Commit Graph

126 Commits

Author SHA1 Message Date
Matt Caswell
b946a3eed5 Fix an SSL_trace bug
Ensure that SSL_trace can print certificate data even with a non-default
libctx.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:33 +01:00
Matt Caswell
45aac10717 Support trace for QUIC datagrams
Extend SSL_trace so that it knows how to dump information about the
receipt of a QUIC datagram.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:27 +01:00
Todd Short
3c95ef22df RFC7250 (RPK) support
Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).

Add APIs
Add unit tests
Add documentation
Add s_client/s_server support

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)
2023-03-28 13:49:54 -04:00
FdaSilvaYY
f2a6f83862 Cleanup : directly include of internal/nelem.h when required.
And so clean a few useless includes

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19721)
2022-11-23 18:08:25 +01:00
J.W. Jagersma
1555c86e5f Cast values to match printf format strings.
For some reason djgpp uses '(unsigned) long int' for (u)int32_t.  This
causes errors with -Werror=format, even though these types are in
practice identical.

Obvious solution: cast to the types indicated by the format string.

For asn1_time_test.c I changed the format string to %lli since time_t
may be 'long long' some platforms.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
2022-11-14 07:47:53 +00:00
Todd Short
00e38edcfb Fix coverity 1516093 tainted scalar
|uclen| is created from three byte values, so this seems a bit
redundant, but if it makes coverity happy

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19519)
2022-11-02 11:35:52 +01:00
Todd Short
5e569f0a2e Fix coverity 1516093 tainted scalar
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19440)
2022-10-21 10:33:40 +11:00
Todd Short
b67cb09f8d Add support for compressed certificates (RFC8879)
* Compressed Certificate extension (server/client)
* Server certificates (send/receive)
* Client certificate (send/receive)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:22 -04:00
Matt Caswell
c9ee6e3646 Reimplement brainpool TLSv1.3 support group support
Create new TLS_GROUP_ENTRY values for these groups.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19315)
2022-10-07 10:01:48 +01:00
Tomas Mraz
38b051a1fe SSL object refactoring using SSL_CONNECTION object
Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.

It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)
2022-07-28 10:04:28 +01:00
Bernd Edlinger
0a10825a00 Enable brainpool curves for TLS1.3
See the recently assigned brainpool code points at:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7485)
2021-11-26 06:45:19 +01:00
Matt Caswell
a28d06f3e9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
2021-02-18 15:05:17 +00:00
Matt Caswell
462f4f4bc0 Remove OPENSSL_NO_EC guards from libssl
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:22:43 +00:00
Tomas Mraz
7486c718e5 t1_trce: Fix remaining places where the 24 bit shift overflow happens
[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)
2020-05-20 17:31:56 +02:00
Dmitry Belyavskiy
5a5530a29a New Russian TLS 1.2 implementation
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11442)
2020-05-19 13:02:43 +03:00
Nikolay Morozov
fa555aa897 GOST2012 TLS Supported Groups Identifiers Support
For GOST2012-GOST8912-GOST8912 IANA introduce TLS Supported Groups Identifiers
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11568)
2020-04-22 11:22:00 +03:00
Nikolay Morozov
6f89229603 TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support
For GOST2012-GOST8912-GOST8912 IANA introduce signature Signature Algorithm parametrs
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11482)
2020-04-16 18:29:17 +03:00
Nikolay Morozov
98278b9631 TLS Cipher Suite 0xC102 Support
For GOST2012-GOST8912-GOST8912 was used 0xFF85 identifier,
but new identifier 0xc102 was assigned.
Because of old software we will support both numbers.

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2
https://datatracker.ietf.org/doc/draft-smyshlyaev-tls12-gost-suites/

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11403)
2020-04-02 18:01:41 +03:00
Daniil Zotkin
6834df12d1 Process GOST ClientKeyExchange message in SSL_trace
Use ssl_print_hex to print message in case of GOST key exchange algorithm.

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9995)
2019-11-23 16:27:30 +03:00
Daniil Zotkin
65c76cd2c9 Do not print extensions in Certificate message for TLS1.2 and lower
According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9994)
2019-10-03 10:29:49 +10:00
Dr. Matthias St. Pierre
706457b7bd Reorganize local header files
Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

  '*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:26:35 +02:00
Todd Short
555cbb328e Collapse ssl3_state_st (s3) into ssl_st
With the removal of SSLv2, the s3 structure is always allocated, so
there is little point in having it be an allocated pointer. Collapse
the ssl3_state_st structure into ssl_st and fixup any references.

This should be faster than going through an indirection and due to
fewer allocations, but I'm not seeing any significant performance
improvement; it seems to be within the margin of error in timing.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7888)
2019-04-29 17:26:09 +01:00
Richard Levitte
558ea84743 Remove heartbeats completely
Fixes #4856

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1928)
2019-03-29 13:50:59 +01:00
Richard Levitte
2c18d164f5 Following the license change, modify the boilerplates in ssl/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7768)
2018-12-06 14:20:59 +01:00
Erik Forsberg
d6c46adf18 Fix ssl/t1_trce.c to parse certificate chains
Fixes #6994

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7009)
2018-09-01 08:58:42 +08:00
Matt Caswell
35e742ecac Update code for the final RFC version of TLSv1.3 (RFC8446)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
2018-08-15 12:33:30 +01:00
Matt Caswell
73cc84a132 Suport TLSv1.3 draft 28
Also retains support for drafts 27 and 26

Fixes #6257

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6258)
2018-05-15 10:02:59 +01:00
Dr. Matthias St. Pierre
32c6985349 Fix mixed indentation (and other whitespace issues)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6094)
2018-04-26 21:34:46 +02:00
cedral
d8fa9324d2 Visual Studio 2017 debug build warning error on 32 bit build
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5799)
2018-04-04 14:54:47 +02:00
Matt Caswell
83cf3423f0 Update trace code to know about GOST ciphersuites
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5808)
2018-03-30 19:28:33 +01:00
Philippe Antoine
161ff6c5fa Adds multiple checks to avoid buffer over reads
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5675)
2018-03-25 11:08:33 +02:00
Philippe Antoine
63ff89ab71 Fixes integer underflow with SSL_trace support
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5706)
2018-03-21 17:33:20 +00:00
Dr. Matthias St. Pierre
dd07e68b20 Fix miscellaneous typos in docs and source
- d2i_PKC8PrivateKey -> d2i_PKCS8PrivateKey
- bechmark -> benchmark
- ciperhsuite -> ciphersuite
- EncyptedPreMasterSecret -> EncryptedPreMasterSecret

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5570)
2018-03-17 18:24:03 +01:00
Matt Caswell
61cd0c946b Fix enable-ssl-trace
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5600)
2018-03-12 19:45:14 +00:00
FdaSilvaYY
d420729b9e Duplicate entries ssl_handshake_tbl trace entries...
... and add some missing known values.
Sort ssl/tls extension array list

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5304)
2018-03-08 10:32:34 -05:00
Matt Caswell
0e1d6ecf37 Add X448/Ed448 support to libssl
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5470)
2018-03-05 11:39:20 +00:00
Todd Short
9d75dce3e1 Add TLSv1.3 post-handshake authentication (PHA)
Add SSL_verify_client_post_handshake() for servers to initiate PHA

Add SSL_force_post_handshake_auth() for clients that don't have certificates
initially configured, but use a certificate callback.

Update SSL_CTX_set_verify()/SSL_set_verify() mode:

* Add SSL_VERIFY_POST_HANDSHAKE to postpone client authentication until after
the initial handshake.

* Update SSL_VERIFY_CLIENT_ONCE now only sends out one CertRequest regardless
of when the certificate authentication takes place; either initial handshake,
re-negotiation, or post-handshake authentication.

Add 'RequestPostHandshake' and 'RequirePostHandshake' SSL_CONF options that
add the SSL_VERIFY_POST_HANDSHAKE to the 'Request' and 'Require' options

Add support to s_client:
* Enabled automatically when cert is configured
* Can be forced enabled via -force_pha

Add support to s_server:
* Use 'c' to invoke PHA in s_server
* Remove some dead code

Update documentation

Update unit tests:
* Illegal use of PHA extension
* TLSv1.3 certificate tests

DTLS and TLS behave ever-so-slightly differently. So, when DTLS1.3 is
implemented, it's PHA support state machine may need to be different.
Add a TODO and a #error

Update handshake context to deal with PHA.

The handshake context for TLSv1.3 post-handshake auth is up through the
ClientFinish message, plus the CertificateRequest message. Subsequent
Certificate, CertificateVerify, and Finish messages are based on this
handshake context (not the Certificate message per se, but it's included
after the hash). KeyUpdate, NewSessionTicket, and prior Certificate
Request messages are not included in post-handshake authentication.

After the ClientFinished message is processed, save off the digest state
for future post-handshake authentication. When post-handshake auth occurs,
copy over the saved handshake context into the "main" handshake digest.
This effectively discards the any KeyUpdate or NewSessionTicket messages
and any prior post-handshake authentication.

This, of course, assumes that the ID-22 did not mean to include any
previous post-handshake authentication into the new handshake transcript.
This is implied by section 4.4.1 that lists messages only up to the
first ClientFinished.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4964)
2018-02-01 17:07:56 +00:00
Benjamin Kaduk
36c91d13d1 Fix ssl-trace with TLS 1.3 draft-23 PSS sigalgs
The latest TLS 1.3 draft split the RSA-PSS signature schemes into
two versions that indicate the OID of the RSA key being used.
This forced us to rename the preprocessor defines for the sigalg
values, and the ssl-trace code was not adopted to match, since
it was not enabled int the default build.

Belatedly update the ssl_sigalg_tbl in the trace code to match.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5174)
2018-01-26 09:21:08 -06:00
Richard Levitte
3c7d0945b6 Update copyright years on all files merged since Jan 1st 2018
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5038)
2018-01-09 05:49:01 +01:00
Matt Caswell
818b625d6c Fix trace of TLSv1.3 Certificate Request message
A TLSv1.3 Certificate Request message was issuing a "Message length parse
error" using the -trace option to s_server/s_client.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5008)
2018-01-02 15:51:23 +00:00
Matt Caswell
597c51bc98 Merge HRR into ServerHello
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
2017-12-14 15:06:37 +00:00
Matt Caswell
88050dd196 Update ServerHello to new draft-22 format
The new ServerHello format is essentially now the same as the old TLSv1.2
one, but it must additionally include supported_versions. The version
field is fixed at TLSv1.2, and the version negotiation happens solely via
supported_versions.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
2017-12-14 15:06:37 +00:00
FdaSilvaYY
06312c4769 SSL Trace improvements
A fix formatting fixes.

SSL Trace: internal constification
-  static trace tables
-  trace methods arguments

SSL Trace: enhance error message when tracing an invalid extension packet
... instead of just "Message length parse error!".

SSL trace: add Maximum-Fragment-Length TLS extension log support

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4353)
2017-09-10 23:33:37 -04:00
David Benjamin
ee1ed1d380 Fix the names of older ciphers.
The names of these ciphers have an "SSL_" prefix, but the RFC names use
"TLS_":
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

This dates back to these ciphers being originally defined in SSLv3. As
SSLv3 is on its way out anyway and this is a new set of APIs,
consistently use the TLS names.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4007)
2017-07-31 09:11:18 -04:00
Paul Yang
bbb4ceb86e Support converting cipher name to RFC name and vice versa
Fixes: issue #3747

make SSL_CIPHER_standard_name globally available and introduce a new
function OPENSSL_cipher_name.

A new option '-convert' is also added to 'openssl ciphers' app.

Documentation and test cases are added.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3859)
2017-07-21 07:20:14 +10:00
Matt Caswell
8f81476145 Update SSL_trace() to know about ticket_nonce
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
2017-07-07 15:02:09 +01:00
David Benjamin
32bbf777d0 Fix the names of ChaCha20-Poly1305 cipher suites in t1_trce.c.
Per RFC 7905, the cipher suite names end in "_SHA256". The original
implementation targeted the -03 draft, but there was a -04 draft right
before the RFC was published to make the names consistent.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3748)
2017-06-22 16:43:03 +01:00
Dr. Stephen Henson
881d2c5ed2 Add Ed25519 to trace output
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
2017-06-21 14:11:01 +01:00
Matt Caswell
d8311fc93a Add back support for SHA224 based sig algs
This used to work but was inadvertently removed as part of the TLSv1.3
work. This adds it back.

Fixes #3633

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3639)
2017-06-08 17:37:02 +01:00
Matt Caswell
ad5100bc41 Add support to SSL_trace() for inner content types
When using the -trace option with TLSv1.3 all records appear as "application
data". This adds the ability to see the inner content type too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3408)
2017-05-08 11:42:37 +01:00