prototype of DSO_dsobyaddr(), this
is now ISO C compliant and gcc -Wpedantic accepts the code.

Added DATA segment checking to catch ptrgl virtual addresses. Avoid
memleaks with every AIX/dladdr() call. Removed debug-fprintf()s.
Added test case for DSO_dsobyaddr(), which will eventually call dladdr().
Removed unecessary AIX ifdefs again.

The implementation can only lookup function symbols, no data symbols.
Added PIC-flag to aix*-cc build targets.

As AIX is missing a dladdr() implementation it is currently uncertain our
exit()-handlers can still be called when the application exits. After
dlclose() the whole library might have been unloaded already.

Signed-off-by: Matthias Kraft <makr@gmx.eu>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5668)
2018-03-20 21:33:50 -04:00
Benjamin Kaduk
d316cdcf6d Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER
The sid_ctx is something of a "certificate request context" or a
"session ID context" -- something from the application that gives
extra indication of what sort of thing this session is/was for/from.
Without a sid_ctx, we only know that there is a session that we
issued, but it could have come from a number of things, especially
with an external (shared) session cache.  Accordingly, when resuming,
we will hard-error the handshake when presented with a session with
zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no
information about the peer to verify, so the verification must fail.

In order to prevent these future handshake failures, proactively
decline to add the problematic sessions to the session cache.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5175)
2018-03-20 19:30:48 -05:00
Pauli
79b49fb00d Remove mention of link between message digests and public key algorithms.
The comment in EVP_DigestInit.pod is:

> Returns the NID of the public key signing algorithm associated with this
digest. For example EVP_sha1() is associated with RSA so this will return
B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms are no
longer linked this function is only retained for compatibility reasons.


I.e. there is no link anymore.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5682)
2018-03-21 07:24:27 +10:00
Eric Covener
a9dd51a800 aix compat fixes for ocsp.c
WCOREDUMP and vsyslog are not portable

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5657)
2018-03-21 06:35:53 +10:00
Johannes Bauer
f6add6ac2c Make pkeyutl a bit more user-friendly
Give meaningful error messages when the user incorrectly uses pkeyutl.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3987)
2018-03-20 19:08:10 +00:00
Matt Caswell
9e0d82f681 Reduce the verbosity of test_store
The travis logs are going above 4Mb causing the builds to fail. One
test creates excessive output. This change reduces that output by approx
180k.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5694)
2018-03-20 16:46:59 +00:00
Matt Caswell
e46931108a Fix the OCSP responder mode
Broken by commit 3e3c7c36.

Fixes #5681

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5688)
2018-03-20 15:53:05 +00:00
Matt Caswell
9fcfd0cd86 Prepare for 1.1.1-pre4-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-03-20 13:15:39 +00:00
Matt Caswell
be2df12a34 Prepare for 1.1.1-pre3 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-03-20 13:13:56 +00:00
Matt Caswell
b0edda11cb Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5689)
2018-03-20 13:08:46 +00:00
Richard Levitte
93bf194584 crypto/rand/rand_vms.c: include "internal/rand_int.h"
Without it, the RAND_POOL typedef is missing

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5685)
2018-03-20 09:13:48 +00:00
Dr. Matthias St. Pierre
59f124f90f Fix: drbgtest fails when tests are executed in random order
[extended tests]

The test_rand_reseed assumed that the global DRBGs were not used
previously. This assumption is false when the tests are executed
in random order (OPENSSL_TEST_RAND_ORDER). So we uninstantiate
them first and add a test for the first instantiation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5680)
2018-03-19 22:55:11 +00:00
Richard Levitte
8f8be103fd s_client, s_server: do generic SSL configuration first, specialization after
We did the SSL_CONF_cmd() pass last of all things that could affect
the SSL ctx.  However, the results of this, for example:

    -max_protocol TLSv1.3 -tls1_2

... would mean that the protocol min got set to TLSv1.2 and the
protocol max to TLSv1.3, when they should clearly both be TLSv1.2.

However, if we see the SSL_CONF_cmd() switches as generic and those
internal to s_client and s_server as specialisations, we get something
that makes a little more sense.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5679)
2018-03-19 22:40:05 +00:00
Todd Short
27df459731 Fix no-sm3/no-sm2 (with strict-warnings)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5677)
2018-03-19 18:49:19 +00:00
Todd Short
98020023a4 Fix no-sm3 (and no-sm2)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5677)
2018-03-19 18:49:19 +00:00
Richard Levitte
3830c1943b Don't generate buildtest_*err.c
The error string header files aren't supposed to be included directly,
so there's no point testing that they can.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5678)
2018-03-19 18:54:27 +01:00
Richard Levitte
7d7f6834e5 Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version
Have all test programs using that function specify those versions.
Additionally, have the remaining test programs that use SSL_CTX_new
directly specify at least the maximum protocol version.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
2018-03-19 18:24:30 +01:00
Richard Levitte
2e2faa8c48 In TLSProxy::Proxy, specify TLSv1.3 as maximum allowable protocol
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
2018-03-19 18:24:30 +01:00
Richard Levitte
43110de041 Support "-min_protocol" and "-max_protocol" in s_server and s_client
If for nothing else, they are needed when doing a regression test

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
2018-03-19 18:24:30 +01:00
Matt Caswell
dad8c264c7 Fix no-ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)
2018-03-19 17:12:19 +00:00
Matt Caswell
1bf2cc237e Fix no-sm2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)
2018-03-19 17:12:19 +00:00
Matt Caswell
1a54618ba6 Fix no-posix-io compile failure
The fix in conf_include_test.c  seems to be required because some
compilers give an error if you give an empty string for the second
argument to strpbrk(). It doesn't really make sense to send an empty
string for this argument anyway, so make sure it has at least one character
in it.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5666)
2018-03-19 16:37:28 +00:00
Todd Short
4bfb96f2ad Place ticket keys into secure memory
Place the session ticket AES and HMAC keys into secure memory.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2351)
2018-03-19 11:07:08 -04:00
Matt Caswell
c2b290c3d0 Fix no-psk
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5667)
2018-03-19 14:47:12 +00:00
Rich Salz
69e2b8d67d Revise and cleanup; use strict,warnings
Use shorter names for some defines, so also had to change the .c file
that used them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5669)
2018-03-19 10:23:28 -04:00
Tomas Mraz
8a5ed9dce8 Apply system_default configuration on SSL_CTX_new().
When SSL_CTX is created preinitialize it with system default
configuration from system_default section.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4848)
2018-03-19 10:22:49 -04:00
Kurt Roeckx
440bce8f81 Add a multithread rand test
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
2018-03-19 15:04:40 +01:00
Kurt Roeckx
16cfc2c90d Don't use a ssl specific DRBG anymore
Since the public and private DRBG are per thread we don't need one
per ssl object anymore. It could also try to get entropy from a DRBG
that's really from an other thread because the SSL object moved to an
other thread.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
2018-03-19 15:04:40 +01:00
Kurt Roeckx
7caf122e71 Make the public and private DRBG thread local
This avoids lock contention.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
2018-03-19 15:04:40 +01:00
Jack Lloyd
4e66475063 Handle evp_tests assumption of EVP_PKEY_FLAG_AUTOARGLEN
Without actually using EVP_PKEY_FLAG_AUTOARGLEN

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
2018-03-19 14:33:25 +01:00
Jack Lloyd
dceb99a5fb Support SM2 ECIES scheme via EVP
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
2018-03-19 14:33:25 +01:00
Jack Lloyd
3d328a445c Add SM2 signature and ECIES schemes
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
2018-03-19 14:33:25 +01:00
Andy Polyakov
df3a15512b Configurations/15-android.conf: detect clang by PATH, not by CC.
Since they intend to omit gcc, it's more appropriate to simply detect
if there is NDK's clang on PATH, as opposite to requiring to specify it
with CC=clang (and looking for it on PATH).

Also detect NDK version and default to armv7-a for NDK>16.

Address failure to recognize -D__ADNDROID_API__=N in CPPFLAGS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
2018-03-19 14:31:30 +01:00
Andy Polyakov
f39276fdff Add NOTES.ANDROID.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
2018-03-19 14:31:30 +01:00
Andy Polyakov
87ba25ee3f Configurations/15-android.conf: default to RC4_CHAR whenever possible.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
2018-03-19 14:31:30 +01:00
Andy Polyakov
9d3cab4bdb MIPS assembly pack: default heuristic detection to little-endian.
Current endianness detection is somewhat opportunistic and can fail
in cross-compile scenario. Since we are more likely to cross-compile
for little-endian now, adjust the default accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
2018-03-19 14:31:30 +01:00
Andy Polyakov
f41c8674c4 Configurations/15-android.conf: refine clang support.
Adjusting ARM default broke clang support, and x86[_64] needed
path adjustment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
2018-03-19 14:31:30 +01:00
Andy Polyakov
6d5e74f3fc Configure: pass -no-integrated-as.
Occasionally you have to pass -no-integrated-as to clang, but we
consider any -no-option as no-option. Don't touch -no-integrated-as.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
2018-03-19 14:31:30 +01:00
Bernd Edlinger
c911e5da3c Fix bio callback backward compatibility
Don't pass a pointer to uninitialized processed value
for BIO_CB_READ and BIO_CB_WRITE

Check the correct cmd code in BIO_callback_ctrl

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5516)
2018-03-19 14:20:53 +01:00
Bernd Edlinger
d4ef4fbf46 Fix a crash in SSLfatal due to invalid enc_write_ctx
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5645)
2018-03-19 14:16:54 +01:00
Matt Caswell
df6d51e2e4 Fix no-cmac
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5665)
2018-03-19 12:38:01 +00:00
Matt Caswell
66a925ea8c Fix no-ec
Raw private/public key loading may fail for X25519/X448 if ec has been
disabled.

Also fixed a missing blank line in evppkey.txt resulting in a warning in
the test output.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5664)
2018-03-19 12:34:29 +00:00
Matt Caswell
3ec9e4ec46 Add a CHANGES entry to mention the replay protection capabilities
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
2018-03-19 12:21:42 +00:00
Matt Caswell
d2d67a4cda Document the replay protection capabilities
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
2018-03-19 12:21:42 +00:00
Matt Caswell
78fb5374e1 Add a test for 0RTT replay protection
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
2018-03-19 12:21:42 +00:00