Matt Caswell [Mon, 2 Jan 2017 11:40:16 +0000 (11:40 +0000)]
Always use TLSv1.0 for record layer version in TLSv1.3
TLSv1.3 freezes the record layer version and ensures that it is always set
to TLSv1.0. Some implementations check this.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Fri, 30 Dec 2016 15:25:47 +0000 (15:25 +0000)]
Add a TLS1.3 TODO for setting of sig algs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Fri, 30 Dec 2016 11:27:24 +0000 (11:27 +0000)]
Add some sig algs tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Fri, 30 Dec 2016 14:08:19 +0000 (14:08 +0000)]
Ignore PKCS1 based sig algs in TLSv1.3
In TLSv1.3 we must use PSS based sig algs for RSA signing. Ignore any
shared sig algs which are PKCS1 based.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Fri, 30 Dec 2016 11:26:39 +0000 (11:26 +0000)]
Verify that the sig algs extension has been sent for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 29 Dec 2016 17:11:27 +0000 (17:11 +0000)]
Fix client application traffic secret
A misreading of the TLS1.3 spec meant we were using the handshake hashes
up to and including the Client Finished to calculate the client
application traffic secret. We should be only use up until the Server
Finished.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 29 Dec 2016 15:08:47 +0000 (15:08 +0000)]
Temporarily ignore NewSessionTickets for TLS1.3
We can't handle these messages yet, so ignore them for now.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 15 Dec 2016 00:28:47 +0000 (00:28 +0000)]
Use the correct size for TLSv1.3 finished keys
We need to use the length of the handshake hash for the length of the
finished key.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 17:27:15 +0000 (17:27 +0000)]
Ensure the record sequence number gets incremented
We were not incrementing the sequence number every time we sent/received
a record.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 16:50:14 +0000 (16:50 +0000)]
Remove some unneeded functions
The sigalgs work has made some old lookup tables and functions redundant
so remove them.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 16:37:48 +0000 (16:37 +0000)]
Use NIDs instead of the old TLSv1.2 sigalgs hash and sig ids
We had an extra layer of indirection in looking up hashes and sigs based
on sigalgs which is now no longer necessary. This removes it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 14:39:38 +0000 (14:39 +0000)]
Remove a redundant function
The extensions refactor made this function redundant so we can remove it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Wed, 14 Dec 2016 14:31:21 +0000 (14:31 +0000)]
Convert Sigalgs processing to use ints
In TLSv1.2 an individual sig alg is represented by 1 byte for the hash
and 1 byte for the signature. In TLSv1.3 each sig alg is represented by
two bytes, where the two bytes together represent a single hash and
signature combination. This converts the internal representation of sigalgs
to use a single int for the pair, rather than a pair of bytes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Thu, 8 Dec 2016 16:02:51 +0000 (16:02 +0000)]
Sign CertificateVerify messages using PSS padding
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Mon, 5 Dec 2016 17:04:51 +0000 (17:04 +0000)]
Make CertificateVerify TLS1.3 aware
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Mon, 5 Dec 2016 14:59:25 +0000 (14:59 +0000)]
Move Certificate Verify construction and processing into statem_lib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Matt Caswell [Mon, 5 Dec 2016 14:58:51 +0000 (14:58 +0000)]
Add a TODO(TLS1.3) around certificate selection
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Rich Salz [Tue, 10 Jan 2017 20:40:27 +0000 (15:40 -0500)]
Fix typo in Blake2 function names
Fixes GitHub issue 2169.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2207)
Kurt Roeckx [Thu, 20 Oct 2016 18:49:22 +0000 (20:49 +0200)]
Print the X509 version signed, and convert to unsigned for the hex version.
Found by tis-interpreter
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754
Richard Levitte [Tue, 10 Jan 2017 08:20:07 +0000 (09:20 +0100)]
Only enable CRYPTO_3DES_ECB if that name is an existing macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
Richard Levitte [Tue, 10 Jan 2017 07:24:16 +0000 (08:24 +0100)]
Small fixes of cryptodev engine
- guard CRYPTO_3DES_CBC
- add a missing cast
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
Matt Caswell [Mon, 9 Jan 2017 17:29:44 +0000 (17:29 +0000)]
Mark a HelloRequest record as read if we ignore it
Otherwise the client will try to process it again. The second time around
it will try and move the record data into handshake fragment storage and
realise that there is no data left. At that point it marks it as read
anyway. However, it is a bug that we go around the loop a second time, so
we prevent that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2200)
Iaroslav Gridin [Sat, 29 Oct 2016 14:48:05 +0000 (17:48 +0300)]
use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals
by levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 14:47:03 +0000 (17:47 +0300)]
fix for BSD cryptodev
by levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 13:59:39 +0000 (16:59 +0300)]
Remove commented-out HMAC code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 13:56:31 +0000 (16:56 +0300)]
Style the code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 11:06:30 +0000 (14:06 +0300)]
Remove unused ret variable
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 10:56:09 +0000 (13:56 +0300)]
Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Iaroslav Gridin [Sat, 29 Oct 2016 10:51:31 +0000 (13:51 +0300)]
Add AES-ECB and 3DES-ECB to cryptodev
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Nikos Mavrogiannopoulos [Fri, 4 Jul 2014 06:41:04 +0000 (08:41 +0200)]
cryptodev: allow copying EVP contexts
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 10:35:14 +0000 (11:35 +0100)]
cryptodev: Fix issue with signature generation
That patch also enables support for SHA2 hashes, and
removes support for hashes that were never supported by
cryptodev.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
Rich Salz [Mon, 9 Jan 2017 17:42:15 +0000 (12:42 -0500)]
Review comments
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
Rich Salz [Sun, 11 Dec 2016 20:01:28 +0000 (15:01 -0500)]
Use typedefs for PSK, NPN, ALPN callback functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
Rich Salz [Thu, 8 Dec 2016 19:18:40 +0000 (14:18 -0500)]
Move extension data into sub-structs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
Richard Levitte [Sun, 8 Jan 2017 09:46:14 +0000 (10:46 +0100)]
Fix build issues with no-dh, no-dsa and no-ec
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192)
Bernd Edlinger [Fri, 23 Dec 2016 13:35:16 +0000 (14:35 +0100)]
Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140
Rich Salz [Sun, 8 Jan 2017 17:50:52 +0000 (12:50 -0500)]
Rename "verify_cb" to SSL_verify_cb
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
Rich Salz [Tue, 27 Dec 2016 20:00:06 +0000 (15:00 -0500)]
Doc nits: callback function typedefs
Enhance find-doc-nits to be better about finding typedefs for
callback functions. Fix all nits it now finds. Added some new
typedef names to ssl.h some of which were documented but did not
exist
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
Dr. Stephen Henson [Sun, 8 Jan 2017 19:36:20 +0000 (19:36 +0000)]
Add server temp key type checks
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
Dr. Stephen Henson [Sun, 8 Jan 2017 00:09:08 +0000 (00:09 +0000)]
Add new ssl_test option.
Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
Dr. Stephen Henson [Sat, 7 Jan 2017 17:17:30 +0000 (17:17 +0000)]
fix a few more style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 22:49:01 +0000 (22:49 +0000)]
Documentation clarification and fixes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 17:51:28 +0000 (17:51 +0000)]
Remove unnecessary frees and style fixes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 17:26:11 +0000 (17:26 +0000)]
fix typo and remove duplicate macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 14:41:04 +0000 (14:41 +0000)]
Add documentation for PSS control operations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 13:36:37 +0000 (13:36 +0000)]
Use more desciptive macro name rsa_pss_restricted()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 13:12:28 +0000 (13:12 +0000)]
style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 13:12:17 +0000 (13:12 +0000)]
free str on error
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Fri, 6 Jan 2017 13:11:50 +0000 (13:11 +0000)]
clarify comment
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 5 Jan 2017 23:18:28 +0000 (23:18 +0000)]
fix various style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 5 Jan 2017 18:52:59 +0000 (18:52 +0000)]
make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 4 Jan 2017 17:32:03 +0000 (17:32 +0000)]
add test for invalid key parameters
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 4 Jan 2017 14:06:44 +0000 (14:06 +0000)]
document RSA-PSS algorithm options
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 3 Jan 2017 17:33:31 +0000 (17:33 +0000)]
add PSS key tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 3 Jan 2017 16:07:52 +0000 (16:07 +0000)]
print errors in pkey utility
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 3 Jan 2017 16:00:41 +0000 (16:00 +0000)]
make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 3 Jan 2017 16:00:04 +0000 (16:00 +0000)]
add parameter error
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 6 Dec 2016 14:19:41 +0000 (14:19 +0000)]
Set EVP_PKEY_CTX in SignerInfo
If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 6 Dec 2016 14:17:21 +0000 (14:17 +0000)]
Only allow PSS padding for PSS keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 6 Dec 2016 14:01:05 +0000 (14:01 +0000)]
Decode parameters properly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Tue, 6 Dec 2016 00:54:19 +0000 (00:54 +0000)]
Return errors PKCS#7/CMS enveloped data ctrls and PSS
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 5 Dec 2016 14:55:23 +0000 (14:55 +0000)]
Add PSS parameter restrictions.
If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.
If the key parameters are invalid then verification or signing
initialisation returns an error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 5 Dec 2016 14:41:32 +0000 (14:41 +0000)]
Initial parameter restrictions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 5 Dec 2016 14:00:48 +0000 (14:00 +0000)]
Add rsa_pss_get_param.
New function rsa_pss_get_param to extract and sanity check PSS parameters.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 1 Dec 2016 21:53:58 +0000 (21:53 +0000)]
Don't allow PKCS#7/CMS encrypt with PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 1 Dec 2016 21:46:31 +0000 (21:46 +0000)]
Add macros to determine if key or ctx is PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 30 Nov 2016 18:26:10 +0000 (18:26 +0000)]
Support pad mode get/set for PSS keys.
Pad mode setting returns an error if the mode is anything other then PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 30 Nov 2016 16:55:30 +0000 (16:55 +0000)]
Key gen param support.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 30 Nov 2016 16:23:18 +0000 (16:23 +0000)]
Set PSS padding mode for PSS keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Wed, 30 Nov 2016 16:21:01 +0000 (16:21 +0000)]
Digest string helper function.
New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 21 Nov 2016 00:44:01 +0000 (00:44 +0000)]
Support RSA operations in PSS.
Add support for common operations in PSS by adding a new function
RSA_pkey_ctx_ctrl() which calls EVP_PKEY_CTX_ctrl if the key type
is RSA or PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 21:44:50 +0000 (21:44 +0000)]
PSS EVP_PKEY method
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 14:22:22 +0000 (14:22 +0000)]
RSA-PSS key printing.
Print out RSA-PSS key parameters if present.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 00:58:33 +0000 (00:58 +0000)]
PSS parameter encode and decode.
For RSA PSS keys encode and decode parameters when handling public
and private keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 21 Nov 2016 01:35:30 +0000 (01:35 +0000)]
Split PSS parameter creation.
Split PSS parameter creation. This adds a new function rsa_pss_params_create
which creates PSS parameters from digest and salt values. This will be
used for PSS key generation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Sun, 20 Nov 2016 04:17:30 +0000 (04:17 +0000)]
Use method key type instead of EVP_PKEY_RSA
Make RSA method more flexible by using the key type from the
method instead of hard coding EVP_PKEY_RSA: by doing this the
same code supports both RSA and RSA-PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 21:42:49 +0000 (21:42 +0000)]
PSS ASN.1 method
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 21:50:26 +0000 (21:50 +0000)]
add EVP_PKEY_RSA_PSS
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Mon, 21 Nov 2016 01:34:56 +0000 (01:34 +0000)]
Add pss field to RSA structure and free it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Dr. Stephen Henson [Thu, 24 Nov 2016 18:51:54 +0000 (18:51 +0000)]
Cache maskHash parameter
Store hash algorithm used for MGF1 masks in PSS and OAEP modes in PSS and
OAEP parameter structure: this avoids the need to decode part of the ASN.1
structure every time it is used.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Kurt Roeckx [Thu, 5 Jan 2017 20:55:40 +0000 (21:55 +0100)]
Update fuzz corpora
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 19:18:29 +0000 (20:18 +0100)]
Make client and server fuzzer reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 19:13:10 +0000 (20:13 +0100)]
Make the bignum fuzzer reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 19:12:05 +0000 (20:12 +0100)]
Update fuzz documentation
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 18:59:14 +0000 (19:59 +0100)]
Make rand_add predictable when fuzzing
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Kurt Roeckx [Thu, 5 Jan 2017 19:20:14 +0000 (20:20 +0100)]
server fuzzer: add support for DSA and ECDSA
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
Matt Caswell [Fri, 6 Jan 2017 11:01:14 +0000 (11:01 +0000)]
Fix various style issues following feedback
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Thu, 5 Jan 2017 16:12:56 +0000 (16:12 +0000)]
Rename the chain variable to chainidx
This variable represents the index of the cert within the chain, so give it
a name that better represents that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Thu, 5 Jan 2017 15:05:20 +0000 (15:05 +0000)]
Fix a double blank line style issue
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Mon, 2 Jan 2017 11:16:37 +0000 (11:16 +0000)]
Initialise the al variable
al can be used uninitialised in an error path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Fri, 2 Dec 2016 17:14:59 +0000 (17:14 +0000)]
Update SSL_trace to understand TLSv1.3 Certificates
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Fri, 2 Dec 2016 14:46:54 +0000 (14:46 +0000)]
Implement TLSv1.3 style CertificateStatus
We remove the separate CertificateStatus message for TLSv1.3, and instead
send back the response in the appropriate Certificate message extension.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Fri, 2 Dec 2016 09:14:15 +0000 (09:14 +0000)]
Create Certificate messages in TLS1.3 format
Also updates TLSProxy to be able to understand the format and parse the
contained extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Thu, 1 Dec 2016 15:21:08 +0000 (15:21 +0000)]
Extends extension parsing to take the Certificate
Continuing from the previous commit we also need to extend the extensions
framework to supply the Certificate we just read during parsing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Matt Caswell [Thu, 1 Dec 2016 15:00:37 +0000 (15:00 +0000)]
Extend tls_construct_extensions() to enable passing of a certificate
The Certificate message in TLS1.3 has an extensions block for each
Certificate. Therefore we need to extend tls_construct_extensions() to pass
in the certificate we are working on. We also pass in the position in the
chain (with 0 being the first certificate).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Dr. Stephen Henson [Thu, 5 Jan 2017 19:27:41 +0000 (19:27 +0000)]
Remove BIO_seek/BIO_tell from evp_test.c
BIO_seek and BIO_tell can cause problems with evp_test.c on some platforms.
Avoid them by using a temporary memory BIO to store key PEM data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2183)
Richard Levitte [Wed, 4 Jan 2017 08:34:42 +0000 (09:34 +0100)]
Don't run MSBLOB conversion tests when RSA or DSA are disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2174)
Richard Levitte [Wed, 4 Jan 2017 08:16:29 +0000 (09:16 +0100)]
Don't run OCSP tests when OCSP is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)
Richard Levitte [Wed, 4 Jan 2017 08:16:07 +0000 (09:16 +0100)]
Don't build OCSP stuff when OCSP is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)
Richard Levitte [Wed, 4 Jan 2017 07:47:05 +0000 (08:47 +0100)]
Don't test SRP when it's disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2172)