Commit graph

1675 commits

Author SHA1 Message Date
Dr. Stephen Henson
d2aea03829 Memory leak and NULL dereference fixes.
PR#3403
2014-06-27 14:35:07 +01:00
Hubert Kario
6d3d579367 Document -trusted_first option in man pages and help.
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
2014-06-19 23:09:21 +01:00
Matt Caswell
2d7153e8f9 Tidied up, added include to stdlib, removed "goto bad" usage 2014-06-17 23:35:53 +01:00
rfkrocktk
8a531c22b0 Conform to whitespace conventions 2014-06-17 23:10:14 +01:00
Naftuli Tzvi Kay
8a6c6bbf21 Added custom PBKDF2 iteration count to PKCS8 tool. 2014-06-17 23:10:14 +01:00
Dr. Stephen Henson
9494e99b40 Fix compilation with no-comp 2014-06-11 14:41:00 +01:00
Dr. Stephen Henson
14f47acf23 Allow reordering of certificates when signing.
Add certificates if -nocerts and -certfile specified when signing
in smime application. This can be used this to specify the
order certificates appear in the PKCS#7 structure: some broken
applications require a certain ordering.

PR#3316
2014-06-02 14:22:07 +01:00
Dr. Stephen Henson
a09220d823 Recognise padding extension. 2014-06-01 18:15:21 +01:00
Ben Laurie
0382950c6c Zero prime doits. 2014-06-01 15:31:27 +01:00
Ben Laurie
5efa13ca7e Add option to run all prime tests. 2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
a77889f560 Only count successful generations. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
982c42cb20 Try skipping over the adding and just picking a new random number.
Generates a number coprime to 2, 3, 5, 7, 11.

Speed:
Trial div (add) : trial div (retry) : coprime
1 : 0.42 : 0.84
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
7e965dcc38 Remove editor barf on updating copyright. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
c09ec5d2a0 Generate safe primes not divisible by 3, 5 or 7.
~2% speed improvement on trial division.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b0513819e0 Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5.
Possibly some reduction in bias, but no speed gains.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b359642ffd Run the prime speed tests for 10 seconds. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
8c9336ce2b Tidy up speed.c a little. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b5419b81ac Add speed test for prime trial division. 2014-06-01 15:31:26 +01:00
Matt Caswell
3d9243f1b6 Changed -strictpem to use PEM_read_bio 2014-05-26 23:31:37 +01:00
Matt Caswell
6b5c1d940b Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker 2014-05-26 17:24:11 +01:00
Martin Kaiser
c5f0b9bd86 Modify the description of -noout to match the manpage. PR#3364 2014-05-24 00:04:25 +01:00
Martin Kaiser
189ae368d9 Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
Dr. Stephen Henson
6f719f063c Change default cipher in smime app to des3.
PR#3357
2014-05-21 11:28:57 +01:00
Dr. Stephen Henson
c358651218 Enc doesn't support AEAD ciphers.
(cherry picked from commit 09184dddead165901700b31eb39d540ba30f93c5)
2014-05-15 14:16:46 +01:00
Viktor Dukhovni
b00676bb6f Fix infinite loop. PR#3347 2014-05-11 20:28:56 +01:00
Geoff Thorpe
a935132099 s_client/s_server: support unix domain sockets
The "-unix <path>" argument allows s_server and s_client to use a unix
domain socket in the filesystem instead of IPv4 ("-connect", "-port",
"-accept", etc). If s_server exits gracefully, such as when "-naccept"
is used and the requested number of SSL/TLS connections have occurred,
then the domain socket file is removed. On ctrl-C, it is likely that
the stale socket file will be left over, such that s_server would
normally fail to restart with the same arguments. For this reason,
s_server also supports an "-unlink" option, which will clean up any
stale socket file before starting.

If you have any reason to want encrypted IPC within an O/S instance,
this concept might come in handy. Otherwise it just demonstrates that
there is nothing about SSL/TLS that limits it to TCP/IP in any way.

(There might also be benchmarking and profiling use in this path, as
unix domain sockets are much lower overhead than connecting over local
IP addresses).

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-08 22:07:09 -04:00
Tim Hudson
b6e69d284b coverity 966576 - close socket in error path 2014-05-08 23:14:52 +01:00
Tim Hudson
8e94fadd0b PR#3342 fix resource leak coverity issue 966577 2014-05-08 23:08:33 +01:00
Geoff Thorpe
e1ce131d4d apps/s_server: document '-naccept' cmd-line argument
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-04 22:42:41 -04:00
Geoff Thorpe
79c6c4e828 make depend 2014-04-25 14:31:05 -04:00
Geoff Thorpe
76c3ff6937 apps: constify some string parameters
There are certainly many more constifiable strings in the various
interfaces, which I hope to get to eventually.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-04-25 14:31:05 -04:00
Dr. Stephen Henson
5219d3dd35 Fix free errors in ocsp utility.
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
2014-04-09 15:42:40 +01:00
Dr. Stephen Henson
7ba08a4d73 Use correct length when prompting for password.
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
2014-04-04 12:44:43 +01:00
Tim Hudson
de2d97cd79 Add option to generate old hash format.
New -hash_old to generate CRL hashes using old
(before OpenSSL 1.0.0) algorithm.
2014-04-03 13:26:32 +01:00
Ben Laurie
5a49001bde Fix warning. 2014-03-29 19:51:58 +00:00
Dr. Stephen Henson
e03c5b59f0 Security callback debug print out.
Add a debugging security callback option to s_client/s_server. This will
print out each security parameter as it is accepted or rejected.
2014-03-28 14:56:43 +00:00
Dr. Stephen Henson
8b8e5bed23 Allow return of supported ciphers.
New function ssl_cipher_disabled.

Check for disabled client ciphers using ssl_cipher_disabled.

New function to return only supported ciphers.

New option to ciphers utility to print only supported ciphers.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
09599b52d4 Auto DH support.
Add auto DH parameter support. This is roughly equivalent to the
ECDH auto curve selection but for DH. An application can just call

SSL_CTX_set_auto_dh(ctx, 1);

and appropriate DH parameters will be used based on the size of the
server key.

Unlike ECDH there is no way a peer can indicate the range of DH parameters
it supports. Some peers cannot handle DH keys larger that 1024 bits for
example. In this case if you call:

SSL_CTX_set_auto_dh(ctx, 2);

Only 1024 bit DH parameters will be used.

If the server key is 7680 bits or more in size then 8192 bit DH parameters
will be used: these will be *very* slow.

The old export ciphersuites aren't supported but those are very
insecure anyway.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
f0ef019da2 Add -no_resumption_on_reneg to SSL_CONF.
(cherry picked from commit 1f44dac24d)
2014-03-27 16:12:40 +00:00
Dr. Stephen Henson
5693a30813 PKCS#8 support for alternative PRFs.
Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.

Add option to pkcs8 utility.

Update docs.
(cherry picked from commit b60272b01f)
2014-03-01 23:16:08 +00:00
Dr. Stephen Henson
86a2f966d0 Add -show_chain option to print out verified chain. 2014-02-25 14:05:22 +00:00
Dr. Stephen Henson
a4cc3c8041 Avoid Windows 8 Getversion deprecated errors.
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
2014-02-25 13:40:33 +00:00
Dr. Stephen Henson
13dc3ce9ab New chain building flags.
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.

Add verify error code when building chain.

Update docs.
2014-02-23 13:36:38 +00:00
Dr. Stephen Henson
8764e86339 make depend 2014-02-20 18:48:56 +00:00
Dr. Stephen Henson
ded18639d7 Move CT viewer extension code to crypto/x509v3 2014-02-20 18:48:56 +00:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Rob Stradling
b263f21246 Move the SCT List extension parser into libssl.
Add the extension parser in the s_client, ocsp and x509 apps.
2014-02-19 13:12:46 +00:00
Kurt Roeckx
3343220327 Use defaults bits in req when not given
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file.  However the value isn't used to generate the key, but it does
print it's generating such a key.  The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024).  Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.

We now read the config first and use the value from the config file when no size
is given.

PR: 2592
2014-02-14 22:30:27 +00:00
Scott Schaefer
2b4ffc659e Fix various spelling errors 2014-02-14 22:29:12 +00:00
Dr. Stephen Henson
847865d0f9 Add suppot for ASCII with CRLF canonicalisation. 2014-02-13 14:35:56 +00:00
Ben Laurie
0a6028757a Fix whitespace, new-style comments. 2014-02-05 18:25:46 +00:00
Scott Deboy
e9add063b5 Re-add alert variables removed during rebase
Whitespace fixes
2014-02-05 18:25:46 +00:00
Scott Deboy
ac20719d99 Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake.

Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
2014-02-05 18:25:46 +00:00
Dr. Stephen Henson
3323314fc1 Add cert callback retry test. 2014-01-26 16:29:50 +00:00
Piotr Sikora
2911575c6e Fix compilation with no-nextprotoneg.
PR#3106
2013-11-14 01:20:12 +00:00
Dr. Stephen Henson
ec2f7e568e Extend SSL_CONF
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
2013-10-20 22:07:36 +01:00
Ben Laurie
c45a48c186 Constification. 2013-10-07 12:45:26 +01:00
Ben Laurie
70d416ec35 Produce PEM we would consume. 2013-09-25 13:57:36 +01:00
Ben Laurie
9725bda766 Show useful errors.
Conflicts:
	apps/s_server.c
2013-09-25 12:45:48 +01:00
Mat
5628ec6673 typo 2013-09-13 14:29:36 +01:00
Scott Deboy
b0d27cb902 Initialize next_proto in s_server - resolves incorrect attempts to free 2013-09-11 17:22:00 -07:00
Dr. Stephen Henson
5e3ff62c34 Experimental encrypt-then-mac support.
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt

To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10

For non-compliant peers (i.e. just about everything) this should have no
effect.
2013-09-08 13:14:03 +01:00
Ben Laurie
1769dfab06 Const fix. 2013-09-06 14:03:28 +01:00
Scott Deboy
67c408cee9 Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks 2013-09-06 13:59:14 +01:00
Ben Laurie
5eda213ebe More cleanup. 2013-09-06 13:59:14 +01:00
Ben Laurie
a6a48e87bc Make it build. 2013-09-06 13:59:13 +01:00
Scott Deboy
36086186a9 Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
2013-09-06 13:59:13 +01:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Ben Laurie
d2625fd657 Clean up layout. 2013-09-05 17:28:05 +01:00
Carlos Alberto Lopez Perez
b98af49d97 Add an "-xmpphost" option to s_client
* Many XMPP servers are configured with multiple domains (virtual hosts)
 * In order to establish successfully the TLS connection you have to specify
   which virtual host you are trying to connect.
 * Test this, for example with ::
   * Fail:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp
   * Works:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
2013-09-05 17:24:56 +01:00
Carlos Alberto Lopez Perez
4249d4ba86 Fix infinite loop on s_client starttls xmpp
* When the host used in "-connect" is not what the remote XMPP server expects
   the server will return an error like this:
     <stream:error>
       <host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
     </stream:error>
 * But the actual code will stay on the loop forever because the stop condition
   "/stream:features>" will never happen,
 * Make this more robust: The stop condition should be that BIO_read failed
 * Test if for example with ::

    openssl s_client  -connect random.jabb3r.net:5222 -starttls xmpp
2013-09-05 17:24:56 +01:00
Carlos Alberto Lopez Perez
4e48c77572 Fix XMPP code detection on s_client starttls xmpp
* Some XMPP Servers (OpenFire) use double quotes.
 * This makes s_client starttls work with this servers.
 * Tested with OpenFire servers from http://xmpp.net/ ::

     openssl s_client -connect coderollers.com:5222 -starttls xmpp
2013-09-05 17:24:55 +01:00
Dr. Stephen Henson
fcb2bcfe65 Typo: don't call RAND_cleanup during app startup.
(cherry picked from commit 90e7f983b5)
2013-08-18 19:06:51 +01:00
Dr. Stephen Henson
14536c8c9c Make no-ec compilation work. 2013-08-17 17:41:13 +01:00
Adam Langley
a898936218 Add tests for ALPN functionality.
Conflicts:
	ssl/ssltest.c
2013-07-22 15:47:48 +01:00
Adam Langley
6f017a8f9d Support ALPN.
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00

Conflicts:
	ssl/ssl3.h
	ssl/t1_lib.c
2013-07-22 15:28:20 +01:00
Dr. Stephen Henson
5711885a2b Custom key wrap option for cms utility. 2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
02498cc885 Add -keyopt option to cms utility.
Add support for custom public key parameters in the cms utility using
the -keyopt switch. Works for -sign and also -encrypt if -recip is used.
2013-06-21 23:43:06 +01:00
Trevor
a398f821fa Add support for arbitrary TLS extensions.
Contributed by Trevor Perrin.
2013-06-12 17:01:13 +01:00
Dr. Stephen Henson
c6913eeb76 Dual DTLS version methods.
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.

As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
2013-04-09 14:02:48 +01:00
Dr. Stephen Henson
3d1160d58b Call RAND_cleanup in openssl application.
(cherry picked from commit 944bc29f90)
2013-03-28 14:29:39 +00:00
Dr. Stephen Henson
c3b344e36a Provisional DTLS 1.2 support.
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
2013-03-26 15:16:41 +00:00
Andy Polyakov
a006fef78e Improve WINCE support.
Submitted by: Pierre Delaage
2013-01-19 21:23:13 +01:00
Dr. Stephen Henson
4badfebefc Typo (PR2959). 2013-01-17 18:20:18 +00:00
Dr. Stephen Henson
abd01ea214 Change default bits to 1024 2013-01-07 16:18:31 +00:00
Dr. Stephen Henson
b252cf0d98 make JPAKE work again, fix memory leaks 2012-12-29 23:38:20 +00:00
Dr. Stephen Henson
89a5e2f704 missing tab 2012-12-26 19:12:57 +00:00
Dr. Stephen Henson
09d0d67c13 add missing newline 2012-12-21 16:24:48 +00:00
Dr. Stephen Henson
bbdfbacdef add -rmd option to set OCSP response signing digest 2012-12-16 00:10:03 +00:00
Dr. Stephen Henson
99fc818e93 Return success when the responder is active.
Don't verify our own responses.
2012-12-15 02:56:02 +00:00
Dr. Stephen Henson
265f835e3e typo 2012-12-15 00:29:12 +00:00
Dr. Stephen Henson
33826fd028 Add support for '-' as input and output filenames in ocsp utility.
Recognise verification arguments.
2012-12-14 23:30:56 +00:00
Dr. Stephen Henson
92821996de oops, revert, committed in error 2012-12-14 23:29:58 +00:00
Dr. Stephen Henson
11e2957d5f apps/ocsp.c 2012-12-14 23:28:19 +00:00
Dr. Stephen Henson
51e7a4378a New verify flag to return success if we have any certificate in the
trusted store instead of the default which is to return an error if
we can't build the complete chain.
2012-12-13 18:14:46 +00:00
Dr. Stephen Henson
60938ae772 add -crl_download option to s_server 2012-12-12 03:35:31 +00:00
Dr. Stephen Henson
4e71d95260 add -cert_chain option to s_client 2012-12-12 00:50:26 +00:00
Ben Laurie
fefc111a2a Make openssl verify return errors. 2012-12-11 16:05:14 +00:00
Dr. Stephen Henson
1e8b9e7e69 add -badsig option to ocsp utility too. 2012-12-09 16:21:46 +00:00
Ben Laurie
30c278aa6b Fix OCSP checking. 2012-12-07 18:47:47 +00:00