Commit Graph

20150 Commits

Author SHA1 Message Date
Rich Salz
f39a5501ce Remove bsd_cryptodev engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3699)
2017-06-19 09:31:45 -04:00
Bernd Edlinger
3ac6d5ee53 Fix the fall-out in 04-test_bioprint.t
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3712)
2017-06-19 08:56:50 -04:00
Bernd Edlinger
af6de400b4 Fix the error handling in ERR_get_state:
- Ignoring the return code of ossl_init_thread_start created a memory leak.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3712)
2017-06-19 08:56:50 -04:00
Pauli
9b579777c5 Fix preprocessor indentation.
Rework main() to be in the style of the other conditional tests.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3711)
2017-06-19 08:28:04 -04:00
Cory Benfield
729ef85611 s_client accepts host/port as positional argument.
This allows the user to provide the target host and optional port to
openssl s_client as an optional positional argument, rather than as the
argument to the -connect flag. This rationalises the user experience of
s_client: given that the only logical purpose of s_client is to connect
to a host, it is difficult to understand why there is an (effectively
mandatory) command option to pass to make that happen.

This patch forbids providing *both* -connect and the positional
argument, because it would likely be too difficult to reconcile.
Otherwise, using the positional argument behaves exactly the same as
using -connect does.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1171)
2017-06-19 08:42:10 +01:00
Paul Yang
edcdf38bd0 Remove non-accurate description in Configure script
For DES and 3DES based ciphers are also enabled by this option.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3707)
2017-06-17 22:22:40 +08:00
Richard Levitte
7b4d323092 Fix va_list processing in test_note()
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3704)
2017-06-17 15:52:41 +02:00
Bernd Edlinger
93a8b3ba79 Remove a pointless "#if 0" block from BN_mul.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3683)
2017-06-17 14:18:26 +02:00
Richard Levitte
6411927172 Reorder Configure output
"Configuring..." was displayed with './Configure LIST'.  This reorders
the display of that line to happen after the "targets" LIST, TABLE and
HASH have been checked.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3702)
2017-06-16 23:18:41 +02:00
Paul Yang
837f87c217 Forbid to specify -nextprotoneg if -tls1_3 is enabled
This applies both to s_client and s_server app.

Reaction to Issue #3665.

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3697)
2017-06-16 17:00:22 -04:00
komainu8
6ea3bca427 Modify type of variable in OPENSSL_cpuid_setup function
CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3651)
2017-06-16 16:58:51 -04:00
Pauli
3791646202 Add output routines to allow consistent formatting of memory, strings
and bignums.  These have been refactored into their own file, along with
their error displays.  The formatting follows the output format used
on error, except that bignums of sixty four bits or less are displayed
in a more compact one line form.

Added a TEST_note function for producing output without file and line
information.

Update the three tests that call BN_print so they use the new test
infrastructure instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3655)
2017-06-16 16:15:31 -04:00
Bernd Edlinger
5511101ad8 Add a missing break in test/shlibloadtest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3661)
2017-06-16 16:11:06 -04:00
Bernd Edlinger
f8baec3924 Fix the comment about default OPENSSLDIR in windows.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3650)
2017-06-16 14:36:11 -04:00
Matt Caswell
abeb2a639b Tweak the check that a ciphersuite has not changed since the HRR
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)
2017-06-16 10:57:59 +01:00
Matt Caswell
3b0e88d3bd Add comments to test_ciphersuite_change()
Make it clear that we are pausing one of the connections and then
restarting it again.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)
2017-06-16 10:57:59 +01:00
Matt Caswell
8acc27998b Fix an uninitialised variable warning
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)
2017-06-16 10:57:59 +01:00
Matt Caswell
0de6d66d36 Move ciphersuite selection before session resumption in TLSv1.3
This does things as per the recommendation in the TLSv1.3 spec. It also
means that the server will always choose its preferred ciphersuite.
Previously the server would only select ciphersuites compatible with the
session.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)
2017-06-16 10:57:59 +01:00
Matt Caswell
ca0413ae14 Add a test for a server changing the ciphersuite
Test that if a server selects a differenct ciphersuite with the same hash
in TLSv1.3 then this is accepted by the client.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)
2017-06-16 10:57:59 +01:00
Matt Caswell
a055a88155 Allow the server to change the ciphersuite on resume
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)
2017-06-16 10:57:59 +01:00
Richard Levitte
9b03b91b84 Add the target 'build_all_generated'
This new target is used to build all generated files and only that.
This can be used to prepare everything that requires things like perl
for a system that lacks perl and then move everything to that system
and do the rest of the build there.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3695)
2017-06-16 03:48:55 +02:00
Benjamin Kaduk
1316c9ffab Fix no-ec
Also remove nested OPENSSL_NO_EC conditional; it was properly indented,
but a no-op.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3693)
2017-06-15 17:02:45 -04:00
Todd Short
3ec32be78a Add apps/progs.h to gitignore
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3692)
2017-06-15 16:56:56 -04:00
Andy Polyakov
5eb2dd88b3 Add sha/asm/keccak1600-armv8.pl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-15 21:53:30 +02:00
Rich Salz
0c3d0d4a01 Standardize Levitte's dual-license
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3689)
2017-06-15 14:16:16 -04:00
Richard Levitte
6a74806ed7 Build apps/progs.h dynamically
Because apps/progs.h isn't configuration agnostic, it's not at all
suited for 'make update' or being versioned, so change it to be
dynamically generated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3688)
2017-06-15 19:49:21 +02:00
Richard Levitte
c537e74ba3 Move bn and evp test programs input data to their respective data dir
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3472)
2017-06-15 19:46:24 +02:00
Richard Levitte
46e5b661d4 .travis.yml: Detect if 'make update' updated something
If it did, it really is something that should be checked in, and should
therefore make a CI build fail.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3686)
2017-06-15 16:52:18 +02:00
Pauli
5aba2b6e88 Correct Oracle copyrights & clarify.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3684)
2017-06-15 15:50:50 +10:00
Rich Salz
594da712ff Remove OLD_STR_TO_KEY compile option
This flag was added in 1992 and only documented in the CHANGES file.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3681)
2017-06-14 12:05:25 -04:00
Bernd Edlinger
5419dadd4b Fix possible crash in X931 code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
2017-06-14 09:35:48 -04:00
Bernd Edlinger
5625567f9c Fix another possible crash in rsa_ossl_mod_exp.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
2017-06-14 09:35:48 -04:00
Bernd Edlinger
fb0a64126b Fix a possible crash in dsa_builtin_paramgen2.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
2017-06-14 09:35:48 -04:00
Bernd Edlinger
abea494cf7 Fix crash in ecdh_simple_compute_key.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3671)
2017-06-14 08:52:18 -04:00
Bernd Edlinger
4fc426b789 Fix a possible crash in the error handling.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3672)
2017-06-13 21:48:29 -04:00
Rich Salz
4d0eac1999 Update copyright on progs.h
The generating script got updated, but the generated file did not.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3668)
2017-06-13 14:54:42 -04:00
Bernd Edlinger
188a9bd950 Fix a memleak in ec_copy_parameters.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3666)
2017-06-13 13:27:25 -04:00
Andy Polyakov
150d0478a4 perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions.
[As well as few extra instructions from earlier spec.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-06-13 18:37:08 +02:00
Paul Yang
481afe2ad1 Make SNI behavior more clear in s_client doc & help
Update s_client -help and pod file.

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3654)
2017-06-13 08:39:06 -04:00
Richard Levitte
979874a208 Rework writing crypto/err/openssl.txt
Reading the prologue of this file conserved the "# Function codes"
line, and then duplicated it when rewriting this file, adding a new
"# Function codes" line everytime there's an update.

Better then to skip over all comment lines and have the prologue
defined in mkerr.pl, just the same as we do with the other affected
files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3664)
2017-06-13 00:32:05 +02:00
Richard Levitte
964ff301d6 Add -module option to util/mkerr.pl
Sometimes, one might only want to rework a subset of all the internal
error codes.  -module allows the caller to specify exactly which
library modules to rewrite.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3662)
2017-06-12 22:35:28 +02:00
Paul Yang
2234212c3d Clean up a bundle of codingstyle stuff in apps directory
Mostly braces and NULL pointer check and also copyright year bump

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-12 16:11:05 -04:00
Bernd Edlinger
71d8c138cf Fix a memleak in tls13_generate_secret.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3660)
2017-06-12 15:15:04 -04:00
Rich Salz
5816586ba4 Put message strings in state files
Add "*" as indicator meaning the function/reason is removed, so put an
empty string in the function/reason string table; this preserves backward
compatibility by keeping the #define's.

In state files, trailing backslash means text is on the next line.

Add copyright to state files

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3640)
2017-06-12 15:03:40 -04:00
Bernd Edlinger
19546246cf Fix memleak in EVP_DigestSignFinal/VerifyFinal.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3658)
2017-06-12 12:49:50 -04:00
Paul Yang
0848e01b1d Refactor functions in testdsa.h
To reduce duplicate code

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3656)
2017-06-12 12:02:11 -04:00
Benjamin Kaduk
8ea404fb3a Add sslapitest for SSL_early_get1_extensions_present()
Call it from the early callback used for testing these functions, and verify
the expected contents of the ClientHello

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2976)
2017-06-12 09:31:48 +01:00
Benjamin Kaduk
193b5d769c Add SSL_early_get1_extensions_present()
It is an API to be used from the early callback that indicates what
extensions were present in the ClientHello, and in what order.
This can be used to eliminate unneeded calls to SSL_early_get0_ext()
(which itself scales linearly in the number of extensions supported
by the library).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2976)
2017-06-12 09:31:47 +01:00
Benjamin Kaduk
0e1e4045c4 TLS 1.3 client sigalgs test no longer needs TLS 1.2
Per the TODO comment, we now have proper certificate selection for
TLS 1.3 client certificates, so this test can move into its own
block.  (It cannot merge with the previous block, as it requires EC.)

Verified that the test passes when configured with enable-tls1_3
no-tls1 no-tls1_1 no-tls1_2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3131)
2017-06-12 09:19:05 +01:00
Benjamin Kaduk
cf34d54d82 drop some no-longer-relevant TODO(TLS1.3) entries
We prevent compression both when the server is parsing the ClientHello
and when the client is constructing the ClientHello.  A 1.3 ServerHello
has no way to hand us back a compression method, and we already check
that the server does not try to give us back a compression method that
we did not request, so these checks seem sufficient.

Weaken the INSTALL note slightly, as we do now expect to interoperate
with other implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3131)
2017-06-12 09:19:05 +01:00