Commit graph

10745 commits

Author SHA1 Message Date
Ben Laurie
93a886b45a Fix warnings.
(cherry picked from commit 282a480a35)
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
ec19082ecc GCM and CCM test support
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.

Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
(cherry picked from commit 15652f9825)
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
0eff7c7c88 Add CCM ciphers to tables.
(cherry picked from commit 95248de327)
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
6c4b3514d7 New SP 800-56A compliant version of DH_compute_key().
(cherry picked from commit bc91494e06)
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
d84cca7447 Typo.
(cherry picked from commit 415ece7301)
2013-10-01 14:01:16 +01:00
Ben Laurie
3a8b23bfd9 Re-add accidentally deleted #endif. 2013-10-01 12:34:44 +01:00
Ben Laurie
63fe322160 Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpn
Conflicts:
	ssl/ssl3.h
	ssl/t1_lib.c
2013-10-01 12:20:02 +01:00
Ben Laurie
c808798013 Produce PEM we would consume. 2013-09-25 13:55:06 +01:00
Ben Laurie
379f21ce5c Show useful errors. 2013-09-24 23:13:22 +01:00
Ben Laurie
4f3b1b3eb9 Merge remote-tracking branch 'trevp/pempick' into OpenSSL_1_0_2-stable 2013-09-24 12:47:54 +01:00
Dr. Stephen Henson
b49df9502e Disable Dual EC DRBG.
Return an error if an attempt is made to enable the Dual EC DRBG: it
is not used by default.
(cherry picked from commit a4870de5aa)
2013-09-22 18:25:58 +01:00
Ben Laurie
4f8a706dc7 Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix 2013-09-20 15:39:08 -07:00
Dr. Stephen Henson
7560f63909 Fix warning. 2013-09-18 15:10:22 +01:00
Dr. Stephen Henson
1dfb1b103c DTLS version usage fixes.
Make DTLS behave like TLS when negotiating version: record layer has
DTLS 1.0, message version is 1.2.

Tolerate different version numbers if version hasn't been negotiated
yet.
(cherry picked from commit 40088d8b81)
2013-09-18 13:47:05 +01:00
Dr. Stephen Henson
6e1987ca1d DTLS trace support.
Add DTLS record header parsing, different client hello format and add
HelloVerifyRequest message type.

Add code to d1_pkt.c to send message headers to the message callback.
(cherry picked from commit 890f2f8b92)

Conflicts:

	ssl/ssl_locl.h
2013-09-18 13:46:03 +01:00
Dr. Stephen Henson
d307176931 Suite B support for DTLS 1.2
Check for Suite B support using method flags instead of version numbers:
anything supporting TLS 1.2 cipher suites will also support Suite B.

Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
(cherry picked from commit 4544f0a691)
2013-09-18 13:46:03 +01:00
Dr. Stephen Henson
c391a74266 Always return errors in ssl3_get_client_hello
If we successfully match a cookie don't set return value to 2 as this
results in other error conditions returning 2 as well.

Instead set return value to -2 which can be checked later if everything
else is OK.
(cherry picked from commit c56f5b8edf)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
65a87d3cc3 Dual DTLS version methods.
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.

As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
(cherry picked from commit c6913eeb76)

Conflicts:

	CHANGES
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
b60b9e7afe Enable TLS 1.2 ciphers in DTLS 1.2.
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.
(cherry picked from commit 4221c0dd30)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
919834dc84 Update fixed DH requirements.
The relaxed signing requirements for fixed DH certificates apply to DTLS 1.2
too.
(cherry picked from commit fbbaaccaca)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
efc17286f8 DTLS 1.2 cached record support.
Add DTLS1.2 support for cached records when computing handshake macs
instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the
equivalent TLS 1.2 code to DTLS).
(cherry picked from commit 04fac50045)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
acec5a6244 Provisional DTLS 1.2 support.
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
(cherry picked from commit c3b344e36a)

Conflicts:

	apps/s_server.c
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
68039af3e7 Remove versions test from dtls1_buffer_message
Since this is always called from DTLS code it is safe to assume the header
length should be the DTLS value. This avoids the need to check the version
number and should work with any version of DTLS (not just 1.0).
(cherry picked from commit 9cf0f18754)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
da1247d653 Extend DTLS method macros.
Extend DTLS method creation macros to support version numbers and encryption
methods. Update existing code.
(cherry picked from commit cfd298b7ae)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
052d0358f2 Enable various DTLS extensions.
Some TLS extensions were disabled for DTLS. Possibly because they caused
problems with the old duplicated code. Enable them again.
(cherry picked from commit 874a18cfad)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
1b6ab411d3 Use enc_flags when deciding protocol variations.
Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
(cherry picked from commit cbd64894ec)

Conflicts:

	ssl/ssl_locl.h
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
d88d98edd3 Use appropriate versions of SSL3_ENC_METHOD
(cherry picked from commit 6de2649a6b)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
741c9959f6 DTLS revision.
Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.

Specifically almost all of the record generation functions have code like
this:

some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);

...

write_handshake_message(ssl);

Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.

By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.

(cherry picked from commit 173e72e64c)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
7c23127fde Add functions to set ECDSA_METHOD structure.
Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
(cherry picked from commit 94c2f77a62)
2013-09-18 01:23:40 +01:00
Bodo Moeller
8b9722a3c0 Merge branch 'OpenSSL_1_0_2-stable' of openssl.net:openssl into OpenSSL_1_0_2-stable 2013-09-17 09:59:14 +02:00
Bodo Moeller
8c149cfd83 Sync with version from master. 2013-09-17 09:55:27 +02:00
Trevor Perrin
6da498991c Various custom extension fixes.
Force no SSL2 when custom extensions in use.
Don't clear extension state when cert is set.
Clear on renegotiate.

Conflicts:
	ssl/t1_lib.c
2013-09-16 18:40:53 +01:00
Rob Stradling
86a66deb7e Update CHANGES. 2013-09-16 14:03:22 +01:00
Rob Stradling
9409e18179 Tidy up comments. 2013-09-16 14:03:21 +01:00
Rob Stradling
6a0b803fc0 Use TLS version supplied by client when fingerprinting Safari. 2013-09-16 14:03:21 +01:00
Rob Stradling
5fa3b54788 Fix compilation with no-ec and/or no-tlsext. 2013-09-16 14:03:21 +01:00
Rob Stradling
07df5018be Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-16 14:03:21 +01:00
Bodo Moeller
1b9a59c36a Sync CHANGES and NEWS files. 2013-09-16 14:54:34 +02:00
Bodo Moeller
8f89c33451 Merge branch 'OpenSSL_1_0_2-stable' of /usr/local/google/home/bmoeller/openssl/openssl into OpenSSL_1_0_2-stable 2013-09-16 14:51:10 +02:00
Bodo Moeller
485d7d5904 Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
2013-09-16 14:50:48 +02:00
Bodo Moeller
e3720888c7 Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
2013-09-16 13:06:30 +02:00
Andy Polyakov
d75e384ff8 Extend OPENSSL_ia32cap_P (backport from HEAD). 2013-09-15 22:13:54 +02:00
Andy Polyakov
c340c7a88c crypto/armcap.c: fix typo in rdtsc subroutine.
PR: 3125
Submitted by: Kyle McMartin
(cherry picked from commit 8e52a9063a)
2013-09-15 22:10:49 +02:00
Dr. Stephen Henson
9ecf6e93af add -badsig option to corrupt CRL signatures for testing too
(cherry picked from commit 139cd16cc5)
2013-09-14 13:53:44 +01:00
Dr. Stephen Henson
a41735288c Add missing code from SSL_CONF backport. 2013-09-14 13:53:44 +01:00
Scott Deboy
8ae78c6bd9 Initialize next_proto in s_server - resolves incorrect attempts to free
Cherry pick of b0d27cb902.
2013-09-13 11:31:39 -04:00
Adam Langley
cb3cec4adf Add tests for ALPN functionality.
Cherry-picked from a898936218.
2013-09-13 11:27:26 -04:00
Adam Langley
b0d6f3c58f Support ALPN.
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

Cherry-picked from 6f017a8f9d.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
2013-09-13 11:27:22 -04:00
Ben Laurie
0338648426 Constification. 2013-09-10 17:58:44 +01:00
Andy Polyakov
c7dc404188 crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.
Avoid occasional up to 8% performance drops.
(cherry picked from commit 7a1a12232a)
2013-09-09 21:46:02 +02:00