Commit graph

156 commits

Author SHA1 Message Date
Dr. Stephen Henson
ca989269a2 Use version in SSL_METHOD not SSL structure.
When deciding whether to use TLS 1.2 PRF and record hash algorithms
use the version number in the corresponding SSL_METHOD structure
instead of the SSL structure. The SSL structure version is sometimes
inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449)
2013-12-19 21:04:28 +00:00
Dr. Stephen Henson
ddfe486e4c Enable PSK in FIPS mode.
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
(cherry picked from commit e0ffd129c1)
2013-11-06 14:40:01 +00:00
Rob Stradling
c9a6ddafc5 Tidy up comments. 2013-09-16 15:07:52 +01:00
Rob Stradling
937f125efc Fix compilation with no-ec and/or no-tlsext. 2013-09-16 15:07:52 +01:00
Rob Stradling
4b61f6d2a6 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-16 15:07:51 +01:00
Dr. Stephen Henson
1b452133ae PR: 2806
Submitted by: PK <runningdoglackey@yahoo.com>

Correct ciphersuite signature algorithm definitions.
2012-05-10 18:24:32 +00:00
Bodo Möller
4d936ace08 Disable SHA-2 ciphersuites in < TLS 1.2 connections.
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley
2012-04-17 15:20:17 +00:00
Dr. Stephen Henson
c489ea7d01 PR: 2704
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Fix srp extension.
2012-02-10 20:08:49 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
f5575cd167 New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
New function to retrieve compression method from SSL_SESSION structure.

Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
2011-12-22 15:01:16 +00:00
Dr. Stephen Henson
b8a22c40e0 PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:18:03 +00:00
Ben Laurie
e87afb1518 SSL export fixes (from Adam Langley). 2011-12-13 14:25:11 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Bodo Möller
f72c1a58cb In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:35 +00:00
Bodo Möller
61ac68f9f6 (EC)DH memory handling fixes.
Submitted by: Adam Langley
2011-09-05 10:25:27 +00:00
Dr. Stephen Henson
aed53d6c5a Backport GCM support from HEAD. 2011-08-04 11:13:28 +00:00
Dr. Stephen Henson
c8c6e9ecd9 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
prohibit use of these ciphersuites for TLS < 1.2
2011-07-25 21:45:17 +00:00
Dr. Stephen Henson
a6dc77822b Set SSL_FIPS flag in ECC ciphersuites. 2011-06-06 14:14:14 +00:00
Dr. Stephen Henson
277f8a34f4 use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS 2011-05-25 11:43:17 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD.
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Bodo Möller
02ba02604c Patch from PR #1833 was broken: there's no s->s3->new_session
(only s->new_session).
2010-08-26 14:54:18 +00:00
Dr. Stephen Henson
48ae85b6ff PR: 1833
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
2010-08-26 14:22:40 +00:00
Dr. Stephen Henson
a9bb9d0eb4 PR: 2072
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Avoid potential doublefree and reuse of freed handshake_buffer.
2009-10-16 15:24:19 +00:00
Dr. Stephen Henson
cc1cb996f1 Submitted by: Artem Chuprina <ran@cryptocom.ru>
Reviewed by: steve@openssl.org

Fix to match latest GOST in TLS draft.
2009-05-28 18:10:47 +00:00
Dr. Stephen Henson
82ae57136b Some no-ec fixes (not complete yet). 2009-04-23 15:24:27 +00:00
Dr. Stephen Henson
c184b140df Update from 0.9.8-stable. 2009-04-07 16:30:32 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should
test for them!
2008-12-29 16:11:58 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
3ad74edce8 Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
2008-09-10 16:02:09 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
8a2062fefe Update from stable branch. 2008-04-30 16:14:02 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Bodo Möller
02c27b113c properly handle length-zero opaque PRF input values
(which are pointless, but still might occur)
2007-09-23 11:30:53 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake.
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
94d511cdbd Add ctrls to set and get RFC4507bis keys to enable several contexts to
reuse the same tickets.
2007-08-28 01:08:45 +00:00
Dr. Stephen Henson
367eb1f125 Fix warning and make no-tlsext work. 2007-08-12 18:56:14 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support
for OpenSSL.
2007-08-11 23:18:29 +00:00
Dr. Stephen Henson
b948e2c59e Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
Bodo Möller
cb1bab1a04 All ciphersuites should have a strength designator. 2007-04-24 00:13:51 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9981a51e42 Stage 1 GOST ciphersuite support.
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
2007-03-23 17:04:05 +00:00
Bodo Möller
60cad2caed delete obsolete comment 2007-02-21 09:32:17 +00:00
Bodo Möller
2afe316721 fix warnings for CIPHER_DEBUG builds 2007-02-19 16:59:13 +00:00
Bodo Möller
7e69565fe6 fix warnings/inconsistencies caused by the recent changes to the
ciphersuite selection code in HEAD

Submitted by: Victor Duchovni
2007-02-19 14:53:18 +00:00
Bodo Möller
ccae144d62 fix incorrect strength bit values for certain Kerberos ciphersuites
Submitted by: Victor Duchovni
2007-02-19 14:49:12 +00:00