aboutsummaryrefslogtreecommitdiffstats
path: root/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Fix clang compile time error"Matt Caswell2017-05-041-6/+3
| | | | | | | | | This reverts commit 1608d658af4163d2096cb469705d4ba96067877b. This is the wrong fix for this issue. The next commit provides a better fix. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3382)
* Fix clang compile time errorTodd Short2017-05-041-3/+6
| | | | | | | | | |version| "could" be used uninitialized here, not really, but the compiler doesn't understand the flow Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3373)
* Update the HKDF labels for draft-20Matt Caswell2017-05-032-17/+10
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3371)
* Limit padded record to max plaintextTodd Short2017-05-031-28/+31
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3374)
* Clarify serverinfo usage with Certificate messagesMatt Caswell2017-05-031-0/+4
| | | | | | Ensure that serverinfo only gets added for the first Certificate in a list. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Add an SSL_ prefix to SERVERINFOV2 and SERVERINFOV1Matt Caswell2017-05-031-6/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Only send custom extensions where we have received one in the ClientHelloMatt Caswell2017-05-031-5/+4
| | | | | | | We already did this for ServerHello and EncryptedExtensions. We should be doing it for Certificate and HelloRetryRequest as well. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Extend the SERVERINFO file format to include an extensions contextMatt Caswell2017-05-032-89/+154
| | | | | | | | This enables us to know what messages the extensions are relevant for in TLSv1.3. The new file format is not compatible with the previous one so we call it SERVERINFOV2. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Fix comment around safari fingerprint checkMatt Caswell2017-05-021-0/+1
| | | | | | Fixes #2442 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3367)
* TLS1.3 PaddingTodd Short2017-05-026-5/+143
| | | | | | | | | | Add padding callback for application control Standard block_size callback Documentation and tests included Configuration file/s_client/s_srver option Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3130)
* Return success in custom_ext_parse_old_cb_wrap if parse_cb is NULLGraham Edgecombe2017-04-261-0/+3
| | | | | | | | | | | | | | This fixes a segfault if a NULL parse_cb is passed to SSL_CTX_add_{client,server}_custom_ext, which was supported in the pre-1.1.1 implementation. This behaviour is consistent with the other custom_ext_*_old_cb_wrap functions, and with the new SSL_CTX_add_custom_ext function. CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3310)
* Don't treat PACKET_remaining() as booleanTatsuhiro Tsujikawa2017-04-262-6/+6
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3244)
* Break before && operatorTatsuhiro Tsujikawa2017-04-261-5/+5
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3244)
* Call init and finalization functions per extension messageTatsuhiro Tsujikawa2017-04-264-46/+56
| | | | | | | | | | Previously, init and finalization function for extensions are called per extension block, rather than per message. This commit changes that behaviour, and now they are called per message. The parse function is still called per extension block. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3244)
* Always duplicate the session on NewSessionTicket in TLSv1.3Matt Caswell2017-04-261-1/+9
| | | | | | | | Because NST messages arrive post-handshake, the session may have already gone into the cache. Once in the cache a session must be immutable - otherwise you could get multi-thread issues. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
* Add support for SSL_SESSION_is_resumable()Matt Caswell2017-04-262-13/+19
| | | | | | | Provide a way to test whether the SSL_SESSION object can be used to resume a sesion or not. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
* Remove TLS1.3 TODO around testing for session id lengthMatt Caswell2017-04-261-1/+0
| | | | | | | | TLSv1.3 will do the same thing as TLSv1.2 with tickets with regards to session ids, i.e. it will create a synthetic session id when the session is established, so it is reasonable to check the session id length, even in TLSv1.3. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
* Add a ciphersuite config sanity check for serversMatt Caswell2017-04-265-9/+40
| | | | | | | Ensure that there are ciphersuites enabled for the maximum supported version we will accept in a ClientHello. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3316)
* Add a ciphersuite config sanity check for clientsMatt Caswell2017-04-261-2/+20
| | | | | | | Ensure that there are ciphersuites enabled for the maximum supported version we are claiming in the ClientHello. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3316)
* Don't overwrite the alert value if there is no alert to sendMatt Caswell2017-04-261-21/+21
| | | | | | | | | | | | The function tls_early_post_process_client_hello() was overwriting the passed "al" parameter even if it was successful. The caller of that function, tls_post_process_client_hello(), sets "al" to a sensible default (HANDSHAKE_FAILURE), but this was being overwritten to be INTERNAL_ERROR. The result is a "no shared cipher" error (and probably other similar errors) were being reported back to the client with an incorrect INTERNAL_ERROR alert. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3314)
* Don't attempt to send fragments > max_send_fragment in DTLSMatt Caswell2017-04-253-0/+10
| | | | | | | | | We were allocating the write buffer based on the size of max_send_fragment, but ignoring it when writing data. We should fragment handshake messages if they exceed max_send_fragment and reject application data writes that are too large. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* Remove special case code for SCTP reneg handlingMatt Caswell2017-04-257-129/+3
| | | | | | | | | | | | There was code existing which attempted to handle the case where application data is received after a reneg handshake has started in SCTP. In normal DTLS we just fail the connection if this occurs, so there doesn't seem any reason to try and work around it for SCTP. In practice it didn't work properly anyway and is probably a bad idea to start with. Fixes #3251 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* Don't fail the connection in SSLv3 if server selects ECDHEMatt Caswell2017-04-244-8/+20
| | | | | | | | | | | | | | | ECDHE is not properly defined for SSLv3. Commit fe55c4a2 prevented ECDHE from being selected in that protocol. However, historically, servers do still select ECDHE anyway so that commit causes interoperability problems. Clients that previously worked when talking to an SSLv3 server could now fail. This commit introduces an exception which enables a client to continue in SSLv3 if the server selected ECDHE. [extended tests] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3204)
* if log fails, avoid pms getting double freeRich Salz2017-04-241-3/+3
| | | | | | | | | doing the pms assignment after log is successful Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3278)
* Ignore dups in X509_STORE_add_*Rich Salz2017-04-201-16/+5
| | | | | | | | | | | | | | | | | | | | | | X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returning an error. Raise errors if empty or malformed files are read when loading certificates and CRLs. Remove NULL checks and allow a segv to occur. Add error handing for all calls to X509_STORE_add_c{ert|tl} Refactor these two routines into one. Bring the unit test for duplicate certificates up to date using the test framework. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2830)
* Fix minor compiler issues.Todd Short2017-04-194-21/+21
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3220)
* ASN.1: adapt our use of INTxx et al by making them explicitely embeddedRichard Levitte2017-04-131-9/+9
| | | | | | Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
* CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given secondsRob Percival2017-04-121-1/+2
| | | | | | | | | This resulted in the SCT timestamp check always failing, because the timestamp appeared to be in the future. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3138)
* Remove ECDH(E) ciphers from SSLv3Todd Short2017-04-111-20/+20
| | | | | | | | | | SSLv3 does not support TLS extensions, and thus, cannot provide any curves for ECDH(E). With the removal of the default (all) list of curves being used for connections that didn't provide any curves, ECDHE is no longer possible. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3181)
* Additional check to handle BAD SSL_write retryRich Salz2017-04-111-1/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3124)
* Allow an ALPN callback to pretend to not existBenjamin Kaduk2017-04-101-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | RFC 7301 mandates that the server SHALL respond with a fatal "no_application_protocol" alert when there is no overlap between the client's supplied list and the server's list of supported protocols. In commit 062178678f5374b09f00d70796f6e692e8775aca we changed from ignoring non-success returns from the supplied alpn_select_cb() to treating such non-success returns as indicative of non-overlap and sending the fatal alert. In effect, this is using the presence of an alpn_select_cb() as a proxy to attempt to determine whether the application has configured a list of supported protocols. However, there may be cases in which an application's architecture leads it to supply an alpn_select_cb() but have that callback be configured to take no action on connections that do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from the callback would be the natural way to do so. Unfortunately, the aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as indicative of no overlap and terminated the connection; this change supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the callback. In effect, it provides a way for a callback to obtain the behavior that would have occurred if no callback was registered at all, which was not possible prior to this change. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2570)
* Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variantsRichard Levitte2017-04-101-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* Remove an out of date TODOMatt Caswell2017-04-071-5/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
* Create an ENDPOINT enum type for use internallyMatt Caswell2017-04-074-33/+41
| | | | | | We need it for the custom extensions API Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
* Prefix custom extension API callback types with SSL_Matt Caswell2017-04-072-9/+9
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
* Various style tweaks based on feedbackMatt Caswell2017-04-071-14/+14
| | | | | | Style updates for the new custom extensions API Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
* Implement a new custom extensions APIMatt Caswell2017-04-077-193/+403
| | | | | | | | The old custom extensions API was not TLSv1.3 aware. Extensions are used extensively in TLSv1.3 and they can appear in many different types of messages. Therefore we need a new API to be able to cope with that. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
* Move the extensions context codes into the public APIMatt Caswell2017-04-078-119/+112
| | | | | | | | This move prepares for the later addition of the new custom extensions API. The context codes have an additional "SSL_" added to their name to ensure we don't have name clashes with other applications. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
* Move ssl/t1_ext.c to ssl/statem/extensions_cust.cMatt Caswell2017-04-072-3/+3
| | | | | | Brings all the extensions code together. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
* Convert SSL_SESSION_ASN1 to use size specific integersRichard Levitte2017-04-041-19/+19
| | | | | | | | | This increases portability of SSL_SESSION files between architectures where the size of |long| may vary. Before this, SSL_SESSION files produced on a 64-bit long architecture may break on a 32-bit long architecture. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
* Constify SSL_dup_CA_list()Dr. Stephen Henson2017-04-031-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
* Don't use client specific functions to retrieve CA listDr. Stephen Henson2017-04-032-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
* SSL_CONF support for certificate_authoritiesDr. Stephen Henson2017-04-031-4/+18
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
* New certificate_authorities functionsDr. Stephen Henson2017-04-037-44/+76
| | | | | | | | | Add functions to add/retrieve the certificate_authorities. The older client_CA functions mainly just call the new versions now. Rename fields sice new extension can be generated by client and server. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
* Fix calls to SSL_get_server_tmp_key() in TLSv1.3Matt Caswell2017-04-031-2/+2
| | | | | | | | | | The macro SSL_get_server_tmp_key() returns information about the temp key used by the server during a handshake. This was returning NULL for TLSv1.3 and causing s_client to omit this information in its connection summary. Fixes #3081 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3114)
* Tweak a style issueMatt Caswell2017-04-031-4/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3091)
* Restore s->early_data_state with the original valueTatsuhiro Tsujikawa2017-04-031-2/+4
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3091)
* Don't handle handshake messages when writing early data on serverMatt Caswell2017-04-031-1/+7
| | | | | | | | | | If we have received the EoED message but not yet had the CF then we are "in init". Despite that we still want to write application data, so suppress the "in init" check in ssl3_write_bytes() in that scenario. Fixes #3041 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3091)
* Fix a typo in the SSL_get_max_early_data() declarationsKazuki Yamaguchi2017-04-031-1/+1
| | | | | | | | | SSL_get_max_early_data() recently added by 3fc8d856105e ("Construct the ticket_early_data_info extension", 2017-02-17) is supposed to take an SSL, but it doesn't. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3113)
* Update SSL_extension_supported()Matt Caswell2017-03-311-3/+16
| | | | | | | Numerous changes have been made to the supported built-in extensions and SSL_extension_supported() has not kept up. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3097)
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-19 07:49:21 +0000