Commit graph

381 commits

Author SHA1 Message Date
Dr. Stephen Henson
28ea0a0c6a Add custom extension sanity checks.
Reject attempts to use extensions handled internally.

Add flags to each extension structure to indicate if an extension
has been sent or received. Enforce RFC5246 compliance by rejecting
duplicate extensions and unsolicited extensions and only send a
server extension if we have sent the corresponding client extension.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-08-28 17:06:52 +01:00
Dr. Stephen Henson
ecf4d66090 Custom extension revision.
Use the same structure for client and server custom extensions.

Add utility functions in new file t1_ext.c.
Use new utility functions to handle custom server and client extensions
and remove a lot of code duplication.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-08-28 17:06:52 +01:00
Emilia Kasper
be0477a8e9 RT 3060: amend patch
Use existing error code SSL_R_RECORD_TOO_SMALL for too many empty records.

For ease of backporting the patch to release branches.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
2014-08-22 15:35:42 +02:00
Dr. Stephen Henson
b83294fe30 Revision of custom extension code.
Move custom extension structures from SSL_CTX to CERT structure.

This change means the form can be revised in future without binary
compatibility issues. Also since CERT is part of SSL structures
so per-SSL custom extensions could be supported in future as well as
per SSL_CTX.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-08-15 12:20:04 +01:00
Viktor Szakats
693b71fa71 RT 1988: Add "const" to SSL_use_RSAPrivateKey_ASN1
The "unsigned char *d" should be const.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
2014-08-09 07:56:28 -04:00
Dr. Stephen Henson
0989790b87 Check SRP parameters early.
Check SRP parameters when they are received so we can send back an
appropriate alert.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-08-06 20:36:41 +01:00
Dr. Stephen Henson
e0fc7961c4 Add conditional unit testing interface.
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-07-24 19:41:29 +01:00
Ben Laurie
d2ab55eb5b Reduce casting nastiness. 2014-07-05 15:00:53 +01:00
Dr. Stephen Henson
b948ee27b0 Remove all RFC5878 code.
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
2014-07-04 13:26:35 +01:00
Ben Laurie
8892ce7714 Constification - mostly originally from Chromium. 2014-06-29 21:05:23 +01:00
Dr. Stephen Henson
447280ca7b SRP ciphersuite correction.
SRP ciphersuites do not have no authentication. They have authentication
based on SRP. Add new SRP authentication flag and cipher string.
2014-06-09 12:09:52 +01:00
Dr. Stephen Henson
01f2f18f3c Option to disable padding extension.
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
2014-06-01 18:15:21 +01:00
Martin Kaiser
189ae368d9 Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
Dr. Stephen Henson
b362ccab5c Security framework.
Security callback: selects which parameters are permitted including
sensible defaults based on bits of security.

The "parameters" which can be selected include: ciphersuites,
curves, key sizes, certificate signature algorithms, supported
signature algorithms, DH parameters, SSL/TLS version, session tickets
and compression.

In some cases prohibiting the use of a parameters will mean they are
not advertised to the peer: for example cipher suites and ECC curves.
In other cases it will abort the handshake: e.g DH parameters or the
peer key size.

Documentation to follow...
2014-03-28 14:56:30 +00:00
Dr. Stephen Henson
8b8e5bed23 Allow return of supported ciphers.
New function ssl_cipher_disabled.

Check for disabled client ciphers using ssl_cipher_disabled.

New function to return only supported ciphers.

New option to ciphers utility to print only supported ciphers.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
09599b52d4 Auto DH support.
Add auto DH parameter support. This is roughly equivalent to the
ECDH auto curve selection but for DH. An application can just call

SSL_CTX_set_auto_dh(ctx, 1);

and appropriate DH parameters will be used based on the size of the
server key.

Unlike ECDH there is no way a peer can indicate the range of DH parameters
it supports. Some peers cannot handle DH keys larger that 1024 bits for
example. In this case if you call:

SSL_CTX_set_auto_dh(ctx, 2);

Only 1024 bit DH parameters will be used.

If the server key is 7680 bits or more in size then 8192 bit DH parameters
will be used: these will be *very* slow.

The old export ciphersuites aren't supported but those are very
insecure anyway.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
e970f63dc0 Update chain building function.
Don't clear verification errors from the error queue unless
SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set.

If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR
is set return 2 so applications can issue warnings.
(cherry picked from commit 2dd6976f6d)
2014-03-27 14:24:40 +00:00
Dr. Stephen Henson
a029788b0e typo 2014-03-10 15:47:33 +00:00
Dr. Stephen Henson
db7b5e0d76 Add function to free compression methods.
Although the memory allocated by compression methods is fixed and
cannot grow over time it can cause warnings in some leak checking
tools. The function SSL_COMP_free_compression_methods() will free
and zero the list of supported compression methods. This should
*only* be called in a single threaded context when an application
is shutting down to avoid interfering with existing contexts
attempting to look up compression methods.
(cherry picked from commit 976c58302b)
2014-03-01 23:15:25 +00:00
Dr. Stephen Henson
13dc3ce9ab New chain building flags.
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.

Add verify error code when building chain.

Update docs.
2014-02-23 13:36:38 +00:00
Dr. Stephen Henson
daddd9a950 Option to set current cert to server certificate. 2014-02-21 19:44:09 +00:00
Dr. Stephen Henson
ded18639d7 Move CT viewer extension code to crypto/x509v3 2014-02-20 18:48:56 +00:00
Ben Laurie
765e9ba911 Merge branch 'sct-viewer-master' of https://github.com/robstradling/openssl into sct-viewer 2014-02-19 17:17:14 +00:00
Rob Stradling
b263f21246 Move the SCT List extension parser into libssl.
Add the extension parser in the s_client, ocsp and x509 apps.
2014-02-19 13:12:46 +00:00
Dr. Stephen Henson
3c6c139a07 Restore SSL_OP_MSIE_SSLV2_RSA_PADDING
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
(cherry picked from commit b17d6b8d1d)
2014-02-16 11:43:46 +00:00
Dr. Stephen Henson
4dce704145 fix error discrepancy
(cherry picked from commit a2317c3ffd)
2014-02-13 14:35:22 +00:00
Dr. Stephen Henson
b45e874d7c Return previous compression methods when setting them. 2014-02-06 13:57:26 +00:00
Ben Laurie
0a6028757a Fix whitespace, new-style comments. 2014-02-05 18:25:46 +00:00
Scott Deboy
e9add063b5 Re-add alert variables removed during rebase
Whitespace fixes
2014-02-05 18:25:46 +00:00
Scott Deboy
ac20719d99 Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake.

Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
2014-02-05 18:25:46 +00:00
Dr. Stephen Henson
a51f767645 Return per-certificate chain if extra chain is NULL.
If an application calls the macro SSL_CTX_get_extra_chain_certs
return either the old "shared" extra certificates or those associated
with the current certificate.

This means applications which call SSL_CTX_use_certificate_chain_file
and retrieve the additional chain using SSL_CTX_get_extra_chain_certs
will still work. An application which only wants to check the shared
extra certificates can call the new macro
SSL_CTX_get_extra_chain_certs_only
2014-02-05 17:05:01 +00:00
Dr. Stephen Henson
0f78819c8c New ctrl to set current certificate.
New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.
2014-02-02 22:58:19 +00:00
Dr. Stephen Henson
cbb6744827 New function to set compression methods so they can be safely freed. 2014-01-27 14:30:29 +00:00
Dr. Stephen Henson
ba168244a1 Add new function SSL_CTX_get_ssl_method().
Partial fix for PR#3183.
2014-01-16 14:07:46 +00:00
Daniel Kahn Gillmor
7988163c3b Allow "DHE" and "kDHE" as synonyms of "EDH" and "kEDH" when specifiying ciphers
The standard terminology in https://tools.ietf.org/html/rfc5426 is
"DHE".  "openssl ciphers" outputs "DHE" (for the most part).  But
users of the library currently cannot specify "DHE", they must
currently specify "EDH".

This change allows users to specify the common term in cipher suite
strings without breaking backward compatibility.
2014-01-09 15:43:27 +00:00
Daniel Kahn Gillmor
7963ddeb44 Allow "ECDHE" as a synonym of "EECDH" when specifiying ciphers
The standard terminology in https://tools.ietf.org/html/rfc4492 is
ECDHE.  "openssl ciphers" outputs ECDHE.  But users of the library
currently cannot specify ECDHE, they must specify EECDH.

This change allows users to specify the common term in cipher suite
strings without breaking backward compatibility.
2014-01-09 15:43:27 +00:00
Dr. Stephen Henson
7af31968dd Verify parameter retrieval functions.
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
(cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
a25f9adc77 New functions to retrieve certificate from SSL_CTX
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
2013-11-18 18:56:48 +00:00
Dr. Stephen Henson
60aeb18750 Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set 2013-11-18 16:52:10 +00:00
Piotr Sikora
2911575c6e Fix compilation with no-nextprotoneg.
PR#3106
2013-11-14 01:20:12 +00:00
Rob Stradling
7b6b246fd3 Additional "chain_cert" functions.
PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
2013-11-13 23:48:35 +00:00
Dr. Stephen Henson
26bda7ef2b Sync error codes with 1.0.2-stable 2013-11-06 14:18:41 +00:00
Nick Mathewson
2016265dfb Do not include a timestamp in the Client/ServerHello Random field.
Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
is set.

This is a forward-port of commits:
  4af793036f
  f4c93b46ed
  3da721dac9
  2583270191

While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear.  This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:

    * It's quite possible to open two TLS connections in one second.

    * If the PRNG output is prone to repeat itself, ephemeral
      handshakes (and who knows what else besides) are broken.
2013-10-21 03:37:20 +01:00
Dr. Stephen Henson
ec2f7e568e Extend SSL_CONF
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
2013-10-20 22:07:36 +01:00
Ben Laurie
9725bda766 Show useful errors.
Conflicts:
	apps/s_server.c
2013-09-25 12:45:48 +01:00
Dr. Stephen Henson
9600602267 Fix error code clashes. 2013-09-18 01:22:50 +01:00
Ben Laurie
5eda213ebe More cleanup. 2013-09-06 13:59:14 +01:00
Scott Deboy
36086186a9 Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
2013-09-06 13:59:13 +01:00
Rob Stradling
dece3209f2 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-05 13:09:03 +01:00
Adam Langley
6f017a8f9d Support ALPN.
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00

Conflicts:
	ssl/ssl3.h
	ssl/t1_lib.c
2013-07-22 15:28:20 +01:00