summaryrefslogtreecommitdiffstats
path: root/util
AgeCommit message (Collapse)Author
2017-08-21Document missing EVP_PKEY_method_* itemsPaul Yang
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4104)
2017-08-16fix some typosFdaSilvaYY
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4172)
2017-08-15Add SSL_get_pending_cipher()Benjamin Kaduk
The existing function SSL_get_current_cipher() queries the current session for the ciphersuite in use, but there is no way for application code to determine what ciphersuite has been negotiated and will be used in the future, prior to ChangeCipherState (or the TLS 1.3 equivalent) causing the new cipher to take effect and become visible in the session information. Expose this information to appropriate application callbacks to use during the handshake. The name SSL_get_pending_cipher() was chosen for compatibility with BoringSSL's routine of that name. Improve the note on macro implementations in SSL_get_current_cipher.pod while here. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4070)
2017-08-15Add ERR_clear_last_mark()Richard Levitte
This allows callers to set a mark, and then clear it without removing the errors. Useful in case an error is encountered that should be returned up the call stack. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4094)
2017-08-15File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapperRichard Levitte
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-15Consolidate the locations where we have our internal perl modulesRichard Levitte
Instead of having perl modules under test/testlib, util and util/perl, consolidate them all to be inside util/perl. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-14Doc fixesRich Salz
Write missing prime.pod and srp.pod Implement -c in find-doc-nits (for command options) Other fixes to some manpages Use B<-I<digest|cipher>> notation Split up multiple flags into a single entry in the synopsis. Add -1 and missing-help to list command. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4144)
2017-08-12Add EVP_DigestFinalXOF, interface to extendable-output functions, XOFs.Andy Polyakov
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4137)
2017-08-11Fix some Typos and indentsFdaSilvaYY
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4108)
2017-08-09Add -d flag to list -u details (now normally off)Rich Salz
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4125)
2017-08-09Add an SSL_SESSION_dup() functionMatt Caswell
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4072)
2017-08-08Add interface to the scrypt KDF by means of PKEY_METHODJohannes Bauer
Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD. This fixes #4021 (at least for the scrypt portion of the issue). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4026)
2017-08-04Consolidate to a single asn1_time_from_tm() functionTodd Short
Add missing ASN1_TIME functions Do some cleanup of the ASN1_TIME code. Add ASN1_TIME_normalize() to normalize ASN1_TIME structures. Add ASN1_TIME_compare() to compare two ASN1_TIME structures. Add ASN1_TIME_cmp_time_t() to compare an ASN1_TIME to time_t (generic version of ASN1_UTCTIME_cmp_time_t()). Replace '0' .. '9' compares with isdigit() Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2753)
2017-08-03Add RAND_priv_bytes() for private keysRich Salz
Add a new global DRBG for private keys used by RAND_priv_bytes. Add BN_priv_rand() and BN_priv_rand_range() which use RAND_priv_bytes(). Change callers to use the appropriate BN_priv... function. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4076)
2017-08-03Add a DRBG to each SSL objectRich Salz
Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
2017-08-03Switch from ossl_rand to DRBG randRich Salz
If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success. Add RAND_poll_ex() Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's, mix in the address as the personalization bits. Centralize the entropy callbacks, from drbg_lib to rand_lib. (Conceptually, entropy is part of the enclosing application.) Thanks to Dr. Matthias St Pierre for the suggestion. Various code cleanups: -Make state an enum; inline RANDerr calls. -Add RAND_POLL_RETRIES (thanks Pauli for the idea) -Remove most RAND_seed calls from rest of library -Rename DRBG_CTX to RAND_DRBG, etc. -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the implementation of NIST DRBG. -Remove blocklength Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4019)
2017-07-29make updateDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4015)
2017-07-29Implement the CRYPTO_secure_clear_free functionBernd Edlinger
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4044)
2017-07-28Make SSL_set_tlsext_host_name no effect from server sidePaul Yang
Documentation and test cases are also updated Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3783)
2017-07-28Perl: Use File::Glob::bsd_glob rather than File::Glob::globRichard Levitte
File::Glob::glob is deprecated, it's use generates this kind of message: File::Glob::glob() will disappear in perl 5.30. Use File::Glob::bsd_glob() instead. at ../master/Configure line 277. So instead, use a construction that makes the caller glob() use File::Glob::bsd_glob(). Note that we're still excluding VMS, as it's directory specs use '[' and ']', which have a different meaning with bsd_glob and would need some extra quoting. This might change, but later. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4040)
2017-07-26make scrypt ASN.1 parameter functions publicHubert Kario
Since scrypt PBKDF can be used both in PKCS#5 and PKCS#12 files, do share the code between them. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1334)
2017-07-26Add test cases and docs for ASN1_STRING_TABLE_* functionsPaul Yang
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3998)
2017-07-26Add support to free/allocate SSL buffersTodd Short
OpenSSL already has the feature of SSL_MODE_RELEASE_BUFFERS that can be set to release the read or write buffers when data has finished reading or writing. OpenSSL will automatically re-allocate the buffers as needed. This can be quite aggressive in terms of memory allocation. This provides a manual mechanism. SSL_free_buffers() will free the data buffers if there's no pending data. SSL_alloc_buffers() will realloc them; but this function is not strictly necessary, as it's still done automatically in the state machine. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2240)
2017-07-25Add evp/m_sha3.c.Andy Polyakov
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3943)
2017-07-21Support converting cipher name to RFC name and vice versaPaul Yang
Fixes: issue #3747 make SSL_CIPHER_standard_name globally available and introduce a new function OPENSSL_cipher_name. A new option '-convert' is also added to 'openssl ciphers' app. Documentation and test cases are added. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3859)
2017-07-19Add DRBG random methodRich Salz
Ported from the last FIPS release, with DUAL_EC and SHA1 and the self-tests removed. Since only AES-CTR is supported, other code simplifications were done. Removed the "entropy blocklen" concept. Moved internal functions to new include/internal/rand.h. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3789)
2017-07-16Don't use "version" in "OpenSSL Version 1.1.0" etcRich Salz
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3938)
2017-07-07Update the version number for TLSv1.3 draft 21Matt Caswell
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-03Various doc fixesRich Salz
Fix a =head1 section name Fix a typo in POD label Remove a spurious =back Add a missing blank line Avoid 'legacy' -- use 'deprecated' if still needed if we cannot just reword. Always do strict checking Do not warn about missing "RETURN VALUES" unless -s is set. Change OpenSSL version 1.1 -> 1.1.0 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3830)
2017-07-03Remove the possibility to disable the UI module entirelyRichard Levitte
Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API and other UI methods in environments where the console reader isn't useful. To disable the console reader, configure with 'no-ui-console' / 'disable-ui-console'. 'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' / 'disable-ui-console'. Fixes #3806 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3820)
2017-06-29Add fork handlers, based on pthread_atforkRich Salz
Only for Unix platforms Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3754)
2017-06-29util/mkdef.pl: Make symbol version processing Linux onlyRichard Levitte
For Windows, we care which way it is, the resulting file is just a pile of symbols. For VMS, we really need to care about the numeric ordering, and getting the symbols sorted by symbol version too didn't agree with that. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3804)
2017-06-29util/mkdef.pl: Add UNIX as a platformRichard Levitte
This allows us to guard Unix specific functions with #ifndef / #ifdef OPENSSL_SYS_UNIX Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3804)
2017-06-29STORE: add ENGINE information to loadersRichard Levitte
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29Add the STORE moduleRichard Levitte
This STORE module adds the following functionality: - A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close() that accesses a URI and helps loading the supported objects (PKEYs, CERTs and CRLs for the moment) from it. - An opaque type OSSL_STORE_INFO that holds information on each loaded object. - A few functions to retrieve desired data from a OSSL_STORE_INFO reference. - Functions to register and unregister loaders for different URI schemes. This enables dynamic addition of loaders from applications or from engines. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-27util/mkerr.pl: avoid getting an annoying warning about negative countRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3781)
2017-06-27util/mkerr.pl: allow module names prefixed with OSSL_ or OPENSSL_Richard Levitte
To make sure that our symbols don't clash with other libraries, we claim the namespaces OSSL and OPENSSL. Because C doesn't provide namespaces, the only solution is to have them as prefixes on symbols, thus we allow OSSL_ and OPENSSL_ as prefixes. These namespace prefixes are optional for the foreseeable future, and will only be used for new modules as needed on a case by case basis, until further notice. For extra safety, there's an added requirement that module names - apart from the namespace prefix - be at least 2 characters long. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3781)
2017-06-24Add constants for TLS 1.3 SignatureScheme valuesBenjamin Kaduk
Put them into the TLSProxy::Message namespace along with the extension type constants. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3326)
2017-06-21Add OCSP_resp_get1_id() accessorSascha Steinbiss
Adding a get1 style accessor as brought up in mailing list post https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.html Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1876)
2017-06-21Document SSL_set_psk_find_session_callback() and SSL_CTX equivalentMatt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21Document SSL_set_psk_use_session_callback() and SSL_CTX equivalentMatt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21Add SSL_SESSION_set_protocol_version()Matt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21Add SSL_SESSION_set_cipher()Matt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21Add SSL_SESSION_set1_master_key()Matt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21Add a function to get the handshake digest for an SSL_CIPHERMatt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-21Add public API functions for setting TLSv1.3 PSK callbacksMatt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
2017-06-13Rework writing crypto/err/openssl.txtRichard Levitte
Reading the prologue of this file conserved the "# Function codes" line, and then duplicated it when rewriting this file, adding a new "# Function codes" line everytime there's an update. Better then to skip over all comment lines and have the prologue defined in mkerr.pl, just the same as we do with the other affected files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3664)
2017-06-12Add -module option to util/mkerr.plRichard Levitte
Sometimes, one might only want to rework a subset of all the internal error codes. -module allows the caller to specify exactly which library modules to rewrite. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3662)
2017-06-12Put message strings in state filesRich Salz
Add "*" as indicator meaning the function/reason is removed, so put an empty string in the function/reason string table; this preserves backward compatibility by keeping the #define's. In state files, trailing backslash means text is on the next line. Add copyright to state files Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3640)
2017-06-12Add SSL_early_get1_extensions_present()Benjamin Kaduk
It is an API to be used from the early callback that indicates what extensions were present in the ClientHello, and in what order. This can be used to eliminate unneeded calls to SSL_early_get0_ext() (which itself scales linearly in the number of extensions supported by the library). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2976)