Commits · 285c7d9cdf3fb917be3361df73aae29e9e732298 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

08 Jan, 2017 33 commits

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

285c7d9c

clarify comment · 568b9cdc

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

568b9cdc

fix various style issues · 52ad523c

Dr. Stephen Henson authored Jan 05, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

52ad523c

make update · d53b1dd4

Dr. Stephen Henson authored Jan 05, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

d53b1dd4

add test for invalid key parameters · 23d674e8

Dr. Stephen Henson authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

23d674e8

document RSA-PSS algorithm options · 7751098e

Dr. Stephen Henson authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7751098e

add PSS key tests · 1b214685

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

1b214685

print errors in pkey utility · 0396a447

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

0396a447

make errors · 23b6699e

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

23b6699e

add parameter error · 635fe50f

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

635fe50f

Set EVP_PKEY_CTX in SignerInfo · f7a21d85

Dr. Stephen Henson authored Dec 06, 2016



If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

f7a21d85

Only allow PSS padding for PSS keys. · 08be0331

Dr. Stephen Henson authored Dec 06, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

08be0331

Decode parameters properly. · b35b8d11

Dr. Stephen Henson authored Dec 06, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

b35b8d11

Return errors PKCS#7/CMS enveloped data ctrls and PSS · 186e48cd

Dr. Stephen Henson authored Dec 06, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

186e48cd

Add PSS parameter restrictions. · 59029ca1

Dr. Stephen Henson authored Dec 05, 2016



If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.

If the key parameters are invalid then verification or signing
initialisation returns an error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

59029ca1

Initial parameter restrictions. · cb49e749

Dr. Stephen Henson authored Dec 05, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

cb49e749

Add rsa_pss_get_param. · cfd81c6d

Dr. Stephen Henson authored Dec 05, 2016



New function rsa_pss_get_param to extract and sanity check PSS parameters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

cfd81c6d

Don't allow PKCS#7/CMS encrypt with PSS. · 53d2260c

Dr. Stephen Henson authored Dec 01, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

53d2260c

Add macros to determine if key or ctx is PSS. · 87ee7b22

Dr. Stephen Henson authored Dec 01, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

87ee7b22

Support pad mode get/set for PSS keys. · a300c725

Dr. Stephen Henson authored Nov 30, 2016



Pad mode setting returns an error if the mode is anything other then PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

a300c725

Key gen param support. · e64b2b5c

Dr. Stephen Henson authored Nov 30, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

e64b2b5c

Set PSS padding mode for PSS keys. · ad4b3d0a

Dr. Stephen Henson authored Nov 30, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

ad4b3d0a

Digest string helper function. · 410877ba

Dr. Stephen Henson authored Nov 30, 2016



New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

410877ba

Support RSA operations in PSS. · e5e04ee3

Dr. Stephen Henson authored Nov 21, 2016



Add support for common operations in PSS by adding a new function
RSA_pkey_ctx_ctrl() which calls EVP_PKEY_CTX_ctrl if the key type
is RSA or PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

e5e04ee3

PSS EVP_PKEY method · 6577e008

Dr. Stephen Henson authored Nov 24, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

6577e008

RSA-PSS key printing. · 9503ed8b

Dr. Stephen Henson authored Nov 24, 2016



Print out RSA-PSS key parameters if present.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

9503ed8b

PSS parameter encode and decode. · 42009ae8

Dr. Stephen Henson authored Nov 24, 2016



For RSA PSS keys encode and decode parameters when handling public
and private keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

42009ae8

Split PSS parameter creation. · 47e42b3c

Dr. Stephen Henson authored Nov 21, 2016



Split PSS parameter creation. This adds a new function rsa_pss_params_create
which creates PSS parameters from digest and salt values. This will be
used for PSS key generation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

47e42b3c

Use method key type instead of EVP_PKEY_RSA · faa02fe2

Dr. Stephen Henson authored Nov 20, 2016



Make RSA method more flexible by using the key type from the
method instead of hard coding EVP_PKEY_RSA: by doing this the
same code supports both RSA and RSA-PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

faa02fe2

PSS ASN.1 method · 4e8ba747

Dr. Stephen Henson authored Nov 24, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

4e8ba747

add EVP_PKEY_RSA_PSS · ffc6fad5

Dr. Stephen Henson authored Nov 24, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

ffc6fad5

Add pss field to RSA structure and free it. · d771441d

Dr. Stephen Henson authored Nov 21, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

d771441d

Cache maskHash parameter · 6745a1ff

Dr. Stephen Henson authored Nov 24, 2016



Store hash algorithm used for MGF1 masks in PSS and OAEP modes in PSS and
OAEP parameter structure: this avoids the need to decode part of the ASN.1
structure every time it is used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

6745a1ff

06 Jan, 2017 7 commits
- Update fuzz corpora · 3b72dcd5
  Kurt Roeckx authored Jan 05, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
```
  3b72dcd5
- Make client and server fuzzer reproducible · 76d1ba3a
  Kurt Roeckx authored Jan 05, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
```
  76d1ba3a
- Make the bignum fuzzer reproducible · 13799455
  Kurt Roeckx authored Jan 05, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
```
  13799455
- Update fuzz documentation · f8d4b3be
  Kurt Roeckx authored Jan 05, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
```
  f8d4b3be
- Make rand_add predictable when fuzzing · 68f4237c
  Kurt Roeckx authored Jan 05, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
```
  68f4237c
- server fuzzer: add support for DSA and ECDSA · d2aa960e
  Kurt Roeckx authored Jan 05, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
```
  d2aa960e
- Fix various style issues following feedback · d805a57b
  Matt Caswell authored Jan 06, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
```
  d805a57b