root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
18,814 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

18814 Commits

Author SHA1 Message Date
Matt Caswell 2c5dfdc357 Make CertificateVerify TLS1.3 aware 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
 2017-01-10 23:02:50 +00:00
Matt Caswell d8bc139978 Move Certificate Verify construction and processing into statem_lib.c 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
 2017-01-10 23:02:50 +00:00
Matt Caswell 3f305a80e9 Add a TODO(TLS1.3) around certificate selection 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
 2017-01-10 23:02:50 +00:00
Rich Salz 684b16953b Fix typo in Blake2 function names 
Fixes GitHub issue 2169.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2207)
 2017-01-10 16:36:03 -05:00
Kurt Roeckx 676befbeb7 Print the X509 version signed, and convert to unsigned for the hex version. 
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754
 2017-01-10 22:27:37 +01:00
Richard Levitte d95743047e Only enable CRYPTO_3DES_ECB if that name is an existing macro 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
 2017-01-10 14:59:39 +01:00
Richard Levitte 374d543f29 Small fixes of cryptodev engine 
- guard CRYPTO_3DES_CBC
- add a missing cast

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
 2017-01-10 14:59:39 +01:00
Matt Caswell 290a0419f0 Mark a HelloRequest record as read if we ignore it 
Otherwise the client will try to process it again. The second time around
it will try and move the record data into handshake fragment storage and
realise that there is no data left. At that point it marks it as read
anyway. However, it is a bug that we go around the loop a second time, so
we prevent that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2200)
 2017-01-10 12:30:15 +00:00
Iaroslav Gridin f61c5ca6ca use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals 
by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin 349b653a99 fix for BSD cryptodev 
by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin 2c5998dde6 Remove commented-out HMAC code 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin 098eb1a7b7 Style the code 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin 807d21066f Remove unused ret variable 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin 60cd1196a2 Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin f53e067451 Add AES-ECB and 3DES-ECB to cryptodev 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Nikos Mavrogiannopoulos f8e7fbd53f cryptodev: allow copying EVP contexts 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Nikos Mavrogiannopoulos efcad82bb8 cryptodev: Fix issue with signature generation 
That patch also enables support for SHA2 hashes, and
removes support for hashes that were never supported by
cryptodev.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Rich Salz 1ed327f7df Review comments 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
 2017-01-09 22:26:47 -05:00
Rich Salz 8cbfcc70bf Use typedefs for PSK, NPN, ALPN callback functions 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
 2017-01-09 22:26:47 -05:00
Rich Salz aff8c126fd Move extension data into sub-structs 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
 2017-01-09 22:26:47 -05:00
Richard Levitte 18e3ab7bc4 Fix build issues with no-dh, no-dsa and no-ec 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192)
 2017-01-09 22:45:47 +01:00
Bernd Edlinger c6d215e0d2 Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140
 2017-01-09 22:23:31 +01:00
Rich Salz 3adc41dd22 Rename "verify_cb" to SSL_verify_cb 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
 2017-01-09 16:09:50 -05:00
Rich Salz 121677b487 Doc nits: callback function typedefs 
Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
 2017-01-09 16:09:50 -05:00
Dr. Stephen Henson 9c4319bd03 Add server temp key type checks 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
 2017-01-08 19:36:59 +00:00
Dr. Stephen Henson b93ad05dba Add new ssl_test option. 
Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
 2017-01-08 19:36:59 +00:00
Dr. Stephen Henson c82bafc52e fix a few more style issues 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:52 +00:00
Dr. Stephen Henson 76951372af Documentation clarification and fixes. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:52 +00:00
Dr. Stephen Henson f291138bbe Remove unnecessary frees and style fixes. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:52 +00:00
Dr. Stephen Henson f488976ccf fix typo and remove duplicate macro 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson c916505092 Add documentation for PSS control operations. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson bc1ea030ef Use more desciptive macro name rsa_pss_restricted() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson b6b885c6b9 style issues 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson 285c7d9cdf free str on error 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson 568b9cdc64 clarify comment 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson 52ad523c0e fix various style issues 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:50 +00:00
Dr. Stephen Henson d53b1dd448 make update 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:50 +00:00
Dr. Stephen Henson 23d674e802 add test for invalid key parameters 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:50 +00:00
Dr. Stephen Henson 7751098ecd document RSA-PSS algorithm options 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:50 +00:00
Dr. Stephen Henson 1b2146855e add PSS key tests 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:50 +00:00
Dr. Stephen Henson 0396a447f2 print errors in pkey utility 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:50 +00:00
Dr. Stephen Henson 23b6699ecc make errors 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson 635fe50fcd add parameter error 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson f7a21d85b6 Set EVP_PKEY_CTX in SignerInfo 
If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson 08be0331c3 Only allow PSS padding for PSS keys. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson b35b8d116b Decode parameters properly. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson 186e48cd1b Return errors PKCS#7/CMS enveloped data ctrls and PSS 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson 59029ca113 Add PSS parameter restrictions. 
If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.

If the key parameters are invalid then verification or signing
initialisation returns an error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson cb49e7497a Initial parameter restrictions. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:48 +00:00
Dr. Stephen Henson cfd81c6d75 Add rsa_pss_get_param. 
New function rsa_pss_get_param to extract and sanity check PSS parameters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:48 +00:00