openssl.git
2 years agoExtend PSS signature support to TLSv1.2
Matt Caswell [Tue, 3 Jan 2017 10:01:39 +0000 (10:01 +0000)]
Extend PSS signature support to TLSv1.2

TLSv1.3 introduces PSS based sigalgs. Offering these in a TLSv1.3 client
implies that the client is prepared to accept these sigalgs even in
TLSv1.2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoFix test_sslversions to know that TLSv1.3 sets record version to TLSv1.0
Matt Caswell [Mon, 2 Jan 2017 11:52:57 +0000 (11:52 +0000)]
Fix test_sslversions to know that TLSv1.3 sets record version to TLSv1.0

This also acts as a test for the bug fixed in the previous commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoAlways use TLSv1.0 for record layer version in TLSv1.3
Matt Caswell [Mon, 2 Jan 2017 11:40:16 +0000 (11:40 +0000)]
Always use TLSv1.0 for record layer version in TLSv1.3

TLSv1.3 freezes the record layer version and ensures that it is always set
to TLSv1.0. Some implementations check this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoAdd a TLS1.3 TODO for setting of sig algs
Matt Caswell [Fri, 30 Dec 2016 15:25:47 +0000 (15:25 +0000)]
Add a TLS1.3 TODO for setting of sig algs

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoAdd some sig algs tests
Matt Caswell [Fri, 30 Dec 2016 11:27:24 +0000 (11:27 +0000)]
Add some sig algs tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoIgnore PKCS1 based sig algs in TLSv1.3
Matt Caswell [Fri, 30 Dec 2016 14:08:19 +0000 (14:08 +0000)]
Ignore PKCS1 based sig algs in TLSv1.3

In TLSv1.3 we must use PSS based sig algs for RSA signing. Ignore any
shared sig algs which are PKCS1 based.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoVerify that the sig algs extension has been sent for TLSv1.3
Matt Caswell [Fri, 30 Dec 2016 11:26:39 +0000 (11:26 +0000)]
Verify that the sig algs extension has been sent for TLSv1.3

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoFix client application traffic secret
Matt Caswell [Thu, 29 Dec 2016 17:11:27 +0000 (17:11 +0000)]
Fix client application traffic secret

A misreading of the TLS1.3 spec meant we were using the handshake hashes
up to and including the Client Finished to calculate the client
application traffic secret. We should be only use up until the Server
Finished.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoTemporarily ignore NewSessionTickets for TLS1.3
Matt Caswell [Thu, 29 Dec 2016 15:08:47 +0000 (15:08 +0000)]
Temporarily ignore NewSessionTickets for TLS1.3

We can't handle these messages yet, so ignore them for now.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoUse the correct size for TLSv1.3 finished keys
Matt Caswell [Thu, 15 Dec 2016 00:28:47 +0000 (00:28 +0000)]
Use the correct size for TLSv1.3 finished keys

We need to use the length of the handshake hash for the length of the
finished key.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoEnsure the record sequence number gets incremented
Matt Caswell [Wed, 14 Dec 2016 17:27:15 +0000 (17:27 +0000)]
Ensure the record sequence number gets incremented

We were not incrementing the sequence number every time we sent/received
a record.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoRemove some unneeded functions
Matt Caswell [Wed, 14 Dec 2016 16:50:14 +0000 (16:50 +0000)]
Remove some unneeded functions

The sigalgs work has made some old lookup tables and functions redundant
so remove them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoUse NIDs instead of the old TLSv1.2 sigalgs hash and sig ids
Matt Caswell [Wed, 14 Dec 2016 16:37:48 +0000 (16:37 +0000)]
Use NIDs instead of the old TLSv1.2 sigalgs hash and sig ids

We had an extra layer of indirection in looking up hashes and sigs based
on sigalgs which is now no longer necessary. This removes it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoRemove a redundant function
Matt Caswell [Wed, 14 Dec 2016 14:39:38 +0000 (14:39 +0000)]
Remove a redundant function

The extensions refactor made this function redundant so we can remove it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoConvert Sigalgs processing to use ints
Matt Caswell [Wed, 14 Dec 2016 14:31:21 +0000 (14:31 +0000)]
Convert Sigalgs processing to use ints

In TLSv1.2 an individual sig alg is represented by 1 byte for the hash
and 1 byte for the signature. In TLSv1.3 each sig alg is represented by
two bytes, where the two bytes together represent a single hash and
signature combination. This converts the internal representation of sigalgs
to use a single int for the pair, rather than a pair of bytes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoSign CertificateVerify messages using PSS padding
Matt Caswell [Thu, 8 Dec 2016 16:02:51 +0000 (16:02 +0000)]
Sign CertificateVerify messages using PSS padding

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoMake CertificateVerify TLS1.3 aware
Matt Caswell [Mon, 5 Dec 2016 17:04:51 +0000 (17:04 +0000)]
Make CertificateVerify TLS1.3 aware

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoMove Certificate Verify construction and processing into statem_lib.c
Matt Caswell [Mon, 5 Dec 2016 14:59:25 +0000 (14:59 +0000)]
Move Certificate Verify construction and processing into statem_lib.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoAdd a TODO(TLS1.3) around certificate selection
Matt Caswell [Mon, 5 Dec 2016 14:58:51 +0000 (14:58 +0000)]
Add a TODO(TLS1.3) around certificate selection

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

2 years agoFix typo in Blake2 function names
Rich Salz [Tue, 10 Jan 2017 20:40:27 +0000 (15:40 -0500)]
Fix typo in Blake2 function names

Fixes GitHub issue 2169.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2207)

2 years agoPrint the X509 version signed, and convert to unsigned for the hex version.
Kurt Roeckx [Thu, 20 Oct 2016 18:49:22 +0000 (20:49 +0200)]
Print the X509 version signed, and convert to unsigned for the hex version.

Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754

2 years agoOnly enable CRYPTO_3DES_ECB if that name is an existing macro
Richard Levitte [Tue, 10 Jan 2017 08:20:07 +0000 (09:20 +0100)]
Only enable CRYPTO_3DES_ECB if that name is an existing macro

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)

2 years agoSmall fixes of cryptodev engine
Richard Levitte [Tue, 10 Jan 2017 07:24:16 +0000 (08:24 +0100)]
Small fixes of cryptodev engine

- guard CRYPTO_3DES_CBC
- add a missing cast

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)

2 years agoMark a HelloRequest record as read if we ignore it
Matt Caswell [Mon, 9 Jan 2017 17:29:44 +0000 (17:29 +0000)]
Mark a HelloRequest record as read if we ignore it

Otherwise the client will try to process it again. The second time around
it will try and move the record data into handshake fragment storage and
realise that there is no data left. At that point it marks it as read
anyway. However, it is a bug that we go around the loop a second time, so
we prevent that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2200)

2 years agouse EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals
Iaroslav Gridin [Sat, 29 Oct 2016 14:48:05 +0000 (17:48 +0300)]
use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals

by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2 years agofix for BSD cryptodev
Iaroslav Gridin [Sat, 29 Oct 2016 14:47:03 +0000 (17:47 +0300)]
fix for BSD cryptodev

by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2 years agoRemove commented-out HMAC code
Iaroslav Gridin [Sat, 29 Oct 2016 13:59:39 +0000 (16:59 +0300)]
Remove commented-out HMAC code

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2 years agoStyle the code
Iaroslav Gridin [Sat, 29 Oct 2016 13:56:31 +0000 (16:56 +0300)]
Style the code

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2 years agoRemove unused ret variable
Iaroslav Gridin [Sat, 29 Oct 2016 11:06:30 +0000 (14:06 +0300)]
Remove unused ret variable

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2 years agoRemove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev
Iaroslav Gridin [Sat, 29 Oct 2016 10:56:09 +0000 (13:56 +0300)]
Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2 years agoAdd AES-ECB and 3DES-ECB to cryptodev
Iaroslav Gridin [Sat, 29 Oct 2016 10:51:31 +0000 (13:51 +0300)]
Add AES-ECB and 3DES-ECB to cryptodev

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2 years agocryptodev: allow copying EVP contexts
Nikos Mavrogiannopoulos [Fri, 4 Jul 2014 06:41:04 +0000 (08:41 +0200)]
cryptodev: allow copying EVP contexts

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2 years agocryptodev: Fix issue with signature generation
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 10:35:14 +0000 (11:35 +0100)]
cryptodev: Fix issue with signature generation

That patch also enables support for SHA2 hashes, and
removes support for hashes that were never supported by
cryptodev.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2 years agoReview comments
Rich Salz [Mon, 9 Jan 2017 17:42:15 +0000 (12:42 -0500)]
Review comments

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

2 years agoUse typedefs for PSK, NPN, ALPN callback functions
Rich Salz [Sun, 11 Dec 2016 20:01:28 +0000 (15:01 -0500)]
Use typedefs for PSK, NPN, ALPN callback functions

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

2 years agoMove extension data into sub-structs
Rich Salz [Thu, 8 Dec 2016 19:18:40 +0000 (14:18 -0500)]
Move extension data into sub-structs

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

2 years agoFix build issues with no-dh, no-dsa and no-ec
Richard Levitte [Sun, 8 Jan 2017 09:46:14 +0000 (10:46 +0100)]
Fix build issues with no-dh, no-dsa and no-ec

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192)

2 years agoFix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
Bernd Edlinger [Fri, 23 Dec 2016 13:35:16 +0000 (14:35 +0100)]
Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140

2 years agoRename "verify_cb" to SSL_verify_cb
Rich Salz [Sun, 8 Jan 2017 17:50:52 +0000 (12:50 -0500)]
Rename "verify_cb" to SSL_verify_cb

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)

2 years agoDoc nits: callback function typedefs
Rich Salz [Tue, 27 Dec 2016 20:00:06 +0000 (15:00 -0500)]
Doc nits: callback function typedefs

Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)

2 years agoAdd server temp key type checks
Dr. Stephen Henson [Sun, 8 Jan 2017 19:36:20 +0000 (19:36 +0000)]
Add server temp key type checks

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)

2 years agoAdd new ssl_test option.
Dr. Stephen Henson [Sun, 8 Jan 2017 00:09:08 +0000 (00:09 +0000)]
Add new ssl_test option.

Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)

2 years agofix a few more style issues
Dr. Stephen Henson [Sat, 7 Jan 2017 17:17:30 +0000 (17:17 +0000)]
fix a few more style issues

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoDocumentation clarification and fixes.
Dr. Stephen Henson [Fri, 6 Jan 2017 22:49:01 +0000 (22:49 +0000)]
Documentation clarification and fixes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoRemove unnecessary frees and style fixes.
Dr. Stephen Henson [Fri, 6 Jan 2017 17:51:28 +0000 (17:51 +0000)]
Remove unnecessary frees and style fixes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agofix typo and remove duplicate macro
Dr. Stephen Henson [Fri, 6 Jan 2017 17:26:11 +0000 (17:26 +0000)]
fix typo and remove duplicate macro

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoAdd documentation for PSS control operations.
Dr. Stephen Henson [Fri, 6 Jan 2017 14:41:04 +0000 (14:41 +0000)]
Add documentation for PSS control operations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoUse more desciptive macro name rsa_pss_restricted()
Dr. Stephen Henson [Fri, 6 Jan 2017 13:36:37 +0000 (13:36 +0000)]
Use more desciptive macro name rsa_pss_restricted()

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agostyle issues
Dr. Stephen Henson [Fri, 6 Jan 2017 13:12:28 +0000 (13:12 +0000)]
style issues

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agofree str on error
Dr. Stephen Henson [Fri, 6 Jan 2017 13:12:17 +0000 (13:12 +0000)]
free str on error

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoclarify comment
Dr. Stephen Henson [Fri, 6 Jan 2017 13:11:50 +0000 (13:11 +0000)]
clarify comment

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agofix various style issues
Dr. Stephen Henson [Thu, 5 Jan 2017 23:18:28 +0000 (23:18 +0000)]
fix various style issues

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agomake update
Dr. Stephen Henson [Thu, 5 Jan 2017 18:52:59 +0000 (18:52 +0000)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoadd test for invalid key parameters
Dr. Stephen Henson [Wed, 4 Jan 2017 17:32:03 +0000 (17:32 +0000)]
add test for invalid key parameters

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agodocument RSA-PSS algorithm options
Dr. Stephen Henson [Wed, 4 Jan 2017 14:06:44 +0000 (14:06 +0000)]
document RSA-PSS algorithm options

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoadd PSS key tests
Dr. Stephen Henson [Tue, 3 Jan 2017 17:33:31 +0000 (17:33 +0000)]
add PSS key tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoprint errors in pkey utility
Dr. Stephen Henson [Tue, 3 Jan 2017 16:07:52 +0000 (16:07 +0000)]
print errors in pkey utility

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agomake errors
Dr. Stephen Henson [Tue, 3 Jan 2017 16:00:41 +0000 (16:00 +0000)]
make errors

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoadd parameter error
Dr. Stephen Henson [Tue, 3 Jan 2017 16:00:04 +0000 (16:00 +0000)]
add parameter error

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoSet EVP_PKEY_CTX in SignerInfo
Dr. Stephen Henson [Tue, 6 Dec 2016 14:19:41 +0000 (14:19 +0000)]
Set EVP_PKEY_CTX in SignerInfo

If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoOnly allow PSS padding for PSS keys.
Dr. Stephen Henson [Tue, 6 Dec 2016 14:17:21 +0000 (14:17 +0000)]
Only allow PSS padding for PSS keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoDecode parameters properly.
Dr. Stephen Henson [Tue, 6 Dec 2016 14:01:05 +0000 (14:01 +0000)]
Decode parameters properly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoReturn errors PKCS#7/CMS enveloped data ctrls and PSS
Dr. Stephen Henson [Tue, 6 Dec 2016 00:54:19 +0000 (00:54 +0000)]
Return errors PKCS#7/CMS enveloped data ctrls and PSS

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoAdd PSS parameter restrictions.
Dr. Stephen Henson [Mon, 5 Dec 2016 14:55:23 +0000 (14:55 +0000)]
Add PSS parameter restrictions.

If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.

If the key parameters are invalid then verification or signing
initialisation returns an error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoInitial parameter restrictions.
Dr. Stephen Henson [Mon, 5 Dec 2016 14:41:32 +0000 (14:41 +0000)]
Initial parameter restrictions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoAdd rsa_pss_get_param.
Dr. Stephen Henson [Mon, 5 Dec 2016 14:00:48 +0000 (14:00 +0000)]
Add rsa_pss_get_param.

New function rsa_pss_get_param to extract and sanity check PSS parameters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoDon't allow PKCS#7/CMS encrypt with PSS.
Dr. Stephen Henson [Thu, 1 Dec 2016 21:53:58 +0000 (21:53 +0000)]
Don't allow PKCS#7/CMS encrypt with PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoAdd macros to determine if key or ctx is PSS.
Dr. Stephen Henson [Thu, 1 Dec 2016 21:46:31 +0000 (21:46 +0000)]
Add macros to determine if key or ctx is PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoSupport pad mode get/set for PSS keys.
Dr. Stephen Henson [Wed, 30 Nov 2016 18:26:10 +0000 (18:26 +0000)]
Support pad mode get/set for PSS keys.

Pad mode setting returns an error if the mode is anything other then PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoKey gen param support.
Dr. Stephen Henson [Wed, 30 Nov 2016 16:55:30 +0000 (16:55 +0000)]
Key gen param support.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoSet PSS padding mode for PSS keys.
Dr. Stephen Henson [Wed, 30 Nov 2016 16:23:18 +0000 (16:23 +0000)]
Set PSS padding mode for PSS keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoDigest string helper function.
Dr. Stephen Henson [Wed, 30 Nov 2016 16:21:01 +0000 (16:21 +0000)]
Digest string helper function.

New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoSupport RSA operations in PSS.
Dr. Stephen Henson [Mon, 21 Nov 2016 00:44:01 +0000 (00:44 +0000)]
Support RSA operations in PSS.

Add support for common operations in PSS by adding a new function
RSA_pkey_ctx_ctrl() which calls EVP_PKEY_CTX_ctrl if the key type
is RSA or PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoPSS EVP_PKEY method
Dr. Stephen Henson [Thu, 24 Nov 2016 21:44:50 +0000 (21:44 +0000)]
PSS EVP_PKEY method

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoRSA-PSS key printing.
Dr. Stephen Henson [Thu, 24 Nov 2016 14:22:22 +0000 (14:22 +0000)]
RSA-PSS key printing.

Print out RSA-PSS key parameters if present.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoPSS parameter encode and decode.
Dr. Stephen Henson [Thu, 24 Nov 2016 00:58:33 +0000 (00:58 +0000)]
PSS parameter encode and decode.

For RSA PSS keys encode and decode parameters when handling public
and private keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoSplit PSS parameter creation.
Dr. Stephen Henson [Mon, 21 Nov 2016 01:35:30 +0000 (01:35 +0000)]
Split PSS parameter creation.

Split PSS parameter creation. This adds a new function rsa_pss_params_create
which creates PSS parameters from digest and salt values. This will be
used for PSS key generation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoUse method key type instead of EVP_PKEY_RSA
Dr. Stephen Henson [Sun, 20 Nov 2016 04:17:30 +0000 (04:17 +0000)]
Use method key type instead of EVP_PKEY_RSA

Make RSA method more flexible by using the key type from the
method instead of hard coding EVP_PKEY_RSA: by doing this the
same code supports both RSA and RSA-PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoPSS ASN.1 method
Dr. Stephen Henson [Thu, 24 Nov 2016 21:42:49 +0000 (21:42 +0000)]
PSS ASN.1 method

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoadd EVP_PKEY_RSA_PSS
Dr. Stephen Henson [Thu, 24 Nov 2016 21:50:26 +0000 (21:50 +0000)]
add EVP_PKEY_RSA_PSS

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoAdd pss field to RSA structure and free it.
Dr. Stephen Henson [Mon, 21 Nov 2016 01:34:56 +0000 (01:34 +0000)]
Add pss field to RSA structure and free it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoCache maskHash parameter
Dr. Stephen Henson [Thu, 24 Nov 2016 18:51:54 +0000 (18:51 +0000)]
Cache maskHash parameter

Store hash algorithm used for MGF1 masks in PSS and OAEP modes in PSS and
OAEP parameter structure: this avoids the need to decode part of the ASN.1
structure every time it is used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

2 years agoUpdate fuzz corpora
Kurt Roeckx [Thu, 5 Jan 2017 20:55:40 +0000 (21:55 +0100)]
Update fuzz corpora

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

2 years agoMake client and server fuzzer reproducible
Kurt Roeckx [Thu, 5 Jan 2017 19:18:29 +0000 (20:18 +0100)]
Make client and server fuzzer reproducible

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

2 years agoMake the bignum fuzzer reproducible
Kurt Roeckx [Thu, 5 Jan 2017 19:13:10 +0000 (20:13 +0100)]
Make the bignum fuzzer reproducible

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

2 years agoUpdate fuzz documentation
Kurt Roeckx [Thu, 5 Jan 2017 19:12:05 +0000 (20:12 +0100)]
Update fuzz documentation

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

2 years agoMake rand_add predictable when fuzzing
Kurt Roeckx [Thu, 5 Jan 2017 18:59:14 +0000 (19:59 +0100)]
Make rand_add predictable when fuzzing

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

2 years agoserver fuzzer: add support for DSA and ECDSA
Kurt Roeckx [Thu, 5 Jan 2017 19:20:14 +0000 (20:20 +0100)]
server fuzzer: add support for DSA and ECDSA

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182

2 years agoFix various style issues following feedback
Matt Caswell [Fri, 6 Jan 2017 11:01:14 +0000 (11:01 +0000)]
Fix various style issues following feedback

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

2 years agoRename the chain variable to chainidx
Matt Caswell [Thu, 5 Jan 2017 16:12:56 +0000 (16:12 +0000)]
Rename the chain variable to chainidx

This variable represents the index of the cert within the chain, so give it
a name that better represents that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

2 years agoFix a double blank line style issue
Matt Caswell [Thu, 5 Jan 2017 15:05:20 +0000 (15:05 +0000)]
Fix a double blank line style issue

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

2 years agoInitialise the al variable
Matt Caswell [Mon, 2 Jan 2017 11:16:37 +0000 (11:16 +0000)]
Initialise the al variable

al can be used uninitialised in an error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

2 years agoUpdate SSL_trace to understand TLSv1.3 Certificates
Matt Caswell [Fri, 2 Dec 2016 17:14:59 +0000 (17:14 +0000)]
Update SSL_trace to understand TLSv1.3 Certificates

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

2 years agoImplement TLSv1.3 style CertificateStatus
Matt Caswell [Fri, 2 Dec 2016 14:46:54 +0000 (14:46 +0000)]
Implement TLSv1.3 style CertificateStatus

We remove the separate CertificateStatus message for TLSv1.3, and instead
send back the response in the appropriate Certificate message extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

2 years agoCreate Certificate messages in TLS1.3 format
Matt Caswell [Fri, 2 Dec 2016 09:14:15 +0000 (09:14 +0000)]
Create Certificate messages in TLS1.3 format

Also updates TLSProxy to be able to understand the format and parse the
contained extensions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

2 years agoExtends extension parsing to take the Certificate
Matt Caswell [Thu, 1 Dec 2016 15:21:08 +0000 (15:21 +0000)]
Extends extension parsing to take the Certificate

Continuing from the previous commit we also need to extend the extensions
framework to supply the Certificate we just read during parsing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

2 years agoExtend tls_construct_extensions() to enable passing of a certificate
Matt Caswell [Thu, 1 Dec 2016 15:00:37 +0000 (15:00 +0000)]
Extend tls_construct_extensions() to enable passing of a certificate

The Certificate message in TLS1.3 has an extensions block for each
Certificate. Therefore we need to extend tls_construct_extensions() to pass
in the certificate we are working on. We also pass in the position in the
chain (with 0 being the first certificate).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

2 years agoRemove BIO_seek/BIO_tell from evp_test.c
Dr. Stephen Henson [Thu, 5 Jan 2017 19:27:41 +0000 (19:27 +0000)]
Remove BIO_seek/BIO_tell from evp_test.c

BIO_seek and BIO_tell can cause problems with evp_test.c on some platforms.
Avoid them by using a temporary memory BIO to store key PEM data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2183)

2 years agoDon't run MSBLOB conversion tests when RSA or DSA are disabled
Richard Levitte [Wed, 4 Jan 2017 08:34:42 +0000 (09:34 +0100)]
Don't run MSBLOB conversion tests when RSA or DSA are disabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2174)

2 years agoDon't run OCSP tests when OCSP is disabled
Richard Levitte [Wed, 4 Jan 2017 08:16:29 +0000 (09:16 +0100)]
Don't run OCSP tests when OCSP is disabled

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)