Pauli
bf580d5f30
Increase the password buffer size to APP_PASS_LEN.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2868 )
2017-03-07 10:12:05 +10:00
Richard Levitte
cadb015b02
Unix Makefile: Have manual generation use the same perl script as Windows and VMS
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2863 )
2017-03-06 21:38:19 +01:00
Richard Levitte
579a674533
util/process_docs.pl: make it possible to add a suffix to man docs
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2863 )
2017-03-06 21:38:19 +01:00
Matt Caswell
c1074ce096
Add a test to check that we correctly handle record overflows
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2861 )
2017-03-06 20:07:40 +00:00
Matt Caswell
4321969513
Tweak the TLSv1.3 record overflow limits
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2861 )
2017-03-06 20:07:40 +00:00
Kurt Roeckx
febb0afaef
Fix double free in cookie generation.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2850
2017-03-06 18:33:56 +01:00
Rich Salz
6556519ea0
Remove some duplicate manpage entries
...
[skip ci]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2860 )
2017-03-06 11:43:21 -05:00
Richard Levitte
44eb65ce20
Add documentation on platform specific checks
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2851 )
2017-03-06 16:42:46 +01:00
Richard Levitte
d192a3aaeb
Add a platform specific configuration checker
...
For each platform, we may need to perform some basic checks to see
that available tools perform as we expect them.
For the moment, the added checkers test that Perl gives the expected
path format. This should help MingW users to see if they run an
appropriate Perl implementation, for example.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2851 )
2017-03-06 16:42:46 +01:00
Rich Salz
697958313b
Fix an endless loop in rsa_builtin_keygen.
...
And add a test case.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2757 )
2017-03-06 09:54:17 -05:00
Matt Caswell
e498d95454
Fix no-ec
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2858 )
2017-03-06 10:40:18 +00:00
Matt Caswell
548d0153cc
Fix a test failure with no-tls1_1
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2857 )
2017-03-06 10:34:42 +00:00
Matt Caswell
593a2aa3eb
Fix no-psk
...
Fixes #2847
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2856 )
2017-03-06 09:52:21 +00:00
Matt Caswell
e6941c7814
Don't call memcmp with a NULL pointer
...
If early data is sent to a server, but ALPN is not used then memcmp is
called with a NULL pointer which is undefined behaviour.
Fixes #2841
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2845 )
2017-03-04 23:58:03 +00:00
Matt Caswell
ee7002266c
Add a test for TLSv1.3 cookies
...
We just check that if we insert a cookie into an HRR it gets echoed back
in the subsequent ClientHello.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2839 )
2017-03-04 23:39:00 +00:00
Matt Caswell
cfef5027bf
Add basic TLSv1.3 cookie support
...
We do not allow the generation of TLSv1.3 cookies. But if we receive one
in an HRR we will echo it back in the ClientHello.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2839 )
2017-03-04 23:32:39 +00:00
Andy Polyakov
6356716ac0
appveyor.yml: call upon cmd to redirect stderr.
...
If stderr is not redirected an uncatchable exception is thrown.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-04 23:18:47 +01:00
Andy Polyakov
8b0d424240
apps/s_client.c: harden ldap_ExtendedResponse_parse.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-04 23:16:17 +01:00
Matt Caswell
312e9387fd
Fix a memory leak on an error path
...
A leak of an SSL_SESSION object can occur when decoding a psk extension on
an error path when using TLSv1.3
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2843 )
2017-03-04 16:20:13 +00:00
Matt Caswell
d08086645f
Ensure we don't call memcpy with a NULL pointer
...
Commit d5aa14dd
simplified the bn_expand_internal() and BN_copy() functions.
Unfortunately it also removed some checks which are still required,
otherwise we call memcpy passing in NULL which is not allowed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2836 )
2017-03-03 23:49:24 +00:00
Dr. Stephen Henson
8336ca13b1
Update and add test
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 22:02:39 +00:00
Dr. Stephen Henson
5528d68f6d
Set specific error is we have no valid signature algorithms set
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 22:02:39 +00:00
Dr. Stephen Henson
b0e9ab95dd
Signature algorithm enhancement.
...
Change tls12_sigalg_allowed() so it is passed a SIGALG_LOOKUP parameter,
this avoids multiple lookups.
When we copy signature algorithms return an error if no valid TLS message
signing algorithm is present. For TLS 1.3 this means we need at least one
signature algorithm other than RSA PKCS#1 or SHA1 both of which can only be
used to sign certificates and not TLS messages.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 22:02:39 +00:00
Dr. Stephen Henson
8f12296e23
Disallow zero length signature algorithms
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 21:58:33 +00:00
Dr. Stephen Henson
224b4e37c0
Don't allow DSA for TLS 1.3
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840 )
2017-03-03 21:58:33 +00:00
edelangh
dbaa069a5e
use OSSLzu instead of lu format for size_t display
...
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2660 )
2017-03-03 08:04:47 -05:00
Bernd Edlinger
d734582275
Reset executable bits on files where not needed.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2835 )
2017-03-03 09:13:40 +01:00
Pauli
f2bcff43bc
Update the cipher(1) documentation to explicitly state that the RSA cipher
...
string means the same a kRSA.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2821 )
2017-03-02 19:26:47 -05:00
Rich Salz
332dc4fa5e
sh_malloc & sh_free prototype change to match POSIX
...
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2823 )
2017-03-02 19:16:57 -05:00
Matt Caswell
42f50fdf8a
Silence some more clang warnings
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2832 )
2017-03-03 00:05:57 +00:00
Matt Caswell
30d1bab146
Silence some clang warnings
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2831 )
2017-03-02 23:56:36 +00:00
Matt Caswell
83750d9b2b
More early data documentation updates following feedback
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
cd9f7f624e
Update the API documentation for the latest early data changes
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
09f2887482
Update early data API for writing to unauthenticated clients
...
Change the early data API so that the server must use
SSL_write_early_data() to write to an unauthenticated client.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
0665b4edae
Rename SSL_write_early() to SSL_write_early_data()
...
This is for consistency with the rest of the API where all the functions
are called *early_data*.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
f533fbd44a
Rename SSL_read_early() to SSL_read_early_data()
...
This is for consistency with the rest of the API where all the functions
are called *early_data*.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
ef466accdc
Updates to the early data documentation
...
Following on from the latest API changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
ade1e88806
Updates to s_server and s_client for the latest early_data API changes
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
3eaa417095
Make SSL_write_early_finish() an internal only function
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
5f9820380f
Add early_data tests
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
f7e393be47
Various fixes required to allow SSL_write/SSL_read during early data
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
d7f8783ff9
Enable the server to call SSL_write() without stopping the ability to call SSL_read_early()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
564547e482
Enable the client to call SSL_read() without stopping the ability to call SSL_write_early()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
4004ce5f6c
Introduce a new early_data state in the state machine
...
Also simplifies the state machine a bit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
bc908c679b
Improve the early data sanity check in SSL_do_handshake()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
6437b802f1
Add documentation for the new s_client and s_server early_data options
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
0a5ece5bd2
Tighten sanity checks when calling early data functions
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
fd6c102520
Add documentation for the early data functions
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
f5b519c416
Make SSL_get_early_data_status() take a const
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:16 +00:00
Matt Caswell
46dcb9457e
Make SSL_get_max_early_data() and SSL_CTX_get_max_early_data() take a const
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:15 +00:00