oweals/openssl.git
7 years agoUI: Use RUN_ONCE differently
Richard Levitte [Fri, 13 Jan 2017 10:19:48 +0000 (11:19 +0100)]
UI: Use RUN_ONCE differently

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)

7 years agoUI: Ensure there will be no race condition when getting the UI_METHOD ex_data
Richard Levitte [Thu, 12 Jan 2017 19:22:12 +0000 (20:22 +0100)]
UI: Ensure there will be no race condition when getting the UI_METHOD ex_data

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)

7 years agoMake X509_Digest,others public
Rich Salz [Thu, 12 Jan 2017 21:39:41 +0000 (16:39 -0500)]
Make X509_Digest,others public

Also, if want SHA1 then use the pre-computed value if there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2223)

7 years agoRename file so "ls" works on 80 columns
Rich Salz [Thu, 12 Jan 2017 19:15:13 +0000 (14:15 -0500)]
Rename file so "ls" works on 80 columns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2221)

7 years agoAdd documentation
Rich Salz [Thu, 12 Jan 2017 17:22:12 +0000 (12:22 -0500)]
Add documentation

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)

7 years agoAdd "random malloc failure" tooling
Rich Salz [Fri, 8 Jul 2016 17:40:08 +0000 (13:40 -0400)]
Add "random malloc failure" tooling

Still needs to be documented, somehow/somewhere.

The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc
should fail.  It's a set of fields separated by semicolons.  Each field
is a count and optional percentage (separated by @) which defaults to 100.
If count is zero then it lasts "forever."  For example: 100;@25 means the
first 100 allocations pass, then the rest have a 25% chance of failing
until the program exits or crashes.

If env var OPENSSL_MALLOC_FD parses as a positive integer, a record
of all malloc "shouldfail" tests is written to that file descriptor.
If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set
(platform specific), then a backtrace will be written to the descriptor
when a malloc fails.  This can be useful because a malloc may fail but
not be checked, and problems will only occur later.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)

7 years agoGH2176: Add X509_VERIFY_PARAM_get_time
Rich Salz [Tue, 10 Jan 2017 21:18:33 +0000 (16:18 -0500)]
GH2176: Add X509_VERIFY_PARAM_get_time

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)

7 years agoReview comments; fail build if nits found
Rich Salz [Thu, 12 Jan 2017 13:20:54 +0000 (08:20 -0500)]
Review comments; fail build if nits found

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2202)

7 years agoRun find-doc-nits in travis
Richard Levitte [Tue, 10 Jan 2017 03:41:26 +0000 (22:41 -0500)]
Run find-doc-nits in travis

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2202)

7 years agoUI documentation fixup
Richard Levitte [Thu, 12 Jan 2017 14:17:42 +0000 (15:17 +0100)]
UI documentation fixup

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2218)

7 years agoUI: fix uitest for VMS
Richard Levitte [Thu, 12 Jan 2017 12:07:39 +0000 (13:07 +0100)]
UI: fix uitest for VMS

- On VMS, apps/apps.c depends on apps/vms_term_sock.c, so add it to
  the build
- On VMS, apps/*.c are compiled with default symbol settings,
  i.e. uppercased and truncated symbols, which differs from test
  programs.  Make sure uitest.c knows that with a few pragmas.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2218)

7 years agoUI: fix uitest for no-ui configuration
Richard Levitte [Thu, 12 Jan 2017 10:08:36 +0000 (11:08 +0100)]
UI: fix uitest for no-ui configuration

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2218)

7 years agoFix no-dh builds
Matt Caswell [Thu, 12 Jan 2017 09:48:38 +0000 (09:48 +0000)]
Fix no-dh builds

One of the new tests uses a DH based ciphersuite. That test should be
disabled if DH is disabled.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2217)

7 years agoFix compilation with no-nextprotoneg
Matt Caswell [Wed, 11 Jan 2017 10:35:15 +0000 (10:35 +0000)]
Fix compilation with no-nextprotoneg

A guard was in the wrong place in the header file.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2212)

7 years agoAdd a test "uitest"
Richard Levitte [Tue, 10 Jan 2017 23:13:59 +0000 (00:13 +0100)]
Add a test "uitest"

It tests both the use of UI_METHOD (through the apps/apps.h API) and
wrapping an older style PEM password callback in a UI_METHOD.

Replace the earlier UI test with a run of this test program

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)

7 years agoAdd a few documentation lines about UI_OpenSSL()
Richard Levitte [Tue, 10 Jan 2017 23:12:01 +0000 (00:12 +0100)]
Add a few documentation lines about UI_OpenSSL()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)

7 years agoDocument the UI utility functions
Richard Levitte [Tue, 10 Jan 2017 08:02:40 +0000 (09:02 +0100)]
Document the UI utility functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)

7 years agomake update
Richard Levitte [Mon, 9 Jan 2017 13:26:55 +0000 (14:26 +0100)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)

7 years agoAdd a UI utility function with which to wrap pem_callback_cb in a UI_METHOD
Richard Levitte [Tue, 6 Dec 2016 13:36:43 +0000 (14:36 +0100)]
Add a UI utility function with which to wrap pem_callback_cb in a UI_METHOD

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)

7 years agoAdd an application data field in the UI_METHOD
Richard Levitte [Tue, 6 Dec 2016 13:36:04 +0000 (14:36 +0100)]
Add an application data field in the UI_METHOD

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)

7 years agoConstify the input parameter to UI_method_get_*
Richard Levitte [Tue, 6 Dec 2016 13:34:52 +0000 (14:34 +0100)]
Constify the input parameter to UI_method_get_*

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)

7 years agoEnable apps to get a UI_METHOD for the default prompter
Richard Levitte [Tue, 6 Dec 2016 03:17:18 +0000 (04:17 +0100)]
Enable apps to get a UI_METHOD for the default prompter

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)

7 years agoFix no-ec following sigalgs refactor
Matt Caswell [Tue, 10 Jan 2017 14:38:09 +0000 (14:38 +0000)]
Fix no-ec following sigalgs refactor

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoFix tls1_set_sigalgs() length calculation
Matt Caswell [Tue, 10 Jan 2017 14:23:02 +0000 (14:23 +0000)]
Fix tls1_set_sigalgs() length calculation

The length passed to tls1_set_sigalgs() is a multiple of two and there are
two char entries in the list for each sigalg. When we set
client_sigalgslen or conf_sigalgslen this is the number of ints in the list
where there is one entry per sigalg (i.e. half the length of the list passed
to the function).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoAdd some missing sigalgs
Matt Caswell [Tue, 10 Jan 2017 13:45:24 +0000 (13:45 +0000)]
Add some missing sigalgs

The SHA1 sigalgs were inadvertently missed off in the sigalgs refactor.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoFix an uninit read picked up by Travis
Matt Caswell [Tue, 10 Jan 2017 11:30:57 +0000 (11:30 +0000)]
Fix an uninit read picked up by Travis

The siglen value needs to be initialised prior to it being read in the
call to EVP_DigestSignFinal later in this function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoFix a Travis failure
Matt Caswell [Tue, 10 Jan 2017 09:38:30 +0000 (09:38 +0000)]
Fix a Travis failure

Declare a variable as static to silence the warning

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoAdd some signature tests
Matt Caswell [Thu, 5 Jan 2017 14:40:00 +0000 (14:40 +0000)]
Add some signature tests

Check that signatures actually work, and that an incorrect signature
results in a handshake failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoTeach TLSProxy how to re-encrypt a TLSv1.3 message after changes
Matt Caswell [Thu, 5 Jan 2017 12:34:46 +0000 (12:34 +0000)]
Teach TLSProxy how to re-encrypt a TLSv1.3 message after changes

This enables us to make changes to in-flight TLSv1.3 messages that appear
after the ServerHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoExtend ServerKeyExchange parsing to work with a signature
Matt Caswell [Thu, 5 Jan 2017 12:32:06 +0000 (12:32 +0000)]
Extend ServerKeyExchange parsing to work with a signature

Previously SKE in TLSProxy only knew about one anonymous ciphersuite so
there was never a signature. Extend that to include a ciphersuite that is
not anonymous. This also fixes a bug where the existing SKE processing was
checking against the wrong anon ciphersuite value. This has a knock on
impact on the sslskewith0p test. The bug meant the test was working...but
entirely by accident!

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoTeach TLSProxy about the CertificateVerify message
Matt Caswell [Thu, 5 Jan 2017 12:28:40 +0000 (12:28 +0000)]
Teach TLSProxy about the CertificateVerify message

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoTeach SSL_trace about the new sigalgs
Matt Caswell [Tue, 3 Jan 2017 13:43:56 +0000 (13:43 +0000)]
Teach SSL_trace about the new sigalgs

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoAdd a sigalg test to check we only allow sigalgs we sent
Matt Caswell [Tue, 3 Jan 2017 10:40:14 +0000 (10:40 +0000)]
Add a sigalg test to check we only allow sigalgs we sent

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoExtend PSS signature support to TLSv1.2
Matt Caswell [Tue, 3 Jan 2017 10:01:39 +0000 (10:01 +0000)]
Extend PSS signature support to TLSv1.2

TLSv1.3 introduces PSS based sigalgs. Offering these in a TLSv1.3 client
implies that the client is prepared to accept these sigalgs even in
TLSv1.2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoFix test_sslversions to know that TLSv1.3 sets record version to TLSv1.0
Matt Caswell [Mon, 2 Jan 2017 11:52:57 +0000 (11:52 +0000)]
Fix test_sslversions to know that TLSv1.3 sets record version to TLSv1.0

This also acts as a test for the bug fixed in the previous commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoAlways use TLSv1.0 for record layer version in TLSv1.3
Matt Caswell [Mon, 2 Jan 2017 11:40:16 +0000 (11:40 +0000)]
Always use TLSv1.0 for record layer version in TLSv1.3

TLSv1.3 freezes the record layer version and ensures that it is always set
to TLSv1.0. Some implementations check this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoAdd a TLS1.3 TODO for setting of sig algs
Matt Caswell [Fri, 30 Dec 2016 15:25:47 +0000 (15:25 +0000)]
Add a TLS1.3 TODO for setting of sig algs

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoAdd some sig algs tests
Matt Caswell [Fri, 30 Dec 2016 11:27:24 +0000 (11:27 +0000)]
Add some sig algs tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoIgnore PKCS1 based sig algs in TLSv1.3
Matt Caswell [Fri, 30 Dec 2016 14:08:19 +0000 (14:08 +0000)]
Ignore PKCS1 based sig algs in TLSv1.3

In TLSv1.3 we must use PSS based sig algs for RSA signing. Ignore any
shared sig algs which are PKCS1 based.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoVerify that the sig algs extension has been sent for TLSv1.3
Matt Caswell [Fri, 30 Dec 2016 11:26:39 +0000 (11:26 +0000)]
Verify that the sig algs extension has been sent for TLSv1.3

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoFix client application traffic secret
Matt Caswell [Thu, 29 Dec 2016 17:11:27 +0000 (17:11 +0000)]
Fix client application traffic secret

A misreading of the TLS1.3 spec meant we were using the handshake hashes
up to and including the Client Finished to calculate the client
application traffic secret. We should be only use up until the Server
Finished.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoTemporarily ignore NewSessionTickets for TLS1.3
Matt Caswell [Thu, 29 Dec 2016 15:08:47 +0000 (15:08 +0000)]
Temporarily ignore NewSessionTickets for TLS1.3

We can't handle these messages yet, so ignore them for now.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoUse the correct size for TLSv1.3 finished keys
Matt Caswell [Thu, 15 Dec 2016 00:28:47 +0000 (00:28 +0000)]
Use the correct size for TLSv1.3 finished keys

We need to use the length of the handshake hash for the length of the
finished key.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoEnsure the record sequence number gets incremented
Matt Caswell [Wed, 14 Dec 2016 17:27:15 +0000 (17:27 +0000)]
Ensure the record sequence number gets incremented

We were not incrementing the sequence number every time we sent/received
a record.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoRemove some unneeded functions
Matt Caswell [Wed, 14 Dec 2016 16:50:14 +0000 (16:50 +0000)]
Remove some unneeded functions

The sigalgs work has made some old lookup tables and functions redundant
so remove them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoUse NIDs instead of the old TLSv1.2 sigalgs hash and sig ids
Matt Caswell [Wed, 14 Dec 2016 16:37:48 +0000 (16:37 +0000)]
Use NIDs instead of the old TLSv1.2 sigalgs hash and sig ids

We had an extra layer of indirection in looking up hashes and sigs based
on sigalgs which is now no longer necessary. This removes it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoRemove a redundant function
Matt Caswell [Wed, 14 Dec 2016 14:39:38 +0000 (14:39 +0000)]
Remove a redundant function

The extensions refactor made this function redundant so we can remove it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoConvert Sigalgs processing to use ints
Matt Caswell [Wed, 14 Dec 2016 14:31:21 +0000 (14:31 +0000)]
Convert Sigalgs processing to use ints

In TLSv1.2 an individual sig alg is represented by 1 byte for the hash
and 1 byte for the signature. In TLSv1.3 each sig alg is represented by
two bytes, where the two bytes together represent a single hash and
signature combination. This converts the internal representation of sigalgs
to use a single int for the pair, rather than a pair of bytes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoSign CertificateVerify messages using PSS padding
Matt Caswell [Thu, 8 Dec 2016 16:02:51 +0000 (16:02 +0000)]
Sign CertificateVerify messages using PSS padding

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoMake CertificateVerify TLS1.3 aware
Matt Caswell [Mon, 5 Dec 2016 17:04:51 +0000 (17:04 +0000)]
Make CertificateVerify TLS1.3 aware

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoMove Certificate Verify construction and processing into statem_lib.c
Matt Caswell [Mon, 5 Dec 2016 14:59:25 +0000 (14:59 +0000)]
Move Certificate Verify construction and processing into statem_lib.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoAdd a TODO(TLS1.3) around certificate selection
Matt Caswell [Mon, 5 Dec 2016 14:58:51 +0000 (14:58 +0000)]
Add a TODO(TLS1.3) around certificate selection

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

7 years agoFix typo in Blake2 function names
Rich Salz [Tue, 10 Jan 2017 20:40:27 +0000 (15:40 -0500)]
Fix typo in Blake2 function names

Fixes GitHub issue 2169.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2207)

7 years agoPrint the X509 version signed, and convert to unsigned for the hex version.
Kurt Roeckx [Thu, 20 Oct 2016 18:49:22 +0000 (20:49 +0200)]
Print the X509 version signed, and convert to unsigned for the hex version.

Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754

7 years agoOnly enable CRYPTO_3DES_ECB if that name is an existing macro
Richard Levitte [Tue, 10 Jan 2017 08:20:07 +0000 (09:20 +0100)]
Only enable CRYPTO_3DES_ECB if that name is an existing macro

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)

7 years agoSmall fixes of cryptodev engine
Richard Levitte [Tue, 10 Jan 2017 07:24:16 +0000 (08:24 +0100)]
Small fixes of cryptodev engine

- guard CRYPTO_3DES_CBC
- add a missing cast

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)

7 years agoMark a HelloRequest record as read if we ignore it
Matt Caswell [Mon, 9 Jan 2017 17:29:44 +0000 (17:29 +0000)]
Mark a HelloRequest record as read if we ignore it

Otherwise the client will try to process it again. The second time around
it will try and move the record data into handshake fragment storage and
realise that there is no data left. At that point it marks it as read
anyway. However, it is a bug that we go around the loop a second time, so
we prevent that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2200)

7 years agouse EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals
Iaroslav Gridin [Sat, 29 Oct 2016 14:48:05 +0000 (17:48 +0300)]
use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals

by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

7 years agofix for BSD cryptodev
Iaroslav Gridin [Sat, 29 Oct 2016 14:47:03 +0000 (17:47 +0300)]
fix for BSD cryptodev

by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

7 years agoRemove commented-out HMAC code
Iaroslav Gridin [Sat, 29 Oct 2016 13:59:39 +0000 (16:59 +0300)]
Remove commented-out HMAC code

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

7 years agoStyle the code
Iaroslav Gridin [Sat, 29 Oct 2016 13:56:31 +0000 (16:56 +0300)]
Style the code

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

7 years agoRemove unused ret variable
Iaroslav Gridin [Sat, 29 Oct 2016 11:06:30 +0000 (14:06 +0300)]
Remove unused ret variable

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

7 years agoRemove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev
Iaroslav Gridin [Sat, 29 Oct 2016 10:56:09 +0000 (13:56 +0300)]
Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

7 years agoAdd AES-ECB and 3DES-ECB to cryptodev
Iaroslav Gridin [Sat, 29 Oct 2016 10:51:31 +0000 (13:51 +0300)]
Add AES-ECB and 3DES-ECB to cryptodev

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

7 years agocryptodev: allow copying EVP contexts
Nikos Mavrogiannopoulos [Fri, 4 Jul 2014 06:41:04 +0000 (08:41 +0200)]
cryptodev: allow copying EVP contexts

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

7 years agocryptodev: Fix issue with signature generation
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 10:35:14 +0000 (11:35 +0100)]
cryptodev: Fix issue with signature generation

That patch also enables support for SHA2 hashes, and
removes support for hashes that were never supported by
cryptodev.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

7 years agoReview comments
Rich Salz [Mon, 9 Jan 2017 17:42:15 +0000 (12:42 -0500)]
Review comments

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

7 years agoUse typedefs for PSK, NPN, ALPN callback functions
Rich Salz [Sun, 11 Dec 2016 20:01:28 +0000 (15:01 -0500)]
Use typedefs for PSK, NPN, ALPN callback functions

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

7 years agoMove extension data into sub-structs
Rich Salz [Thu, 8 Dec 2016 19:18:40 +0000 (14:18 -0500)]
Move extension data into sub-structs

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

7 years agoFix build issues with no-dh, no-dsa and no-ec
Richard Levitte [Sun, 8 Jan 2017 09:46:14 +0000 (10:46 +0100)]
Fix build issues with no-dh, no-dsa and no-ec

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192)

7 years agoFix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
Bernd Edlinger [Fri, 23 Dec 2016 13:35:16 +0000 (14:35 +0100)]
Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140

7 years agoRename "verify_cb" to SSL_verify_cb
Rich Salz [Sun, 8 Jan 2017 17:50:52 +0000 (12:50 -0500)]
Rename "verify_cb" to SSL_verify_cb

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)

7 years agoDoc nits: callback function typedefs
Rich Salz [Tue, 27 Dec 2016 20:00:06 +0000 (15:00 -0500)]
Doc nits: callback function typedefs

Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)

7 years agoAdd server temp key type checks
Dr. Stephen Henson [Sun, 8 Jan 2017 19:36:20 +0000 (19:36 +0000)]
Add server temp key type checks

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)

7 years agoAdd new ssl_test option.
Dr. Stephen Henson [Sun, 8 Jan 2017 00:09:08 +0000 (00:09 +0000)]
Add new ssl_test option.

Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)

7 years agofix a few more style issues
Dr. Stephen Henson [Sat, 7 Jan 2017 17:17:30 +0000 (17:17 +0000)]
fix a few more style issues

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoDocumentation clarification and fixes.
Dr. Stephen Henson [Fri, 6 Jan 2017 22:49:01 +0000 (22:49 +0000)]
Documentation clarification and fixes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoRemove unnecessary frees and style fixes.
Dr. Stephen Henson [Fri, 6 Jan 2017 17:51:28 +0000 (17:51 +0000)]
Remove unnecessary frees and style fixes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agofix typo and remove duplicate macro
Dr. Stephen Henson [Fri, 6 Jan 2017 17:26:11 +0000 (17:26 +0000)]
fix typo and remove duplicate macro

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoAdd documentation for PSS control operations.
Dr. Stephen Henson [Fri, 6 Jan 2017 14:41:04 +0000 (14:41 +0000)]
Add documentation for PSS control operations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoUse more desciptive macro name rsa_pss_restricted()
Dr. Stephen Henson [Fri, 6 Jan 2017 13:36:37 +0000 (13:36 +0000)]
Use more desciptive macro name rsa_pss_restricted()

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agostyle issues
Dr. Stephen Henson [Fri, 6 Jan 2017 13:12:28 +0000 (13:12 +0000)]
style issues

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agofree str on error
Dr. Stephen Henson [Fri, 6 Jan 2017 13:12:17 +0000 (13:12 +0000)]
free str on error

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoclarify comment
Dr. Stephen Henson [Fri, 6 Jan 2017 13:11:50 +0000 (13:11 +0000)]
clarify comment

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agofix various style issues
Dr. Stephen Henson [Thu, 5 Jan 2017 23:18:28 +0000 (23:18 +0000)]
fix various style issues

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agomake update
Dr. Stephen Henson [Thu, 5 Jan 2017 18:52:59 +0000 (18:52 +0000)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoadd test for invalid key parameters
Dr. Stephen Henson [Wed, 4 Jan 2017 17:32:03 +0000 (17:32 +0000)]
add test for invalid key parameters

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agodocument RSA-PSS algorithm options
Dr. Stephen Henson [Wed, 4 Jan 2017 14:06:44 +0000 (14:06 +0000)]
document RSA-PSS algorithm options

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoadd PSS key tests
Dr. Stephen Henson [Tue, 3 Jan 2017 17:33:31 +0000 (17:33 +0000)]
add PSS key tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoprint errors in pkey utility
Dr. Stephen Henson [Tue, 3 Jan 2017 16:07:52 +0000 (16:07 +0000)]
print errors in pkey utility

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agomake errors
Dr. Stephen Henson [Tue, 3 Jan 2017 16:00:41 +0000 (16:00 +0000)]
make errors

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoadd parameter error
Dr. Stephen Henson [Tue, 3 Jan 2017 16:00:04 +0000 (16:00 +0000)]
add parameter error

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoSet EVP_PKEY_CTX in SignerInfo
Dr. Stephen Henson [Tue, 6 Dec 2016 14:19:41 +0000 (14:19 +0000)]
Set EVP_PKEY_CTX in SignerInfo

If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoOnly allow PSS padding for PSS keys.
Dr. Stephen Henson [Tue, 6 Dec 2016 14:17:21 +0000 (14:17 +0000)]
Only allow PSS padding for PSS keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoDecode parameters properly.
Dr. Stephen Henson [Tue, 6 Dec 2016 14:01:05 +0000 (14:01 +0000)]
Decode parameters properly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoReturn errors PKCS#7/CMS enveloped data ctrls and PSS
Dr. Stephen Henson [Tue, 6 Dec 2016 00:54:19 +0000 (00:54 +0000)]
Return errors PKCS#7/CMS enveloped data ctrls and PSS

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoAdd PSS parameter restrictions.
Dr. Stephen Henson [Mon, 5 Dec 2016 14:55:23 +0000 (14:55 +0000)]
Add PSS parameter restrictions.

If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.

If the key parameters are invalid then verification or signing
initialisation returns an error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoInitial parameter restrictions.
Dr. Stephen Henson [Mon, 5 Dec 2016 14:41:32 +0000 (14:41 +0000)]
Initial parameter restrictions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoAdd rsa_pss_get_param.
Dr. Stephen Henson [Mon, 5 Dec 2016 14:00:48 +0000 (14:00 +0000)]
Add rsa_pss_get_param.

New function rsa_pss_get_param to extract and sanity check PSS parameters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7 years agoDon't allow PKCS#7/CMS encrypt with PSS.
Dr. Stephen Henson [Thu, 1 Dec 2016 21:53:58 +0000 (21:53 +0000)]
Don't allow PKCS#7/CMS encrypt with PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)