Commit graph

11364 commits

Author SHA1 Message Date
Ben Laurie
282a480a35 Fix warnings. 2013-04-06 15:08:44 +01:00
Dr. Stephen Henson
1e2d4cb0e1 Make TLS 1.2 ciphers work again.
Since s->method does not reflect the final client version when a client
hello is sent for SSLv23_client_method it can't be relied on to indicate
if TLS 1.2 ciphers should be used. So use the client version instead.
2013-04-04 18:21:58 +01:00
Andy Polyakov
99cda4376e cryptlib.c: fix typo in OPENSSL_showfatal. 2013-04-04 15:57:43 +02:00
Andy Polyakov
73325b221c aesni-x86_64.pl: optimize CBC decrypt.
Give CBC decrypt approximately same treatment as to CTR and collect 25%.
2013-04-04 15:56:23 +02:00
Andy Polyakov
a42abde699 e_aes.c: reserve for future extensions. 2013-04-04 15:55:49 +02:00
Andy Polyakov
64f7e2c4c0 gcm128.c: fix linking problems in 32-bit Windows build. 2013-04-04 15:54:58 +02:00
Andy Polyakov
7f97d57236 dest4-sparcv9.pl: add clarification comment. 2013-04-04 15:54:08 +02:00
Andy Polyakov
c9a8e3d1c7 evptests.txt: add XTS test vectors 2013-04-04 15:53:01 +02:00
Dr. Stephen Henson
3fce3f6b2b Use $(PERL) when calling scripts in mk1mf.pl 2013-04-03 22:38:18 +01:00
Dr. Stephen Henson
0ded2a0689 Typo. 2013-03-31 17:42:46 +01:00
Andy Polyakov
c5d975a743 Add support for SPARC T4 DES opcode. 2013-03-31 14:32:05 +02:00
Andy Polyakov
d8f3ed2306 des_enc.m4: add missing #include.
Submitted by: David Miller
2013-03-31 14:07:48 +02:00
Andy Polyakov
4e049c5259 Add AES-NI GCM stitch. 2013-03-29 20:45:33 +01:00
Andy Polyakov
b4a9d5bfe8 aesni-x86_64.pl: fix typo and optimize small block performance. 2013-03-29 18:54:24 +01:00
Dr. Stephen Henson
3d1160d58b Call RAND_cleanup in openssl application.
(cherry picked from commit 944bc29f90)
2013-03-28 14:29:39 +00:00
Dr. Stephen Henson
4221c0dd30 Enable TLS 1.2 ciphers in DTLS 1.2.
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.
2013-03-28 14:14:27 +00:00
Dr. Stephen Henson
fbbaaccaca Update fixed DH requirements.
The relaxed signing requirements for fixed DH certificates apply to DTLS 1.2
too.
2013-03-28 14:14:27 +00:00
Dr. Stephen Henson
04fac50045 DTLS 1.2 cached record support.
Add DTLS1.2 support for cached records when computing handshake macs
instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the
equivalent TLS 1.2 code to DTLS).
2013-03-28 14:14:27 +00:00
Matt Caswell
94782e0e9c Make binary curve ASN.1 work in FIPS mode.
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
2013-03-26 16:56:50 +00:00
Dr. Stephen Henson
c3b344e36a Provisional DTLS 1.2 support.
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
2013-03-26 15:16:41 +00:00
Dr. Stephen Henson
9cf0f18754 Remove versions test from dtls1_buffer_message
Since this is always called from DTLS code it is safe to assume the header
length should be the DTLS value. This avoids the need to check the version
number and should work with any version of DTLS (not just 1.0).
2013-03-26 15:16:41 +00:00
Dr. Stephen Henson
cfd298b7ae Extend DTLS method macros.
Extend DTLS method creation macros to support version numbers and encryption
methods. Update existing code.
2013-03-26 15:16:41 +00:00
Dr. Stephen Henson
874a18cfad Enable various DTLS extensions.
Some TLS extensions were disabled for DTLS. Possibly because they caused
problems with the old duplicated code. Enable them again.
2013-03-26 15:16:41 +00:00
Andy Polyakov
6c79faaa9d aesni-x86_64.pl: optimize CTR even further.
Based on suggestions from Shay Gueron and Vlad Krasnov.
PR: 3021
2013-03-26 14:29:18 +01:00
Andy Polyakov
1da5d3029e ghash-x86_64.pl: add AVX code path. 2013-03-24 23:44:35 +01:00
Andy Polyakov
1bc4d009e1 aesni-x86_64.pl: optimize CTR even further. 2013-03-19 20:03:02 +01:00
Andy Polyakov
fbf7c44bbf ghash-x86_64.pl: minor optimization. 2013-03-19 20:02:11 +01:00
Dr. Stephen Henson
2f0275a4c3 Disable compression for DTLS.
The only standard compression method is stateful and is incompatible with
DTLS.
2013-03-19 13:43:06 +00:00
Dr. Stephen Henson
eb7ece1381 Typo. 2013-03-19 12:41:54 +00:00
Andy Polyakov
5c60046553 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
PR: 3002
2013-03-18 19:29:41 +01:00
Dr. Stephen Henson
cbd64894ec Use enc_flags when deciding protocol variations.
Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
2013-03-18 15:03:58 +00:00
Dr. Stephen Henson
6de2649a6b Use appropriate versions of SSL3_ENC_METHOD 2013-03-18 14:53:59 +00:00
Dr. Stephen Henson
173e72e64c DTLS revision.
Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.

Specifically almost all of the record generation functions have code like
this:

some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);

...

write_handshake_message(ssl);

Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.

By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.

Note: although this passes "make test" and some simple DTLS tests there may
be some minor differences in the DTLS code that have to be accounted for.
2013-03-18 14:36:43 +00:00
Michael Tuexen
80ccc66d7e Avoid unnecessary fragmentation. 2013-03-18 14:30:38 +00:00
Dr. Stephen Henson
5de18d5d0d Encode INTEGER correctly.
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c)
2013-03-18 14:22:08 +00:00
Dr. Stephen Henson
e24fd37cda Typo.
(cherry picked from commit 1546fb780b)
2013-03-18 14:00:39 +00:00
Dr. Stephen Henson
890f2f8b92 DTLS trace support.
Add DTLS record header parsing, different client hello format and add
HelloVerifyRequest message type.

Add code to d1_pkt.c to send message headers to the message callback.
2013-03-11 13:05:07 +00:00
Andy Polyakov
ca303d333b evptests.txt: additional GCM test vectors. 2013-03-06 19:24:05 +01:00
Dr. Stephen Henson
15652f9825 GCM and CCM test support
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.

Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
2013-03-06 16:15:42 +00:00
Dr. Stephen Henson
95248de327 Add CCM ciphers to tables. 2013-03-06 16:15:42 +00:00
Andy Polyakov
28997596f2 ghash-x86_64.pl: fix length handling bug.
Thanks to Shay Gueron & Vlad Krasnov for report.
2013-03-06 10:42:21 +01:00
Dr. Stephen Henson
bcb157f07f typo 2013-03-05 21:20:00 +00:00
Dr. Stephen Henson
e942c15451 Initial CCM code.
Simple example of CCM code use: translated from the FIPS self tests.
2013-03-05 18:30:53 +00:00
Ben Laurie
897dfd4eaa Use CFLAG for LFLAGS instead of the nonexistent CFLAGS. 2013-03-05 05:55:19 +00:00
Ben Laurie
c621fe6685 Ignore mk1mf.pl output directories. 2013-03-05 04:29:41 +00:00
Ben Laurie
feb4c32786 Remove unused variable. 2013-03-04 22:48:38 +00:00
Ben Laurie
63d86d067a Actually comment out the cpuid asm! 2013-03-04 20:31:59 +00:00
Ben Laurie
35ced1f705 Merge branch 'master' of openssl.net:openssl
Conflicts:
	util/mk1mf.pl
2013-03-04 20:26:17 +00:00
Dr. Stephen Henson
71a16946dc Fix WIN32 build.
Make assembly language handling conditional on the "copy" platform
as Windows does its own thing here.
2013-03-04 19:21:32 +00:00
Andy Polyakov
5702e965d7 x86cpuid.pl: make it work with older CPUs.
PR: 3005
2013-03-04 20:05:04 +01:00