Commit graph

31 commits

Author SHA1 Message Date
Dr. Stephen Henson
bc71f91064 Remove fixed DH ciphersuites.
Remove all fixed DH ciphersuites and associated logic.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-19 16:14:51 +00:00
Ben Laurie
d25aeabca8 Don't use EC when no-ec.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 16:14:35 +00:00
Andy Polyakov
a76ba82ccb Wire ChaCha20-Poly1305 to TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:30 +01:00
Matt Caswell
2a9b96548a Updates to GOST2012
Various updates following feedback from the recent commit of the new
GOST2012 code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-27 17:23:14 +00:00
Dmitry Belyavsky
e44380a990 Patch containing TLS implementation for GOST 2012
This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-23 16:09:42 +00:00
Dr. Stephen Henson
2a1a04e131 Add full PSK trace support
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
52f782698d PSK trace keyex fixes.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-23 22:25:20 +01:00
Dr. Stephen Henson
9d3356b118 Update trace code.
Add extension and ciphersuites to trace code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-06 13:19:58 +01:00
Matt Caswell
55a9a16f1c Remove Kerberos support from libssl
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:07:57 +01:00
Dr. Stephen Henson
b6eb9827a6 Add OSSL_NELEM macro.
Add OSSL_NELEM macro to e_os.h to determine the number of elements in an
array.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 12:53:08 +01:00
Rich Salz
9e9858d1cf dead code cleanup: #if 0 in ssl
I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:52:12 -05:00
Dr. Stephen Henson
ddc06b3556 Extended master secret extension support.
Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.

Note: this just sets the flag and doesn't include the changes to
master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Rich Salz
68fd6dce73 Remove support for opaque-prf
An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-28 15:37:16 -05:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00
Dr. Stephen Henson
6db14dbc51 Adding padding extension to trace code. 2014-05-20 11:09:04 +01:00
Daniel Kahn Gillmor
5a21cadbeb use SSL_kDHE throughout instead of SSL_kEDH
DHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEDH should probably be deprecated at some
point, though.
2014-01-09 15:43:28 +00:00
Daniel Kahn Gillmor
75cb3771b4 emit "DHE" instead of "edh" for kX packet trace output
other parts of packet tracing emit the standard "DHE" label instead of
"edh".  This change brings the output of ssl_print_client_keyex() and
ssl_print_server_keyex() into accordance with the standard term.
2014-01-09 15:43:27 +00:00
Daniel Kahn Gillmor
4082fea81c use SSL_kECDHE throughout instead of SSL_kEECDH
ECDHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEECDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEECDH should probably be deprecated at some
point, though.
2014-01-09 15:43:27 +00:00
Daniel Kahn Gillmor
0be085d34a emit "ECDHE" instead of "EECDH" for kX packet trace output
other parts of packet tracing emit the standard "ECDHE" label instead
of "EECDH".  This change brings the output of ssl_print_client_keyex()
and ssl_print_server_keyex() into accordance with the standard term.
2014-01-09 15:43:27 +00:00
Dr. Stephen Henson
d519f0831c Add brainpool curves to trace output.
(cherry picked from commit bd80d0229c)
2013-11-02 15:30:03 +00:00
Dr. Stephen Henson
c3b344e36a Provisional DTLS 1.2 support.
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
2013-03-26 15:16:41 +00:00
Dr. Stephen Henson
cbd64894ec Use enc_flags when deciding protocol variations.
Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
2013-03-18 15:03:58 +00:00
Dr. Stephen Henson
890f2f8b92 DTLS trace support.
Add DTLS record header parsing, different client hello format and add
HelloVerifyRequest message type.

Add code to d1_pkt.c to send message headers to the message callback.
2013-03-11 13:05:07 +00:00
Dr. Stephen Henson
ea34a58385 Fix for trace code: SSL3 doesn't include a length value for
encrypted premaster secret value.
2013-02-04 15:13:12 +00:00
Dr. Stephen Henson
36b5bb6f2f send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace 2012-12-07 23:42:33 +00:00
Dr. Stephen Henson
083bec780d typo 2012-12-07 13:23:49 +00:00
Dr. Stephen Henson
51b9115b6d new command line option -stdname to ciphers utility 2012-11-16 00:35:46 +00:00
Dr. Stephen Henson
1cf218bcaa New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes
all derived keys to the message callback.

Add code to SSL_trace to include support for printing out keys.
2012-08-28 23:17:28 +00:00
Dr. Stephen Henson
63fe4ee14c update trace messages 2012-07-18 13:53:56 +00:00
Dr. Stephen Henson
93ab9e421e Initial record tracing code. Print out all fields in SSL/TLS records
for debugging purposes. Needs "enable-ssl-trace" configuration option.
2012-06-15 12:46:09 +00:00