Todd Short
07518cfb38
Add TLSv1.3 draft-19 messages to trace
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2970 )
2017-03-16 13:16:51 -04:00
Matt Caswell
11c67eeaf4
HelloRetryRequest updates for draft-19
...
Draft-19 changes the HRR transcript hash so that the initial ClientHello
is replaced in the transcript with a special synthetic message_hash message
that just contains a hash of ClientHello1 as its message body.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895 )
2017-03-16 14:20:38 +00:00
Matt Caswell
6594189fa1
Merge early_data_info extension into early_data
...
As per draft-19
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895 )
2017-03-16 14:20:38 +00:00
Matt Caswell
a4f376af7e
Construct the early_data extension
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:14 +00:00
Matt Caswell
29fac541b0
Teach SSL_trace() about the early_data_info extension
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737 )
2017-03-02 17:44:14 +00:00
Dr. Stephen Henson
fa64210a88
Trace support for TLS 1.3 certificate request message
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2728 )
2017-02-27 18:23:18 +00:00
Dr. Stephen Henson
26a556e778
Add missing blank lines and cosmetic improvements
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747 )
2017-02-26 18:26:09 +00:00
Dr. Stephen Henson
5032abdfa8
TLS 1.3 support for ssl_print_ticket()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747 )
2017-02-26 18:26:09 +00:00
Dr. Stephen Henson
26212351b6
print out alpn extension
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747 )
2017-02-26 18:26:09 +00:00
Dr. Stephen Henson
52434847b1
Add ffdhe groups to trace output
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747 )
2017-02-26 18:26:08 +00:00
Dr. Stephen Henson
b9d71999b0
Print numerical value of named roups
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747 )
2017-02-26 18:26:08 +00:00
Dr. Stephen Henson
f1dae5f08a
Add entry for PSK extension
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747 )
2017-02-26 18:26:08 +00:00
Dr. Stephen Henson
6e7c55399c
Add trace entries for remaining TLS 1.3 ciphersuites
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747 )
2017-02-26 18:26:08 +00:00
Matt Caswell
7d8c2dfa64
Add SSL_trace() support for KeyUpdate messages
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609 )
2017-02-17 10:28:00 +00:00
Matt Caswell
87d70b63a5
Add trace support for HelloRetryRequest
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341 )
2017-02-14 13:14:25 +00:00
Matt Caswell
b2f7e8c0fe
Add support for the psk_key_exchange_modes extension
...
This is required for the later addition of resumption support.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259 )
2017-01-30 10:17:49 +00:00
Matt Caswell
7842505190
Teach SSL_trace about the new sigalgs
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157 )
2017-01-10 23:02:50 +00:00
Matt Caswell
d805a57be2
Fix various style issues following feedback
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020 )
2017-01-06 11:01:14 +00:00
Matt Caswell
3dd826b879
Fix a double blank line style issue
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020 )
2017-01-06 10:25:13 +00:00
Matt Caswell
ac52c4be12
Update SSL_trace to understand TLSv1.3 Certificates
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020 )
2017-01-06 10:25:13 +00:00
Matt Caswell
1266eefdb6
Various style updates following extensions refactor
...
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:58 +00:00
Matt Caswell
e46f233444
Add EncryptedExtensions message
...
At this stage the message is just empty. We need to fill it in with
extension data.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:12 +00:00
Matt Caswell
71728dd8aa
Send and Receive a TLSv1.3 format ServerHello
...
There are some minor differences in the format of a ServerHello in TLSv1.3.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:16:23 +00:00
Matt Caswell
f43cb3f809
Fix a "defined but not used" warning when enabling ssl-trace
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:39:23 +00:00
Matt Caswell
d6d0bcddd9
Update the trace code to know about the key_share extension
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Richard Levitte
b612799a80
Revert "Remove heartbeats completely"
...
Done too soon, this is for future OpenSSL 1.2.0
This reverts commit 6c62f9e163
.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-15 14:53:33 +01:00
Richard Levitte
6c62f9e163
Remove heartbeats completely
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669 )
2016-11-15 10:45:21 +01:00
Richard Levitte
e72040c1dc
Remove heartbeat support
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669 )
2016-11-13 16:24:02 -05:00
Matt Caswell
de4d764e32
Rename the Elliptic Curves extension to supported_groups
...
This is a skin deep change, which simply renames most places where we talk
about curves in a TLS context to groups. This is because TLS1.3 has renamed
the extension, and it can now include DH groups too. We still only support
curves, but this rename should pave the way for a future extension for DH
groups.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 15:05:36 +00:00
Matt Caswell
60e3b3c550
Remove some redundant trace code
...
No need to have a supported versions table and a versions table. They
should be the same.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:09 +00:00
Matt Caswell
b97667ce67
Fix some missing checks for TLS1_3_VERSION_DRAFT
...
There were a few places where we weren't checking to see if we were using
the draft TLS1.3 version or not.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:09 +00:00
Matt Caswell
619d8336d0
Update TLS1.3 draft version numbers for latest draft
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
5506e835a8
Ensure that the -trace option can interpret the supported_versions extension
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
5d71f7ea29
Correct the Id for the TLS1.3 ciphersuite
...
We have one TLS1.3 ciphersuite, but there is a typo in the id that should
be corrected.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-07 15:47:22 +00:00
Matt Caswell
582a17d662
Add the SSL_METHOD for TLSv1.3 and all other base changes required
...
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.
This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Matt Caswell
2d11f5b2ca
Ensure trace recognises X25519
...
Using the -trace option to s_server or s_client was incorrectly printing
UNKNOWN for the X25519 curve.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-08 12:34:02 +01:00
Emilia Kasper
a230b26e09
Indent ssl/
...
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-18 14:02:29 +02:00
FdaSilvaYY
d3d5dc607a
Enforce and explicit some const casting
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
Rich Salz
846e33c729
Copyright consolidation 01/10
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-17 14:19:19 -04:00
Ben Laurie
d94ce4100f
Fix enable-ssl-trace no-nextprotoneg.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-27 12:36:30 +01:00
Rob Percival
ed29e82ade
Adds CT validation to SSL connections
...
Disabled by default, but can be enabled by setting the
ct_validation_callback on a SSL or SSL_CTX.
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:10 -05:00
Matt Caswell
c6f9019b69
Fix the enable-ssl-trace config option
...
The recent removal of static ECDH broke the enable-ssl-trace compilation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-12 10:06:45 +00:00
Rich Salz
22e3dcb780
Remove TLS heartbeat, disable DTLS heartbeat
...
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.
This addresses RT 3647
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:57:26 -05:00
Rich Salz
349807608f
Remove /* foo.c */ comments
...
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Dr. Stephen Henson
bc71f91064
Remove fixed DH ciphersuites.
...
Remove all fixed DH ciphersuites and associated logic.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-19 16:14:51 +00:00
Ben Laurie
d25aeabca8
Don't use EC when no-ec.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 16:14:35 +00:00
Andy Polyakov
a76ba82ccb
Wire ChaCha20-Poly1305 to TLS.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:30 +01:00
Matt Caswell
2a9b96548a
Updates to GOST2012
...
Various updates following feedback from the recent commit of the new
GOST2012 code.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-27 17:23:14 +00:00
Dmitry Belyavsky
e44380a990
Patch containing TLS implementation for GOST 2012
...
This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-23 16:09:42 +00:00
Dr. Stephen Henson
2a1a04e131
Add full PSK trace support
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00