wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
19401 commits 20 branches 302 tags 153 MiB
Commit graph

72 commits

Author SHA1 Message Date
Matt Caswell
a4f376af7e Construct the early_data extension 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:14 +00:00
Matt Caswell
29fac541b0 Teach SSL_trace() about the early_data_info extension 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
 2017-03-02 17:44:14 +00:00
Dr. Stephen Henson
fa64210a88 Trace support for TLS 1.3 certificate request message 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2728)
 2017-02-27 18:23:18 +00:00
Dr. Stephen Henson
26a556e778 Add missing blank lines and cosmetic improvements 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
 2017-02-26 18:26:09 +00:00
Dr. Stephen Henson
5032abdfa8 TLS 1.3 support for ssl_print_ticket() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
 2017-02-26 18:26:09 +00:00
Dr. Stephen Henson
26212351b6 print out alpn extension 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
 2017-02-26 18:26:09 +00:00
Dr. Stephen Henson
52434847b1 Add ffdhe groups to trace output 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
 2017-02-26 18:26:08 +00:00
Dr. Stephen Henson
b9d71999b0 Print numerical value of named roups 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
 2017-02-26 18:26:08 +00:00
Dr. Stephen Henson
f1dae5f08a Add entry for PSK extension 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
 2017-02-26 18:26:08 +00:00
Dr. Stephen Henson
6e7c55399c Add trace entries for remaining TLS 1.3 ciphersuites 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
 2017-02-26 18:26:08 +00:00
Matt Caswell
7d8c2dfa64 Add SSL_trace() support for KeyUpdate messages 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
 2017-02-17 10:28:00 +00:00
Matt Caswell
87d70b63a5 Add trace support for HelloRetryRequest 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
 2017-02-14 13:14:25 +00:00
Matt Caswell
b2f7e8c0fe Add support for the psk_key_exchange_modes extension 
This is required for the later addition of resumption support.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
 2017-01-30 10:17:49 +00:00
Matt Caswell
7842505190 Teach SSL_trace about the new sigalgs 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
 2017-01-10 23:02:50 +00:00
Matt Caswell
d805a57be2 Fix various style issues following feedback 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
 2017-01-06 11:01:14 +00:00
Matt Caswell
3dd826b879 Fix a double blank line style issue 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
 2017-01-06 10:25:13 +00:00
Matt Caswell
ac52c4be12 Update SSL_trace to understand TLSv1.3 Certificates 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
 2017-01-06 10:25:13 +00:00
Matt Caswell
1266eefdb6 Various style updates following extensions refactor 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:58 +00:00
Matt Caswell
e46f233444 Add EncryptedExtensions message 
At this stage the message is just empty. We need to fill it in with
extension data.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:17:12 +00:00
Matt Caswell
71728dd8aa Send and Receive a TLSv1.3 format ServerHello 
There are some minor differences in the format of a ServerHello in TLSv1.3.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:16:23 +00:00
Matt Caswell
f43cb3f809 Fix a "defined but not used" warning when enabling ssl-trace 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-16 10:39:23 +00:00
Matt Caswell
d6d0bcddd9 Update the trace code to know about the key_share extension 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-16 10:09:46 +00:00
Richard Levitte
b612799a80 Revert "Remove heartbeats completely" 
Done too soon, this is for future OpenSSL 1.2.0

This reverts commit 6c62f9e163.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-15 14:53:33 +01:00
Richard Levitte
6c62f9e163 Remove heartbeats completely 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
 2016-11-15 10:45:21 +01:00
Richard Levitte
e72040c1dc Remove heartbeat support 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
 2016-11-13 16:24:02 -05:00
Matt Caswell
de4d764e32 Rename the Elliptic Curves extension to supported_groups 
This is a skin deep change, which simply renames most places where we talk
about curves in a TLS context to groups. This is because TLS1.3 has renamed
the extension, and it can now include DH groups too. We still only support
curves, but this rename should pave the way for a future extension for DH
groups.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-10 15:05:36 +00:00
Matt Caswell
60e3b3c550 Remove some redundant trace code 
No need to have a supported versions table and a versions table. They
should be the same.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-09 16:03:09 +00:00
Matt Caswell
b97667ce67 Fix some missing checks for TLS1_3_VERSION_DRAFT 
There were a few places where we weren't checking to see if we were using
the draft TLS1.3 version or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-09 16:03:09 +00:00
Matt Caswell
619d8336d0 Update TLS1.3 draft version numbers for latest draft 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-09 16:03:08 +00:00
Matt Caswell
5506e835a8 Ensure that the -trace option can interpret the supported_versions extension 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-09 16:03:08 +00:00
Matt Caswell
5d71f7ea29 Correct the Id for the TLS1.3 ciphersuite 
We have one TLS1.3 ciphersuite, but there is a typo in the id that should
be corrected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-07 15:47:22 +00:00
Matt Caswell
582a17d662 Add the SSL_METHOD for TLSv1.3 and all other base changes required 
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-02 13:08:21 +00:00
Matt Caswell
2d11f5b2ca Ensure trace recognises X25519 
Using the -trace option to s_server or s_client was incorrectly printing
UNKNOWN for the X25519 curve.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-08 12:34:02 +01:00
Emilia Kasper
a230b26e09 Indent ssl/ 
Run util/openssl-format-source on ssl/

Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-18 14:02:29 +02:00
FdaSilvaYY
d3d5dc607a Enforce and explicit some const casting 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
 2016-07-25 08:20:00 -04:00
Rich Salz
846e33c729 Copyright consolidation 01/10 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2016-05-17 14:19:19 -04:00
Ben Laurie
d94ce4100f Fix enable-ssl-trace no-nextprotoneg. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-04-27 12:36:30 +01:00
Rob Percival
ed29e82ade Adds CT validation to SSL connections 
Disabled by default, but can be enabled by setting the
ct_validation_callback on a SSL or SSL_CTX.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-04 10:50:10 -05:00
Matt Caswell
c6f9019b69 Fix the enable-ssl-trace config option 
The recent removal of static ECDH broke the enable-ssl-trace compilation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-02-12 10:06:45 +00:00
Rich Salz
22e3dcb780 Remove TLS heartbeat, disable DTLS heartbeat 
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-02-11 12:57:26 -05:00
Rich Salz
349807608f Remove /* foo.c */ comments 
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2016-01-26 16:40:43 -05:00
Dr. Stephen Henson
bc71f91064 Remove fixed DH ciphersuites. 
Remove all fixed DH ciphersuites and associated logic.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-19 16:14:51 +00:00
Ben Laurie
d25aeabca8 Don't use EC when no-ec. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-13 16:14:35 +00:00
Andy Polyakov
a76ba82ccb Wire ChaCha20-Poly1305 to TLS. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:05:30 +01:00
Matt Caswell
2a9b96548a Updates to GOST2012 
Various updates following feedback from the recent commit of the new
GOST2012 code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2015-11-27 17:23:14 +00:00
Dmitry Belyavsky
e44380a990 Patch containing TLS implementation for GOST 2012 
This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-11-23 16:09:42 +00:00
Dr. Stephen Henson
2a1a04e131 Add full PSK trace support 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
52f782698d PSK trace keyex fixes. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-06-23 22:25:20 +01:00
Dr. Stephen Henson
9d3356b118 Update trace code. 
Add extension and ciphersuites to trace code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-06-06 13:19:58 +01:00
Matt Caswell
55a9a16f1c Remove Kerberos support from libssl 
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-05-13 15:07:57 +01:00