Commit graph

145 commits

Author SHA1 Message Date
Dr. Stephen Henson
a08f8d73cc Reject zero length ec point format list.
Give more meaningful error is attempt made to use incorrect curve.

(from HEAD)
2012-12-26 18:26:11 +00:00
Dr. Stephen Henson
53bb723834 Use client version when deciding which cipher suites to disable.
(backport from HEAD)
2012-12-26 17:09:39 +00:00
Dr. Stephen Henson
684a2264c5 Use default point formats extension for server side as well as client
side, if possible.

Don't advertise compressed char2 for SuiteB as it is not supported.
(backport from HEAD)
2012-12-26 17:09:14 +00:00
Dr. Stephen Henson
a50ecaee56 store and print out message digest peer signed with in TLS 1.2
(backport from HEAD)
2012-12-26 16:23:13 +00:00
Dr. Stephen Henson
ccf6a19e2d Add three Suite B modes to TLS code, supporting RFC6460.
(backport from HEAD)
2012-12-26 16:17:40 +00:00
Dr. Stephen Henson
6660baee66 Make tls1_check_chain return a set of flags indicating checks passed
by a certificate chain. Add additional tests to handle client
certificates: checks for matching certificate type and issuer name
comparison.

Print out results of checks for each candidate chain tested in
s_server/s_client.
(backport from HEAD)
2012-12-26 15:27:44 +00:00
Dr. Stephen Henson
25d4c9254c Abort handshake if signature algorithm used not supported by peer.
(backport from HEAD)
2012-12-26 15:27:24 +00:00
Dr. Stephen Henson
44adfeb6c0 check EC tmp key matches preferences
(backport from HEAD)
2012-12-26 15:27:04 +00:00
Dr. Stephen Henson
b762acadeb Add support for certificate stores in CERT structure. This makes it
possible to have different stores per SSL structure or one store in
the parent SSL_CTX. Include distint stores for certificate chain
verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
to build and store a certificate chain in CERT structure: returing
an error if the chain cannot be built: this will allow applications
to test if a chain is correctly configured.

Note: if the CERT based stores are not set then the parent SSL_CTX
store is used to retain compatibility with existing behaviour.
(backport from HEAD)
2012-12-26 15:21:53 +00:00
Dr. Stephen Henson
23195e4dcc stop warning
(backport from HEAD)
2012-12-26 14:56:27 +00:00
Dr. Stephen Henson
b28fbdfa7d New function ssl_set_client_disabled to set masks for any ciphersuites
that are disabled for this session (as opposed to always disabled by
configuration).
(backport from HEAD)
2012-12-26 14:55:46 +00:00
Dr. Stephen Henson
7531dd18dc no need to check s->server as default_nid is never used for TLS 1.2 client authentication
(backport from HEAD)
2012-12-26 14:45:27 +00:00
Dr. Stephen Henson
04c32cddaa Separate client and server permitted signature algorithm support: by default
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
(backport from HEAD)
2012-12-26 14:44:56 +00:00
Dr. Stephen Henson
623a5e24cb Add certificate callback. If set this is called whenever a certificate
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
(backport from HEAD)
2012-12-26 14:43:51 +00:00
Dr. Stephen Henson
c550f2e37b Function tls1_check_ec_server_key is now redundant as we make
appropriate checks in tls1_check_chain.
(backport from HEAD)
2012-12-26 14:27:27 +00:00
Dr. Stephen Henson
484f876235 Add new "valid_flags" field to CERT_PKEY structure which determines what
the certificate can be used for (if anything). Set valid_flags field
in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
to have similar checks in it.

Add new "cert_flags" field to CERT structure and include a "strict mode".
This enforces some TLS certificate requirements (such as only permitting
certificate signature algorithms contained in the supported algorithms
extension) which some implementations ignore: this option should be used
with caution as it could cause interoperability issues.
(backport from HEAD)
2012-12-26 14:26:53 +00:00
Dr. Stephen Henson
c70a1fee71 Reorganise supported signature algorithm extension processing.
Only store encoded versions of peer and configured signature algorithms.
Determine shared signature algorithms and cache the result along with NID
equivalents of each algorithm.
(backport from HEAD)
2012-12-26 14:26:16 +00:00
Dr. Stephen Henson
0b362de5f5 Add support for application defined signature algorithms for use with
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.

TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.
(backport from HEAD)
2012-12-26 14:25:29 +00:00
Dr. Stephen Henson
7469af4484 reject zero length point format list or supported curves extensions 2012-11-22 14:15:36 +00:00
Dr. Stephen Henson
dc14441757 Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.
2012-09-11 13:35:14 +00:00
Ben Laurie
da8512aaff Call OCSP Stapling callback after ciphersuite has been chosen, so the
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.  See
http://rt.openssl.org/Ticket/Display.html?id=2836.
2012-09-11 12:00:25 +00:00
Dr. Stephen Henson
ccffdb3fdc revert unrelated test code 2012-07-03 20:21:35 +00:00
Dr. Stephen Henson
74d89b0d93 PR: 2840
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
2012-07-03 20:20:11 +00:00
Dr. Stephen Henson
a240ea8ab8 don't use pseudo digests for default values of keys 2012-06-27 14:12:01 +00:00
Ben Laurie
3c56d65a41 Fix memory leak. 2012-06-11 09:23:38 +00:00
Ben Laurie
49e9f751a4 Fix authz parsing. 2012-06-06 12:45:14 +00:00
Ben Laurie
8a02a46a5c RFC 5878 support. 2012-05-29 17:27:48 +00:00
Dr. Stephen Henson
fe9ce2b7d6 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Improved localisation of TLS extension handling and code tidy.
2012-04-24 12:15:17 +00:00
Dr. Stephen Henson
f897fe4146 correct error code 2012-04-18 15:17:39 +00:00
Dr. Stephen Henson
1d0c47fd55 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Localize client hello extension parsing in t1_lib.c
(backport from HEAD)
2012-04-06 20:16:09 +00:00
Dr. Stephen Henson
e46c807e4f Add support for automatic ECDH temporary key parameter selection. When
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
(backport from HEAD)
2012-04-06 20:15:50 +00:00
Dr. Stephen Henson
c132ca95c0 Tidy up EC parameter check code: instead of accessing internal structures
add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.
(backport from HEAD)
2012-04-06 20:14:53 +00:00
Dr. Stephen Henson
6b870763ac Initial revision of ECC extension handling.
Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
(backport from HEAD)
2012-04-06 20:12:35 +00:00
Dr. Stephen Henson
5505818199 New ctrls to retrieve supported signature algorithms and curves and
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
(backport from HEAD)
2012-04-06 19:29:49 +00:00
Dr. Stephen Henson
78c5d2a9bb use client version when deciding whether to send supported signature algorithms extension 2012-03-21 21:32:57 +00:00
Dr. Stephen Henson
a54ce007e6 PR: 2739
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.
2012-02-27 16:38:10 +00:00
Dr. Stephen Henson
b935714237 typo 2012-02-17 17:31:32 +00:00
Dr. Stephen Henson
c489ea7d01 PR: 2704
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Fix srp extension.
2012-02-10 20:08:49 +00:00
Dr. Stephen Henson
adcea5a043 return error if md is NULL 2012-01-22 13:12:50 +00:00
Dr. Stephen Henson
166dea6ac8 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:31 +00:00
Dr. Stephen Henson
1cb4d65b87 Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.
2012-01-04 14:25:28 +00:00
Dr. Stephen Henson
7b2dd292bc only send heartbeat extension from server if client sent one 2012-01-03 22:03:07 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
7454cba4fa fix error discrepancy 2011-12-07 12:28:50 +00:00
Ben Laurie
8cd897a42c Don't send NPN during renegotiation. 2011-11-24 18:22:06 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0 Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Bodo Möller
3c3f025923 Fix session handling. 2011-09-05 13:36:55 +00:00
Dr. Stephen Henson
9ddc574f9a typo 2011-06-01 11:10:50 +00:00