Commit graph

10725 commits

Author SHA1 Message Date
Dr. Stephen Henson
efc17286f8 DTLS 1.2 cached record support.
Add DTLS1.2 support for cached records when computing handshake macs
instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the
equivalent TLS 1.2 code to DTLS).
(cherry picked from commit 04fac50045)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
acec5a6244 Provisional DTLS 1.2 support.
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
(cherry picked from commit c3b344e36a)

Conflicts:

	apps/s_server.c
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
68039af3e7 Remove versions test from dtls1_buffer_message
Since this is always called from DTLS code it is safe to assume the header
length should be the DTLS value. This avoids the need to check the version
number and should work with any version of DTLS (not just 1.0).
(cherry picked from commit 9cf0f18754)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
da1247d653 Extend DTLS method macros.
Extend DTLS method creation macros to support version numbers and encryption
methods. Update existing code.
(cherry picked from commit cfd298b7ae)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
052d0358f2 Enable various DTLS extensions.
Some TLS extensions were disabled for DTLS. Possibly because they caused
problems with the old duplicated code. Enable them again.
(cherry picked from commit 874a18cfad)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
1b6ab411d3 Use enc_flags when deciding protocol variations.
Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
(cherry picked from commit cbd64894ec)

Conflicts:

	ssl/ssl_locl.h
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
d88d98edd3 Use appropriate versions of SSL3_ENC_METHOD
(cherry picked from commit 6de2649a6b)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
741c9959f6 DTLS revision.
Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.

Specifically almost all of the record generation functions have code like
this:

some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);

...

write_handshake_message(ssl);

Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.

By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.

(cherry picked from commit 173e72e64c)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
7c23127fde Add functions to set ECDSA_METHOD structure.
Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
(cherry picked from commit 94c2f77a62)
2013-09-18 01:23:40 +01:00
Bodo Moeller
8b9722a3c0 Merge branch 'OpenSSL_1_0_2-stable' of openssl.net:openssl into OpenSSL_1_0_2-stable 2013-09-17 09:59:14 +02:00
Bodo Moeller
8c149cfd83 Sync with version from master. 2013-09-17 09:55:27 +02:00
Trevor Perrin
6da498991c Various custom extension fixes.
Force no SSL2 when custom extensions in use.
Don't clear extension state when cert is set.
Clear on renegotiate.

Conflicts:
	ssl/t1_lib.c
2013-09-16 18:40:53 +01:00
Rob Stradling
86a66deb7e Update CHANGES. 2013-09-16 14:03:22 +01:00
Rob Stradling
9409e18179 Tidy up comments. 2013-09-16 14:03:21 +01:00
Rob Stradling
6a0b803fc0 Use TLS version supplied by client when fingerprinting Safari. 2013-09-16 14:03:21 +01:00
Rob Stradling
5fa3b54788 Fix compilation with no-ec and/or no-tlsext. 2013-09-16 14:03:21 +01:00
Rob Stradling
07df5018be Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-16 14:03:21 +01:00
Bodo Moeller
1b9a59c36a Sync CHANGES and NEWS files. 2013-09-16 14:54:34 +02:00
Bodo Moeller
8f89c33451 Merge branch 'OpenSSL_1_0_2-stable' of /usr/local/google/home/bmoeller/openssl/openssl into OpenSSL_1_0_2-stable 2013-09-16 14:51:10 +02:00
Bodo Moeller
485d7d5904 Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
2013-09-16 14:50:48 +02:00
Bodo Moeller
e3720888c7 Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
2013-09-16 13:06:30 +02:00
Andy Polyakov
d75e384ff8 Extend OPENSSL_ia32cap_P (backport from HEAD). 2013-09-15 22:13:54 +02:00
Andy Polyakov
c340c7a88c crypto/armcap.c: fix typo in rdtsc subroutine.
PR: 3125
Submitted by: Kyle McMartin
(cherry picked from commit 8e52a9063a)
2013-09-15 22:10:49 +02:00
Dr. Stephen Henson
9ecf6e93af add -badsig option to corrupt CRL signatures for testing too
(cherry picked from commit 139cd16cc5)
2013-09-14 13:53:44 +01:00
Dr. Stephen Henson
a41735288c Add missing code from SSL_CONF backport. 2013-09-14 13:53:44 +01:00
Scott Deboy
8ae78c6bd9 Initialize next_proto in s_server - resolves incorrect attempts to free
Cherry pick of b0d27cb902.
2013-09-13 11:31:39 -04:00
Adam Langley
cb3cec4adf Add tests for ALPN functionality.
Cherry-picked from a898936218.
2013-09-13 11:27:26 -04:00
Adam Langley
b0d6f3c58f Support ALPN.
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

Cherry-picked from 6f017a8f9d.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
2013-09-13 11:27:22 -04:00
Ben Laurie
0338648426 Constification. 2013-09-10 17:58:44 +01:00
Andy Polyakov
c7dc404188 crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.
Avoid occasional up to 8% performance drops.
(cherry picked from commit 7a1a12232a)
2013-09-09 21:46:02 +02:00
Andy Polyakov
08853158b6 crypto/bn/asm/x86_64-mont.pl: minor optimization.
(cherry picked from commit 72a158703b)
2013-09-09 21:42:48 +02:00
Andy Polyakov
74e0187663 Revert "x86cpuid.pl: fix extended feature flags detection."
This reverts commit 514f1a7835.
2013-09-09 21:35:15 +02:00
Dr. Stephen Henson
bb4aa95c81 Remove ancient PATENTS section and FAQ reference.
(cherry picked from commit ce4555967e)
2013-09-08 21:25:38 +01:00
Dr. Stephen Henson
5117d50b7e Partial path fix.
When verifying a partial path always check to see if the EE certificate
is explicitly trusted: the path could contain other untrusted certificates.
(cherry picked from commit 52073b7675)
2013-09-08 21:25:10 +01:00
Dr. Stephen Henson
593605d3ec Document supported curve functions.
(cherry picked from commit c3eb33763b)
2013-09-03 15:43:59 +01:00
Dr. Stephen Henson
c9ea4df8f9 Document -force_pubkey option.
(cherry picked from commit b093a06866bf632a97a9a0286e2d08f69c3cf7dd)
2013-08-21 13:41:17 +01:00
Dr. Stephen Henson
89ff56faf1 Correct ECDSA example.
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
2013-08-20 17:30:16 +01:00
Dr. Stephen Henson
9855026c43 fix printout of expiry days if -enddate is used in ca
(cherry picked from commit f7ac0ec89d)
2013-08-19 21:55:07 +01:00
Dr. Stephen Henson
904348a492 Time difference functions.
Backport of ASN1_TIME_diff and OPENSSL_gmtime_diff functions from master
branch.
2013-08-19 21:55:07 +01:00
Dr. Stephen Henson
aaaa18392d new command line option -stdname to ciphers utility
(cherry picked from commit 51b9115b6d)
2013-08-19 20:25:39 +01:00
Dr. Stephen Henson
8c33e40d2e Add new test option set the version in generated certificates: this
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
(cherry picked from commit df316fd43c)
2013-08-19 18:10:04 +01:00
Dr. Stephen Henson
0d04af1e72 option to output corrupted signature in certificates for testing purposes
(cherry picked from commit 96cfba0fb4)
2013-08-19 18:09:44 +01:00
Dr. Stephen Henson
8f17495800 update usage messages
(cherry picked from commit 7c8ac50504)
2013-08-19 18:09:26 +01:00
Dr. Stephen Henson
95c1a24853 add -naccept <n> option to s_server to automatically exit after <n> connections
(cherry picked from commit b5cadfb564)
2013-08-19 17:42:02 +01:00
Dr. Stephen Henson
08374de10f with -rev close connection if client sends "CLOSE"
(cherry picked from commit 685755937a)
2013-08-19 14:14:05 +01:00
Dr. Stephen Henson
506e70a216 Add simple external session cache to s_server. This serialises sessions
just like a "real" server making it easier to trace any problems.

(manually applied from commit 35b0ea4efe)
2013-08-19 14:13:56 +01:00
Dr. Stephen Henson
0cca92cdd3 Remove commented out debug line. 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
5b430cfc44 Make no-ec compilation work.
(cherry picked from commit 14536c8c9c)
2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
171c4da568 Add -rev test option to s_server to just reverse order of characters received
by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
(cherry picked from commit 4f3df8bea2)
2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
04611fb0f1 Add -brief option to s_client and s_server to summarise connection details.
New option -verify_quiet to shut up the verify callback unless there is
an error.

(manually applied from commit 2a7cbe77b3)
2013-08-19 14:13:24 +01:00