Commits · aff8c126fd8db84fa4ef623997a8c4200a14a44f · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 10, 2017

Move extension data into sub-structs · aff8c126

Rich Salz authored Dec 08, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

aff8c126

Jan 09, 2017

Fix build issues with no-dh, no-dsa and no-ec · 18e3ab7b

Richard Levitte authored Jan 08, 2017



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192)

18e3ab7b

Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1 · c6d215e0

Bernd Edlinger authored Dec 23, 2016



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140

c6d215e0

Rename "verify_cb" to SSL_verify_cb · 3adc41dd

Rich Salz authored Jan 08, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)

3adc41dd

Doc nits: callback function typedefs · 121677b4

Rich Salz authored Dec 27, 2016



Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)

121677b4

Jan 08, 2017

Add server temp key type checks · 9c4319bd

Dr. Stephen Henson authored Jan 08, 2017



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)

9c4319bd

Add new ssl_test option. · b93ad05d

Dr. Stephen Henson authored Jan 08, 2017



Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)

b93ad05d

fix a few more style issues · c82bafc5

Dr. Stephen Henson authored Jan 07, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

c82bafc5

Documentation clarification and fixes. · 76951372

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

76951372

Remove unnecessary frees and style fixes. · f291138b

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

f291138b

fix typo and remove duplicate macro · f488976c

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

f488976c

Add documentation for PSS control operations. · c9165050

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

c9165050

Use more desciptive macro name rsa_pss_restricted() · bc1ea030

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

bc1ea030

style issues · b6b885c6

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

b6b885c6

free str on error · 285c7d9c

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

285c7d9c

clarify comment · 568b9cdc

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

568b9cdc

fix various style issues · 52ad523c

Dr. Stephen Henson authored Jan 05, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

52ad523c

make update · d53b1dd4

Dr. Stephen Henson authored Jan 05, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

d53b1dd4

add test for invalid key parameters · 23d674e8

Dr. Stephen Henson authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

23d674e8

document RSA-PSS algorithm options · 7751098e

Dr. Stephen Henson authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7751098e

add PSS key tests · 1b214685

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

1b214685

print errors in pkey utility · 0396a447

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

0396a447

make errors · 23b6699e

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

23b6699e

add parameter error · 635fe50f

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

635fe50f

Set EVP_PKEY_CTX in SignerInfo · f7a21d85

Dr. Stephen Henson authored Dec 06, 2016



If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

f7a21d85

Only allow PSS padding for PSS keys. · 08be0331

Dr. Stephen Henson authored Dec 06, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

08be0331

Decode parameters properly. · b35b8d11

Dr. Stephen Henson authored Dec 06, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

b35b8d11

Return errors PKCS#7/CMS enveloped data ctrls and PSS · 186e48cd

Dr. Stephen Henson authored Dec 06, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

186e48cd

Add PSS parameter restrictions. · 59029ca1

Dr. Stephen Henson authored Dec 05, 2016



If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.

If the key parameters are invalid then verification or signing
initialisation returns an error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

59029ca1

Initial parameter restrictions. · cb49e749

Dr. Stephen Henson authored Dec 05, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

cb49e749

Add rsa_pss_get_param. · cfd81c6d

Dr. Stephen Henson authored Dec 05, 2016



New function rsa_pss_get_param to extract and sanity check PSS parameters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

cfd81c6d

Don't allow PKCS#7/CMS encrypt with PSS. · 53d2260c

Dr. Stephen Henson authored Dec 01, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

53d2260c

Add macros to determine if key or ctx is PSS. · 87ee7b22

Dr. Stephen Henson authored Dec 01, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

87ee7b22

Support pad mode get/set for PSS keys. · a300c725

Dr. Stephen Henson authored Nov 30, 2016



Pad mode setting returns an error if the mode is anything other then PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

a300c725

Key gen param support. · e64b2b5c

Dr. Stephen Henson authored Nov 30, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

e64b2b5c

Set PSS padding mode for PSS keys. · ad4b3d0a

Dr. Stephen Henson authored Nov 30, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

ad4b3d0a

Digest string helper function. · 410877ba

Dr. Stephen Henson authored Nov 30, 2016



New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

410877ba

Support RSA operations in PSS. · e5e04ee3

Dr. Stephen Henson authored Nov 21, 2016



Add support for common operations in PSS by adding a new function
RSA_pkey_ctx_ctrl() which calls EVP_PKEY_CTX_ctrl if the key type
is RSA or PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

e5e04ee3

PSS EVP_PKEY method · 6577e008

Dr. Stephen Henson authored Nov 24, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

6577e008

RSA-PSS key printing. · 9503ed8b

Dr. Stephen Henson authored Nov 24, 2016



Print out RSA-PSS key parameters if present.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

9503ed8b