wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11356 commits 20 branches 302 tags 153 MiB
Commit graph

1387 commits

Author SHA1 Message Date
Dr. Stephen Henson
083bec780d typo 2012-12-07 13:23:49 +00:00
Dr. Stephen Henson
1edf8f1b4e really fix automatic ;-) 2012-12-07 12:41:13 +00:00
Dr. Stephen Henson
f1f5c70a04 fix handling of "automatic" in file mode 2012-12-06 21:53:05 +00:00
Dr. Stephen Henson
4842dde80c return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded 2012-12-01 18:33:21 +00:00
Dr. Stephen Henson
84bafb7471 Print out point format list for clients too. 2012-11-26 18:39:38 +00:00
Dr. Stephen Henson
5087afa108 Use default point formats extension for server side as well as client 
side, if possible.

Don't advertise compressed char2 for SuiteB as it is not supported.
 2012-11-26 18:38:10 +00:00
Dr. Stephen Henson
93c2c9befc change inaccurate error message 2012-11-26 15:47:32 +00:00
Dr. Stephen Henson
d900c0ae14 set auto ecdh parameter selction for Suite B 2012-11-26 15:10:50 +00:00
Dr. Stephen Henson
1c16fd1f03 add Suite B 128 bit mode offering only combination 2 2012-11-24 00:59:51 +00:00
Dr. Stephen Henson
20b431e3a9 Add support for printing out and retrieving EC point formats extension. 2012-11-22 15:20:53 +00:00
Dr. Stephen Henson
e83aefb3a0 reject zero length point format list or supported curves extensions 2012-11-22 14:15:44 +00:00
Dr. Stephen Henson
2588d4ca41 curves can be set in both client and server 2012-11-21 17:01:46 +00:00
Dr. Stephen Henson
878b5d07ef use correct return values when callin cmd 2012-11-21 16:59:33 +00:00
Dr. Stephen Henson
98a7edf9f0 make depend 2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
ddd13d677b fix typo and warning 2012-11-19 02:46:46 +00:00
Dr. Stephen Henson
3db935a9e5 add SSL_CONF functions and documentation 2012-11-16 19:12:24 +00:00
Dr. Stephen Henson
51b9115b6d new command line option -stdname to ciphers utility 2012-11-16 00:35:46 +00:00
Dr. Stephen Henson
8ab92fc646 add "missing" TLSv1.2 cipher alias 2012-11-15 19:14:47 +00:00
Dr. Stephen Henson
8bb870df9e new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some operations (currently curves and signature algorithms) 2012-11-08 14:24:51 +00:00
Dr. Stephen Henson
323fa64559 If OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set allow the use of "SCSV" as 
a ciphersuite to position the SCSV value in different places for testing
purposes.
 2012-09-30 12:39:27 +00:00
Richard Levitte
4d88fc8173 * ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in 
debugging code that's seldom used.
 2012-09-21 13:08:24 +00:00
Dr. Stephen Henson
94a209d8e1 Add ctrl and utility functions to retrieve raw cipher list sent by client in 
client hello message. Previously this could only be retrieved on an initial
connection and it was impossible to determine the cipher IDs of any uknown
ciphersuites.
 2012-09-12 13:57:48 +00:00
Dr. Stephen Henson
e5db9c3b67 Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate 
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.
 2012-09-11 13:34:08 +00:00
Ben Laurie
2daceb0342 Call OCSP Stapling callback after ciphersuite has been chosen, so the 
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.  See
http://rt.openssl.org/Ticket/Display.html?id=2836.
 2012-09-11 12:57:46 +00:00
Dr. Stephen Henson
33a8de69dc new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client 2012-09-08 13:59:51 +00:00
Dr. Stephen Henson
319354eb6c store and print out message digest peer signed with in TLS 1.2 2012-09-07 12:53:42 +00:00
Dr. Stephen Henson
d47c01a31a perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange 2012-08-31 11:18:54 +00:00
Dr. Stephen Henson
becfdb995b give more meaningful error if presented with wrong certificate type by server 2012-08-30 12:46:22 +00:00
Dr. Stephen Henson
ed83ba5321 Add compilation flag to disable certain protocol checks and allow use of 
some invalid operations for testing purposes. Currently this can be used
to sign using digests the peer doesn't support, EC curves the peer
doesn't support and use certificates which don't match the type associated
with a ciphersuite.
 2012-08-29 13:18:34 +00:00
Dr. Stephen Henson
81f57e5a69 oops, typo 2012-08-28 23:19:25 +00:00
Dr. Stephen Henson
1cf218bcaa New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes 
all derived keys to the message callback.

Add code to SSL_trace to include support for printing out keys.
 2012-08-28 23:17:28 +00:00
Dr. Stephen Henson
2ea8035460 Add three Suite B modes to TLS code, supporting RFC6460. 2012-08-15 15:15:05 +00:00
Dr. Stephen Henson
3b0648ebc9 Rename Suite B functions for consistency. 
New function X509_chain_up_ref to dup and up the reference count of
a STACK_OF(X509): replace equivalent functionality in several places
by the equivalent call.
 2012-08-03 15:58:15 +00:00
Dr. Stephen Henson
6dbb6219e7 Make tls1_check_chain return a set of flags indicating checks passed 
by a certificate chain. Add additional tests to handle client
certificates: checks for matching certificate type and issuer name
comparison.

Print out results of checks for each candidate chain tested in
s_server/s_client.
 2012-07-27 13:39:23 +00:00
Dr. Stephen Henson
ec4a50b3c3 Abort handshake if signature algorithm used not supported by peer. 2012-07-24 18:11:27 +00:00
Dr. Stephen Henson
d18b716d25 check EC tmp key matches preferences 2012-07-24 13:47:40 +00:00
Dr. Stephen Henson
1e4cb467e1 typo 2012-07-24 13:32:40 +00:00
Dr. Stephen Henson
74ecfab401 Add support for certificate stores in CERT structure. This makes it 
possible to have different stores per SSL structure or one store in
the parent SSL_CTX. Include distint stores for certificate chain
verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
to build and store a certificate chain in CERT structure: returing
an error if the chain cannot be built: this will allow applications
to test if a chain is correctly configured.

Note: if the CERT based stores are not set then the parent SSL_CTX
store is used to retain compatibility with existing behaviour.
 2012-07-23 23:34:28 +00:00
Dr. Stephen Henson
050ce4ca42 set ciphers to NULL before calling cert_cb 2012-07-20 15:21:23 +00:00
Dr. Stephen Henson
8e2a06bf5c stop warning 2012-07-19 16:57:19 +00:00
Dr. Stephen Henson
a1644902eb add ssl_locl.h to err header files, rebuild ssl error strings 2012-07-19 14:45:36 +00:00
Dr. Stephen Henson
b7bfe69b66 New function ssl_set_client_disabled to set masks for any ciphersuites 
that are disabled for this session (as opposed to always disabled by
configuration).
 2012-07-18 14:09:46 +00:00
Dr. Stephen Henson
63fe4ee14c update trace messages 2012-07-18 13:53:56 +00:00
Dr. Stephen Henson
9f27b1eec3 Add new ctrl to retrieve client certificate types, print out 
details in s_client.

Also add ctrl to set client certificate types. If not used sensible values
will be included based on supported signature algorithms: for example if
we don't include any DSA signing algorithms the DSA certificate type is
omitted.

Fix restriction in old code where certificate types would be truncated
if it exceeded TLS_CT_NUMBER.
 2012-07-08 14:22:45 +00:00
Richard Levitte
9fd603be07 Install srtp.h 2012-07-05 13:20:19 +00:00
Richard Levitte
bec44866f1 Add d1_srtp and t1_trce. 2012-07-05 13:20:02 +00:00
Dr. Stephen Henson
87adf1fa96 new function SSL_is_server to which returns 1 is the corresponding SSL context is for a server 2012-07-03 14:25:17 +00:00
Dr. Stephen Henson
15a70fe510 no need to check s->server as default_nid is never used for TLS 1.2 client authentication 2012-07-03 14:24:33 +00:00
Dr. Stephen Henson
3dbc46dfcd Separate client and server permitted signature algorithm support: by default 
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
 2012-07-03 12:51:14 +00:00
Dr. Stephen Henson
18d7158809 Add certificate callback. If set this is called whenever a certificate 
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
 2012-06-29 14:24:42 +00:00
Dr. Stephen Henson
0f39bab0df Function tls1_check_ec_server_key is now redundant as we make 
appropriate checks in tls1_check_chain.
 2012-06-28 13:02:14 +00:00
Dr. Stephen Henson
d61ff83be9 Add new "valid_flags" field to CERT_PKEY structure which determines what 
the certificate can be used for (if anything). Set valid_flags field
in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
to have similar checks in it.

Add new "cert_flags" field to CERT structure and include a "strict mode".
This enforces some TLS certificate requirements (such as only permitting
certificate signature algorithms contained in the supported algorithms
extension) which some implementations ignore: this option should be used
with caution as it could cause interoperability issues.
 2012-06-28 12:45:49 +00:00
Dr. Stephen Henson
be681e123c don't use pseudo digests for default values of keys 2012-06-27 14:12:47 +00:00
Dr. Stephen Henson
4453cd8c73 Reorganise supported signature algorithm extension processing. 
Only store encoded versions of peer and configured signature algorithms.
Determine shared signature algorithms and cache the result along with NID
equivalents of each algorithm.
 2012-06-25 14:32:30 +00:00
Dr. Stephen Henson
0f229cce65 Add support for application defined signature algorithms for use with 
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.

TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.
 2012-06-22 14:03:31 +00:00
Dr. Stephen Henson
c4ff5d1147 fix clashing error code 2012-06-18 13:11:09 +00:00
Dr. Stephen Henson
a5ee80b910 Make it possible to delete all certificates from an SSL structure. 2012-06-18 12:56:59 +00:00
Dr. Stephen Henson
93ab9e421e Initial record tracing code. Print out all fields in SSL/TLS records 
for debugging purposes. Needs "enable-ssl-trace" configuration option.
 2012-06-15 12:46:09 +00:00
Ben Laurie
195b9eeeed Fix memory leak. 2012-06-11 09:23:55 +00:00
Ben Laurie
7a71af86ce Rearrange and test authz extension. 2012-06-07 13:20:47 +00:00
Ben Laurie
32e62d1cc4 Fix memory leak. 2012-06-06 13:03:42 +00:00
Ben Laurie
aeda172afd Parse authz correctly. 2012-06-06 12:52:19 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Ben Laurie
a9e1c50bb0 RFC 5878 support. 2012-05-30 10:10:58 +00:00
Andy Polyakov
41409651be s2_clnt.c: compensate for compiler bug. 2012-05-16 12:47:36 +00:00
Dr. Stephen Henson
c3b1303387 PR: 2811 
Reported by: Phil Pennock <openssl-dev@spodhuis.org>

Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
 2012-05-11 13:34:29 +00:00
Dr. Stephen Henson
efb19e1330 PR: 2806 
Submitted by: PK <runningdoglackey@yahoo.com>

Correct ciphersuite signature algorithm definitions.
 2012-05-10 18:25:39 +00:00
Dr. Stephen Henson
c46ecc3a55 Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and 
DTLS to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
 2012-05-10 16:03:52 +00:00
Dr. Stephen Henson
a708609945 Don't try to use unvalidated composite ciphers in FIPS mode 2012-04-26 18:55:01 +00:00
Dr. Stephen Henson
43d5b4ff31 Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and 
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
 2012-04-25 23:04:42 +00:00
Andy Polyakov
f2ad35821c s23_clnt.c: ensure interoperability by maitaining client "version capability" 
vector contiguous.
PR: 2802
 2012-04-25 22:06:32 +00:00
Dr. Stephen Henson
09e4e4b98e Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Reviewed by: steve
Improved localisation of TLS extension handling and code tidy.
 2012-04-24 12:22:23 +00:00
Dr. Stephen Henson
ce33b42bc6 oops, not yet ;-) 2012-04-23 21:58:29 +00:00
Dr. Stephen Henson
579d553464 update NEWS 2012-04-23 21:56:33 +00:00
Dr. Stephen Henson
b214184160 recognise X9.42 DH certificates on servers 2012-04-18 17:03:29 +00:00
Dr. Stephen Henson
aa09c2c631 correct error codes 2012-04-18 15:36:12 +00:00
Bodo Möller
d3ddf0228e Disable SHA-2 ciphersuites in < TLS 1.2 connections. 
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley
 2012-04-17 15:23:03 +00:00
Dr. Stephen Henson
800e1cd969 Additional workaround for PR#2771 
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.
 2012-04-17 15:12:09 +00:00
Dr. Stephen Henson
293706e72c Partial workaround for PR#2771. 
Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...
 2012-04-17 13:21:19 +00:00
Andy Polyakov
4a1fbd13ee OPENSSL_NO_SOCK fixes. 
PR: 2791
Submitted by: Ben Noordhuis
 2012-04-16 17:42:36 +00:00
Andy Polyakov
3b1fb1a022 s3_srvr.c: fix typo. 
PR: 2538
 2012-04-15 17:22:57 +00:00
Andy Polyakov
fc90e42c86 e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag 
countermeasure.

PR: 2778
 2012-04-15 14:14:22 +00:00
Dr. Stephen Henson
adfd95c2ac use different variable for chain iteration 2012-04-11 16:01:08 +00:00
Dr. Stephen Henson
b2284ed34a Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Localize client hello extension parsing in t1_lib.c
 2012-04-06 11:18:40 +00:00
Dr. Stephen Henson
a43526302f Add support for automatic ECDH temporary key parameter selection. When 
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
 2012-04-05 13:38:27 +00:00
Andy Polyakov
a20152bdaf ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444). 
PR: 2778
 2012-04-04 20:45:51 +00:00
Dr. Stephen Henson
fd2b65ce53 Tidy up EC parameter check code: instead of accessing internal structures 
add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.
 2012-04-04 14:41:01 +00:00
Dr. Stephen Henson
94e9215fbc PR: 2778(part) 
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
 2012-03-31 18:03:02 +00:00
Dr. Stephen Henson
d0595f170c Initial revision of ECC extension handling. 
Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
 2012-03-28 15:05:04 +00:00
Dr. Stephen Henson
7744ef1ada use client version when deciding whether to send supported signature algorithms extension 2012-03-21 21:33:23 +00:00
Dr. Stephen Henson
156421a2af oops, revert unrelated patches 2012-03-14 13:46:50 +00:00
Dr. Stephen Henson
61ad8262a0 update FAQ, NEWS 2012-03-14 13:44:57 +00:00
Andy Polyakov
d2add2efaa ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER. 2012-03-13 19:20:55 +00:00
Dr. Stephen Henson
15a40af2ed Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Add more extension names in s_cb.c extension printing code.
 2012-03-09 18:38:35 +00:00
Dr. Stephen Henson
ea6e386008 PR: 2756 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
 2012-03-09 15:52:33 +00:00
Dr. Stephen Henson
e7f8ff4382 New ctrls to retrieve supported signature algorithms and curves and 
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
 2012-03-06 14:28:21 +00:00
Dr. Stephen Henson
62b6948a27 PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:47:43 +00:00
Dr. Stephen Henson
0fbf8b9cea PR: 2748 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
 2012-03-06 13:26:15 +00:00
Dr. Stephen Henson
57cb030cea PR: 2739 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.
 2012-02-27 16:38:24 +00:00
Dr. Stephen Henson
8f27a92754 ABI fixes from 1.0.1-stable 2012-02-23 22:25:52 +00:00