Matt Caswell [Tue, 10 Jan 2017 09:38:30 +0000 (09:38 +0000)]
Fix a Travis failure
Declare a variable as static to silence the warning
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 5 Jan 2017 14:40:00 +0000 (14:40 +0000)]
Add some signature tests
Check that signatures actually work, and that an incorrect signature
results in a handshake failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 5 Jan 2017 12:34:46 +0000 (12:34 +0000)]
Teach TLSProxy how to re-encrypt a TLSv1.3 message after changes
This enables us to make changes to in-flight TLSv1.3 messages that appear
after the ServerHello.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 5 Jan 2017 12:32:06 +0000 (12:32 +0000)]
Extend ServerKeyExchange parsing to work with a signature
Previously SKE in TLSProxy only knew about one anonymous ciphersuite so
there was never a signature. Extend that to include a ciphersuite that is
not anonymous. This also fixes a bug where the existing SKE processing was
checking against the wrong anon ciphersuite value. This has a knock on
impact on the sslskewith0p test. The bug meant the test was working...but
entirely by accident!
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 5 Jan 2017 12:28:40 +0000 (12:28 +0000)]
Teach TLSProxy about the CertificateVerify message
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Tue, 3 Jan 2017 13:43:56 +0000 (13:43 +0000)]
Teach SSL_trace about the new sigalgs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Tue, 3 Jan 2017 10:40:14 +0000 (10:40 +0000)]
Add a sigalg test to check we only allow sigalgs we sent
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Tue, 3 Jan 2017 10:01:39 +0000 (10:01 +0000)]
Extend PSS signature support to TLSv1.2
TLSv1.3 introduces PSS based sigalgs. Offering these in a TLSv1.3 client
implies that the client is prepared to accept these sigalgs even in
TLSv1.2.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Mon, 2 Jan 2017 11:52:57 +0000 (11:52 +0000)]
Fix test_sslversions to know that TLSv1.3 sets record version to TLSv1.0
This also acts as a test for the bug fixed in the previous commit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Mon, 2 Jan 2017 11:40:16 +0000 (11:40 +0000)]
Always use TLSv1.0 for record layer version in TLSv1.3
TLSv1.3 freezes the record layer version and ensures that it is always set
to TLSv1.0. Some implementations check this.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Fri, 30 Dec 2016 15:25:47 +0000 (15:25 +0000)]
Add a TLS1.3 TODO for setting of sig algs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Fri, 30 Dec 2016 11:27:24 +0000 (11:27 +0000)]
Add some sig algs tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Fri, 30 Dec 2016 14:08:19 +0000 (14:08 +0000)]
Ignore PKCS1 based sig algs in TLSv1.3
In TLSv1.3 we must use PSS based sig algs for RSA signing. Ignore any
shared sig algs which are PKCS1 based.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Fri, 30 Dec 2016 11:26:39 +0000 (11:26 +0000)]
Verify that the sig algs extension has been sent for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 29 Dec 2016 17:11:27 +0000 (17:11 +0000)]
Fix client application traffic secret
A misreading of the TLS1.3 spec meant we were using the handshake hashes
up to and including the Client Finished to calculate the client
application traffic secret. We should be only use up until the Server
Finished.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 29 Dec 2016 15:08:47 +0000 (15:08 +0000)]
Temporarily ignore NewSessionTickets for TLS1.3
We can't handle these messages yet, so ignore them for now.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 15 Dec 2016 00:28:47 +0000 (00:28 +0000)]
Use the correct size for TLSv1.3 finished keys
We need to use the length of the handshake hash for the length of the
finished key.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 17:27:15 +0000 (17:27 +0000)]
Ensure the record sequence number gets incremented
We were not incrementing the sequence number every time we sent/received
a record.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 16:50:14 +0000 (16:50 +0000)]
Remove some unneeded functions
The sigalgs work has made some old lookup tables and functions redundant
so remove them.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 16:37:48 +0000 (16:37 +0000)]
Use NIDs instead of the old TLSv1.2 sigalgs hash and sig ids
We had an extra layer of indirection in looking up hashes and sigs based
on sigalgs which is now no longer necessary. This removes it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 14:39:38 +0000 (14:39 +0000)]
Remove a redundant function
The extensions refactor made this function redundant so we can remove it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 14:31:21 +0000 (14:31 +0000)]
Convert Sigalgs processing to use ints
In TLSv1.2 an individual sig alg is represented by 1 byte for the hash
and 1 byte for the signature. In TLSv1.3 each sig alg is represented by
two bytes, where the two bytes together represent a single hash and
signature combination. This converts the internal representation of sigalgs
to use a single int for the pair, rather than a pair of bytes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 8 Dec 2016 16:02:51 +0000 (16:02 +0000)]
Sign CertificateVerify messages using PSS padding
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Mon, 5 Dec 2016 17:04:51 +0000 (17:04 +0000)]
Make CertificateVerify TLS1.3 aware
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Mon, 5 Dec 2016 14:59:25 +0000 (14:59 +0000)]
Move Certificate Verify construction and processing into statem_lib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Mon, 5 Dec 2016 14:58:51 +0000 (14:58 +0000)]
Add a TODO(TLS1.3) around certificate selection
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Rich Salz [Tue, 10 Jan 2017 20:40:27 +0000 (15:40 -0500)]
Fix typo in Blake2 function names
Fixes GitHub issue 2169.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2207)
Kurt Roeckx [Thu, 20 Oct 2016 18:49:22 +0000 (20:49 +0200)]
Print the X509 version signed, and convert to unsigned for the hex version.
Found by tis-interpreter
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754
Richard Levitte [Tue, 10 Jan 2017 08:20:07 +0000 (09:20 +0100)]
Only enable CRYPTO_3DES_ECB if that name is an existing macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
Richard Levitte [Tue, 10 Jan 2017 07:24:16 +0000 (08:24 +0100)]
Small fixes of cryptodev engine
- guard CRYPTO_3DES_CBC
- add a missing cast
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
Matt Caswell [Mon, 9 Jan 2017 17:29:44 +0000 (17:29 +0000)]
Mark a HelloRequest record as read if we ignore it
Otherwise the client will try to process it again. The second time around
it will try and move the record data into handshake fragment storage and
realise that there is no data left. At that point it marks it as read
anyway. However, it is a bug that we go around the loop a second time, so
we prevent that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2200)
Iaroslav Gridin [Sat, 29 Oct 2016 14:48:05 +0000 (17:48 +0300)]
use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals
by levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 14:47:03 +0000 (17:47 +0300)]
fix for BSD cryptodev
by levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 13:59:39 +0000 (16:59 +0300)]
Remove commented-out HMAC code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 13:56:31 +0000 (16:56 +0300)]
Style the code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 11:06:30 +0000 (14:06 +0300)]
Remove unused ret variable
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 10:56:09 +0000 (13:56 +0300)]
Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 10:51:31 +0000 (13:51 +0300)]
Add AES-ECB and 3DES-ECB to cryptodev
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Nikos Mavrogiannopoulos [Fri, 4 Jul 2014 06:41:04 +0000 (08:41 +0200)]
cryptodev: allow copying EVP contexts
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 10:35:14 +0000 (11:35 +0100)]
cryptodev: Fix issue with signature generation
That patch also enables support for SHA2 hashes, and
removes support for hashes that were never supported by
cryptodev.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Rich Salz [Mon, 9 Jan 2017 17:42:15 +0000 (12:42 -0500)]
Review comments
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
Rich Salz [Sun, 11 Dec 2016 20:01:28 +0000 (15:01 -0500)]
Use typedefs for PSK, NPN, ALPN callback functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
Rich Salz [Thu, 8 Dec 2016 19:18:40 +0000 (14:18 -0500)]
Move extension data into sub-structs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
Richard Levitte [Sun, 8 Jan 2017 09:46:14 +0000 (10:46 +0100)]
Fix build issues with no-dh, no-dsa and no-ec
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192)
Bernd Edlinger [Fri, 23 Dec 2016 13:35:16 +0000 (14:35 +0100)]
Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140
Rich Salz [Sun, 8 Jan 2017 17:50:52 +0000 (12:50 -0500)]
Rename "verify_cb" to SSL_verify_cb
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
Rich Salz [Tue, 27 Dec 2016 20:00:06 +0000 (15:00 -0500)]
Doc nits: callback function typedefs
Enhance find-doc-nits to be better about finding typedefs for
callback functions. Fix all nits it now finds. Added some new
typedef names to ssl.h some of which were documented but did not
exist
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
Dr. Stephen Henson [Sun, 8 Jan 2017 19:36:20 +0000 (19:36 +0000)]
Add server temp key type checks
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
Dr. Stephen Henson [Sun, 8 Jan 2017 00:09:08 +0000 (00:09 +0000)]
Add new ssl_test option.
Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
Dr. Stephen Henson [Sat, 7 Jan 2017 17:17:30 +0000 (17:17 +0000)]
fix a few more style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 22:49:01 +0000 (22:49 +0000)]
Documentation clarification and fixes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 17:51:28 +0000 (17:51 +0000)]
Remove unnecessary frees and style fixes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 17:26:11 +0000 (17:26 +0000)]
fix typo and remove duplicate macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 14:41:04 +0000 (14:41 +0000)]
Add documentation for PSS control operations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 13:36:37 +0000 (13:36 +0000)]
Use more desciptive macro name rsa_pss_restricted()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 13:12:28 +0000 (13:12 +0000)]
style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 13:12:17 +0000 (13:12 +0000)]
free str on error
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 13:11:50 +0000 (13:11 +0000)]
clarify comment
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 5 Jan 2017 23:18:28 +0000 (23:18 +0000)]
fix various style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 5 Jan 2017 18:52:59 +0000 (18:52 +0000)]
make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 4 Jan 2017 17:32:03 +0000 (17:32 +0000)]
add test for invalid key parameters
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 4 Jan 2017 14:06:44 +0000 (14:06 +0000)]
document RSA-PSS algorithm options
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 3 Jan 2017 17:33:31 +0000 (17:33 +0000)]
add PSS key tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 3 Jan 2017 16:07:52 +0000 (16:07 +0000)]
print errors in pkey utility
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 3 Jan 2017 16:00:41 +0000 (16:00 +0000)]
make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 3 Jan 2017 16:00:04 +0000 (16:00 +0000)]
add parameter error
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 6 Dec 2016 14:19:41 +0000 (14:19 +0000)]
Set EVP_PKEY_CTX in SignerInfo
If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 6 Dec 2016 14:17:21 +0000 (14:17 +0000)]
Only allow PSS padding for PSS keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 6 Dec 2016 14:01:05 +0000 (14:01 +0000)]
Decode parameters properly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 6 Dec 2016 00:54:19 +0000 (00:54 +0000)]
Return errors PKCS#7/CMS enveloped data ctrls and PSS
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 5 Dec 2016 14:55:23 +0000 (14:55 +0000)]
Add PSS parameter restrictions.
If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.
If the key parameters are invalid then verification or signing
initialisation returns an error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 5 Dec 2016 14:41:32 +0000 (14:41 +0000)]
Initial parameter restrictions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 5 Dec 2016 14:00:48 +0000 (14:00 +0000)]
Add rsa_pss_get_param.
New function rsa_pss_get_param to extract and sanity check PSS parameters.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 1 Dec 2016 21:53:58 +0000 (21:53 +0000)]
Don't allow PKCS#7/CMS encrypt with PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 1 Dec 2016 21:46:31 +0000 (21:46 +0000)]
Add macros to determine if key or ctx is PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 30 Nov 2016 18:26:10 +0000 (18:26 +0000)]
Support pad mode get/set for PSS keys.
Pad mode setting returns an error if the mode is anything other then PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 30 Nov 2016 16:55:30 +0000 (16:55 +0000)]
Key gen param support.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 30 Nov 2016 16:23:18 +0000 (16:23 +0000)]
Set PSS padding mode for PSS keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 30 Nov 2016 16:21:01 +0000 (16:21 +0000)]
Digest string helper function.
New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 21 Nov 2016 00:44:01 +0000 (00:44 +0000)]
Support RSA operations in PSS.
Add support for common operations in PSS by adding a new function
RSA_pkey_ctx_ctrl() which calls EVP_PKEY_CTX_ctrl if the key type
is RSA or PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 21:44:50 +0000 (21:44 +0000)]
PSS EVP_PKEY method
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 14:22:22 +0000 (14:22 +0000)]
RSA-PSS key printing.
Print out RSA-PSS key parameters if present.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 00:58:33 +0000 (00:58 +0000)]
PSS parameter encode and decode.
For RSA PSS keys encode and decode parameters when handling public
and private keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 21 Nov 2016 01:35:30 +0000 (01:35 +0000)]
Split PSS parameter creation.
Split PSS parameter creation. This adds a new function rsa_pss_params_create
which creates PSS parameters from digest and salt values. This will be
used for PSS key generation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Sun, 20 Nov 2016 04:17:30 +0000 (04:17 +0000)]
Use method key type instead of EVP_PKEY_RSA
Make RSA method more flexible by using the key type from the
method instead of hard coding EVP_PKEY_RSA: by doing this the
same code supports both RSA and RSA-PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 21:42:49 +0000 (21:42 +0000)]
PSS ASN.1 method
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 21:50:26 +0000 (21:50 +0000)]
add EVP_PKEY_RSA_PSS
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 21 Nov 2016 01:34:56 +0000 (01:34 +0000)]
Add pss field to RSA structure and free it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 18:51:54 +0000 (18:51 +0000)]
Cache maskHash parameter
Store hash algorithm used for MGF1 masks in PSS and OAEP modes in PSS and
OAEP parameter structure: this avoids the need to decode part of the ASN.1
structure every time it is used.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Kurt Roeckx [Thu, 5 Jan 2017 20:55:40 +0000 (21:55 +0100)]
Update fuzz corpora
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 19:18:29 +0000 (20:18 +0100)]
Make client and server fuzzer reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 19:13:10 +0000 (20:13 +0100)]
Make the bignum fuzzer reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 19:12:05 +0000 (20:12 +0100)]
Update fuzz documentation
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 18:59:14 +0000 (19:59 +0100)]
Make rand_add predictable when fuzzing
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 19:20:14 +0000 (20:20 +0100)]
server fuzzer: add support for DSA and ECDSA
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Matt Caswell [Fri, 6 Jan 2017 11:01:14 +0000 (11:01 +0000)]
Fix various style issues following feedback
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Thu, 5 Jan 2017 16:12:56 +0000 (16:12 +0000)]
Rename the chain variable to chainidx
This variable represents the index of the cert within the chain, so give it
a name that better represents that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Thu, 5 Jan 2017 15:05:20 +0000 (15:05 +0000)]
Fix a double blank line style issue
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Mon, 2 Jan 2017 11:16:37 +0000 (11:16 +0000)]
Initialise the al variable
al can be used uninitialised in an error path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Fri, 2 Dec 2016 17:14:59 +0000 (17:14 +0000)]
Update SSL_trace to understand TLSv1.3 Certificates
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)