Commit graph

11453 commits

Author SHA1 Message Date
Andy Polyakov
d8f3ed2306 des_enc.m4: add missing #include.
Submitted by: David Miller
2013-03-31 14:07:48 +02:00
Andy Polyakov
4e049c5259 Add AES-NI GCM stitch. 2013-03-29 20:45:33 +01:00
Andy Polyakov
b4a9d5bfe8 aesni-x86_64.pl: fix typo and optimize small block performance. 2013-03-29 18:54:24 +01:00
Dr. Stephen Henson
3d1160d58b Call RAND_cleanup in openssl application.
(cherry picked from commit 944bc29f90)
2013-03-28 14:29:39 +00:00
Dr. Stephen Henson
4221c0dd30 Enable TLS 1.2 ciphers in DTLS 1.2.
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.
2013-03-28 14:14:27 +00:00
Dr. Stephen Henson
fbbaaccaca Update fixed DH requirements.
The relaxed signing requirements for fixed DH certificates apply to DTLS 1.2
too.
2013-03-28 14:14:27 +00:00
Dr. Stephen Henson
04fac50045 DTLS 1.2 cached record support.
Add DTLS1.2 support for cached records when computing handshake macs
instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the
equivalent TLS 1.2 code to DTLS).
2013-03-28 14:14:27 +00:00
Matt Caswell
94782e0e9c Make binary curve ASN.1 work in FIPS mode.
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
2013-03-26 16:56:50 +00:00
Dr. Stephen Henson
c3b344e36a Provisional DTLS 1.2 support.
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
2013-03-26 15:16:41 +00:00
Dr. Stephen Henson
9cf0f18754 Remove versions test from dtls1_buffer_message
Since this is always called from DTLS code it is safe to assume the header
length should be the DTLS value. This avoids the need to check the version
number and should work with any version of DTLS (not just 1.0).
2013-03-26 15:16:41 +00:00
Dr. Stephen Henson
cfd298b7ae Extend DTLS method macros.
Extend DTLS method creation macros to support version numbers and encryption
methods. Update existing code.
2013-03-26 15:16:41 +00:00
Dr. Stephen Henson
874a18cfad Enable various DTLS extensions.
Some TLS extensions were disabled for DTLS. Possibly because they caused
problems with the old duplicated code. Enable them again.
2013-03-26 15:16:41 +00:00
Andy Polyakov
6c79faaa9d aesni-x86_64.pl: optimize CTR even further.
Based on suggestions from Shay Gueron and Vlad Krasnov.
PR: 3021
2013-03-26 14:29:18 +01:00
Andy Polyakov
1da5d3029e ghash-x86_64.pl: add AVX code path. 2013-03-24 23:44:35 +01:00
Andy Polyakov
1bc4d009e1 aesni-x86_64.pl: optimize CTR even further. 2013-03-19 20:03:02 +01:00
Andy Polyakov
fbf7c44bbf ghash-x86_64.pl: minor optimization. 2013-03-19 20:02:11 +01:00
Dr. Stephen Henson
2f0275a4c3 Disable compression for DTLS.
The only standard compression method is stateful and is incompatible with
DTLS.
2013-03-19 13:43:06 +00:00
Dr. Stephen Henson
eb7ece1381 Typo. 2013-03-19 12:41:54 +00:00
Andy Polyakov
5c60046553 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
PR: 3002
2013-03-18 19:29:41 +01:00
Dr. Stephen Henson
cbd64894ec Use enc_flags when deciding protocol variations.
Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
2013-03-18 15:03:58 +00:00
Dr. Stephen Henson
6de2649a6b Use appropriate versions of SSL3_ENC_METHOD 2013-03-18 14:53:59 +00:00
Dr. Stephen Henson
173e72e64c DTLS revision.
Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.

Specifically almost all of the record generation functions have code like
this:

some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);

...

write_handshake_message(ssl);

Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.

By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.

Note: although this passes "make test" and some simple DTLS tests there may
be some minor differences in the DTLS code that have to be accounted for.
2013-03-18 14:36:43 +00:00
Michael Tuexen
80ccc66d7e Avoid unnecessary fragmentation. 2013-03-18 14:30:38 +00:00
Dr. Stephen Henson
5de18d5d0d Encode INTEGER correctly.
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c)
2013-03-18 14:22:08 +00:00
Dr. Stephen Henson
e24fd37cda Typo.
(cherry picked from commit 1546fb780b)
2013-03-18 14:00:39 +00:00
Dr. Stephen Henson
890f2f8b92 DTLS trace support.
Add DTLS record header parsing, different client hello format and add
HelloVerifyRequest message type.

Add code to d1_pkt.c to send message headers to the message callback.
2013-03-11 13:05:07 +00:00
Andy Polyakov
ca303d333b evptests.txt: additional GCM test vectors. 2013-03-06 19:24:05 +01:00
Dr. Stephen Henson
15652f9825 GCM and CCM test support
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.

Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
2013-03-06 16:15:42 +00:00
Dr. Stephen Henson
95248de327 Add CCM ciphers to tables. 2013-03-06 16:15:42 +00:00
Andy Polyakov
28997596f2 ghash-x86_64.pl: fix length handling bug.
Thanks to Shay Gueron & Vlad Krasnov for report.
2013-03-06 10:42:21 +01:00
Dr. Stephen Henson
bcb157f07f typo 2013-03-05 21:20:00 +00:00
Dr. Stephen Henson
e942c15451 Initial CCM code.
Simple example of CCM code use: translated from the FIPS self tests.
2013-03-05 18:30:53 +00:00
Ben Laurie
897dfd4eaa Use CFLAG for LFLAGS instead of the nonexistent CFLAGS. 2013-03-05 05:55:19 +00:00
Ben Laurie
c621fe6685 Ignore mk1mf.pl output directories. 2013-03-05 04:29:41 +00:00
Ben Laurie
feb4c32786 Remove unused variable. 2013-03-04 22:48:38 +00:00
Ben Laurie
63d86d067a Actually comment out the cpuid asm! 2013-03-04 20:31:59 +00:00
Ben Laurie
35ced1f705 Merge branch 'master' of openssl.net:openssl
Conflicts:
	util/mk1mf.pl
2013-03-04 20:26:17 +00:00
Dr. Stephen Henson
71a16946dc Fix WIN32 build.
Make assembly language handling conditional on the "copy" platform
as Windows does its own thing here.
2013-03-04 19:21:32 +00:00
Andy Polyakov
5702e965d7 x86cpuid.pl: make it work with older CPUs.
PR: 3005
2013-03-04 20:05:04 +01:00
Ben Laurie
654d227a86 Only copy headers if they've changed. 2013-03-04 16:56:18 +00:00
Ben Laurie
2f297fce73 Don't make CPUID stuff twice. 2013-03-04 16:10:47 +00:00
Ben Laurie
656829b78f Handle assembler files. 2013-03-04 14:31:19 +00:00
Ben Laurie
95dd301861 Missing MINFO generation. 2013-03-04 14:31:18 +00:00
Ben Laurie
4e2322892b Override local vars for MINFO build. 2013-03-04 14:31:18 +00:00
Ben Laurie
7b0d591dc3 Allow variables to be overridden on the command line. 2013-03-04 14:31:18 +00:00
Ben Laurie
7bbb8c5620 Take the first definition of a variable. 2013-03-04 14:31:18 +00:00
Ben Laurie
d0aeeee176 Use "copy" instead of "auto". 2013-03-04 14:31:18 +00:00
Ben Laurie
afc1b1eab7 Remove pointless diagnostic. 2013-03-04 14:31:18 +00:00
Ben Laurie
5108690f19 Preserve the C compiler. 2013-03-04 14:31:18 +00:00
Ben Laurie
3c76bcded0 Inherit CFLAGS when plaform is "auto". 2013-03-04 14:31:18 +00:00