aboutsummaryrefslogtreecommitdiffstats
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
* Add SSL_CTX early callbackBenjamin Kaduk2017-02-231-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provide a callback interface that gives the application the ability to adjust the nascent SSL object at the earliest stage of ClientHello processing, immediately after extensions have been collected but before they have been processed. This is akin to BoringSSL's "select_certificate_cb" (though it is not API compatible), and as the name indicates, one major use is to examine the supplied server name indication and select what certificate to present to the client. However, it can also be used to make more sweeping configuration changes to the SSL object according to the selected server identity and configuration. That may include adjusting the permitted TLS versions, swapping out the SSL_CTX object (as is traditionally done in a tlsext_servername_callback), changing the server's cipher list, and more. We also wish to allow an early callback to indicate that it needs to perform additional work asynchronously and resume processing later. To that effect, refactor the second half of tls_process_client_hello() into a subroutine to be called at the post-processing stage (including the early callback itself), to allow the callback to result in remaining in the same work stage for a later call to succeed. This requires allocating for and storing the CLIENTHELLO_MSG in the SSL object to be preserved across such calls, but the storage is reclaimed after ClientHello processing finishes. Information about the CliehtHello is available to the callback by means of accessor functions that can only be used from the early callback. This allows extensions to make use of the existing internal parsing machinery without exposing structure internals (e.g., of PACKET), so that applications do not have to write fragile parsing code. Applications are encouraged to utilize an early callback and not use a servername_callback, in order to avoid unexpected behavior that occurs due to the relative order of processing between things like session resumption and the historical servername callback. Also tidy up nearby style by removing unnecessary braces around one-line conditional bodies. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2279)
* Export SSL_bytes_to_cipher_list()Benjamin Kaduk2017-02-231-0/+1
| | | | | | | | | | | | | | | | | Move ssl_bytes_to_cipher_list() to ssl_lib.c and create a public wrapper around it. This lets application early callbacks easily get SSL_CIPHER objects from the raw ciphers bytes without having to reimplement the parsing code. In particular, they do not need to know the details of the sslv2 format ClientHello's ciphersuite specifications. Document the new public function, including the arguably buggy behavior of modifying the supplied SSL object. On the face of it, such a function should be able to be pure, just a direct translation of wire octets to internal data structures. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2279)
* Implementation of the ARIA cipher as described in RFC 5794.Pauli2017-02-212-1/+22
| | | | | | | | | | | | | | This implementation is written in endian agnostic C code. No attempt at providing machine specific assembly code has been made. This implementation expands the evptests by including the test cases from RFC 5794 and ARIA official site rather than providing an individual test case. Support for ARIA has been integrated into the command line applications, but not TLS. Implemented modes are CBC, CFB1, CFB8, CFB128, CTR, ECB and OFB128. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2337)
* Add a SSL_get_key_update_type() functionMatt Caswell2017-02-171-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
* Provide a function to send a KeyUpdate messageMatt Caswell2017-02-171-0/+1
| | | | | | This implements the server side KeyUpdate sending capability as well. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
* Update TLSProxy to know about HelloRetryRequest messagesMatt Caswell2017-02-143-0/+145
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Update the key_share tests for HelloRetryRequestMatt Caswell2017-02-141-0/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Add support for parameterized SipHashTodd Short2017-02-012-1/+3
| | | | | | | | | | | The core SipHash supports either 8 or 16-byte output and a configurable number of rounds. The default behavior, as added to EVP, is to use 16-byte output and 2,4 rounds, which matches the behavior of most implementations. There is an EVP_PKEY_CTRL that can control the output size. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2216)
* make updateDr. Stephen Henson2017-01-301-0/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
* Add a capability for TLSProxy to wait for a session before killing s_clientMatt Caswell2017-01-302-1/+47
| | | | | | | | | | | | | TLSProxy normally fires off s_client, which creates a connection to the server. TLSProxy also pipes some data to send to the process and s_client automatically exits when the pipe hits eof. Unfortunately this means that it sends the data and closes before it has processed the NewSessionTicket returned from the server in TLSv1.3. This commits adds an option for s_client to stay loaded until the sesion has been processed. A side effect of this is that s_client never sends a close_notify in this mode, so we count success as seeing that data has been transferred. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
* Add support for the psk_key_exchange_modes extensionMatt Caswell2017-01-301-0/+1
| | | | | | This is required for the later addition of resumption support. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
* Better check of DH parameters in TLS dataRichard Levitte2017-01-261-0/+1
| | | | | | | | | | | | | | When the client reads DH parameters from the TLS stream, we only checked that they all are non-zero. This change updates the check to use DH_check_params() DH_check_params() is a new function for light weight checking of the p and g parameters: check that p is odd check that 1 < g < p - 1 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add support for Poly1305 in EVP_PKEYTodd Short2017-01-241-0/+1
| | | | | | | Add Poly1305 as a "signed" digest. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2128)
* Add support for key logging callbacks.Cory Benfield2017-01-231-0/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1646)
* Check the exit code from the server processBernd Edlinger2017-01-231-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2205)
* Clean dead macros and definesFdaSilvaYY2017-01-181-63/+0
| | | | | | | ... mostly related to some old discarded modules . Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1906)
* GH2176: Add X509_VERIFY_PARAM_get_timeRich Salz2017-01-121-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2208)
* make updateRichard Levitte2017-01-111-0/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2204)
* Teach TLSProxy how to re-encrypt a TLSv1.3 message after changesMatt Caswell2017-01-101-3/+9
| | | | | | | This enables us to make changes to in-flight TLSv1.3 messages that appear after the ServerHello. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
* Extend ServerKeyExchange parsing to work with a signatureMatt Caswell2017-01-102-13/+37
| | | | | | | | | | | Previously SKE in TLSProxy only knew about one anonymous ciphersuite so there was never a signature. Extend that to include a ciphersuite that is not anonymous. This also fixes a bug where the existing SKE processing was checking against the wrong anon ciphersuite value. This has a knock on impact on the sslskewith0p test. The bug meant the test was working...but entirely by accident! Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
* Teach TLSProxy about the CertificateVerify messageMatt Caswell2017-01-103-0/+106
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
* Doc nits: callback function typedefsRich Salz2017-01-091-1/+8
| | | | | | | | | Enhance find-doc-nits to be better about finding typedefs for callback functions. Fix all nits it now finds. Added some new typedef names to ssl.h some of which were documented but did not exist Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2151)
* make updateDr. Stephen Henson2017-01-081-0/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2177)
* Create Certificate messages in TLS1.3 formatMatt Caswell2017-01-063-0/+229
| | | | | | | Also updates TLSProxy to be able to understand the format and parse the contained extensions. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2020)
* Add a test to check the EC point formats extension appears when we expectMatt Caswell2016-12-294-3/+19
| | | | | | | | | The previous commit fixed a bug where the EC point formats extensions did not appear in the ServerHello. This should have been caught by 70-test_sslmessages but that test never tries an EC ciphersuite. This updates the test to do that. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2153)
* Add X509_VERIFY_PARAM inheritance flag set/getRich Salz2016-12-131-2/+4
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2079)
* Fix various doc nits.Rich Salz2016-12-131-3/+6
| | | | | | | | | find-doc-nits warns if you don't give a "what to do flag" Don't use regexps for section names, just strings: More consistency. Rename "COMMAND OPTIONS" to OPTIONS. Fix a couple of other nit-level things. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2076)
* Fix various indentationMatt Caswell2016-12-082-17/+17
| | | | | | | | | | | The indentation was a bit off in some of the perl files following the extensions refactor. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove some spurious whitespaceMatt Caswell2016-12-082-3/+3
| | | | | | | | Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix a bug in TLSProxy where zero length messages were not being recordedMatt Caswell2016-12-081-1/+1
| | | | | | | | Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Support renegotiation in TLSProxyMatt Caswell2016-12-081-1/+20
| | | | | | | | Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add tests for new extension codeMatt Caswell2016-12-083-2/+138
| | | | | | | | | | | Extend test_tls13messages to additionally check the expected extensions under different options given to s_client/s_server. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Avoid repeatedly scanning the list of extensionsMatt Caswell2016-12-081-3/+4
| | | | | | | | | | | | | | Because extensions were keyed by type which is sparse, we were continually scanning the list to find the one we wanted. The way we stored them also had the side effect that we were running initialisers/finalisers in a different oder to the parsers. In this commit we change things so that we instead key on an index value for each extension. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add EncryptedExtensions messageMatt Caswell2016-12-081-0/+2
| | | | | | | | | | | At this stage the message is just empty. We need to fill it in with extension data. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Send and Receive a TLSv1.3 format ServerHelloMatt Caswell2016-12-081-14/+30
| | | | | | | | | | There are some minor differences in the format of a ServerHello in TLSv1.3. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add more TLS1.3 record testsMatt Caswell2016-12-051-2/+11
| | | | | | Add some tests for the new record construction Reviewed-by: Rich Salz <rsalz@openssl.org>
* Update the record layer to use TLSv1.3 style record constructionMatt Caswell2016-12-052-8/+47
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use the TLSv1.3 nonce constructionMatt Caswell2016-11-291-2/+0
| | | | | | | | This updates the record layer to use the TLSv1.3 style nonce construciton. It also updates TLSProxy and ossltest to be able to recognise the new layout. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix some TLSProxy warningsMatt Caswell2016-11-233-3/+26
| | | | | | | | After the client processes the server's initial flight in TLS1.3 it may respond with either an encrypted, or an unencrypted alert. We needed to teach TLSProxy about this so that it didn't issue spurious warnings. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix the tests following the state machine changes for TLSv1.3Matt Caswell2016-11-233-14/+21
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Merge find-undoc-api into find-doc-nitsRich Salz2016-11-162-82/+95
| | | | | | Use \b on NOEXIST and EXPORT_VAR_AS_FUNC patterns as suggested by Andy. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1912)
* Remove a hack from ssl_test_oldMatt Caswell2016-11-161-0/+2
| | | | | | | | | | | | ssl_test_old was reaching inside the SSL structure and changing the internal BIO values. This is completely unneccessary, and was causing an abort in the test when enabling TLSv1.3. I also removed the need for ssl_test_old to include ssl_locl.h. This required the addition of some missing accessors for SSL_COMP name and id fields. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add some tests for the key_share extensionMatt Caswell2016-11-161-0/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Check that SCT timestamps are not in the futureRob Percival2016-11-151-0/+2
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554)
* Revert "Remove heartbeats completely"Richard Levitte2016-11-151-1/+1
| | | | | | | | Done too soon, this is for future OpenSSL 1.2.0 This reverts commit 6c62f9e1639a7d1a879f363a99882920104dfedb. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove heartbeats completelyRichard Levitte2016-11-151-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
* Remove heartbeat supportRichard Levitte2016-11-131-1/+0
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
* Fix typo in util/process_docs.plRichard Levitte2016-11-111-1/+1
| | | | | | The links weren't properly terminated with a " Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1901)
* Add util/check-doc-links.pl, to be used to check referenses in manualsRichard Levitte2016-11-111-0/+99
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900)
* Small fixups of util/process_docs.plRichard Levitte2016-11-101-2/+2
| | | | | | | | | | | - the pod path hadn't been changed with the directory layout change - apparently, pod2html doesn't add ".html" at the end of links, making them useless, so we need to fix that With thanks for the report to Michel <michel.sales@free.fr> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1896)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-29 14:34:48 +0000