- Jan 26, 2018
-
-
Benjamin Kaduk authored
Make the sigalg name in comments reflect one that actually exists in the draft standard. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5174)
-
Benjamin Kaduk authored
The latest TLS 1.3 draft split the RSA-PSS signature schemes into two versions that indicate the OID of the RSA key being used. This forced us to rename the preprocessor defines for the sigalg values, and the ssl-trace code was not adopted to match, since it was not enabled int the default build. Belatedly update the ssl_sigalg_tbl in the trace code to match. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5174)
-
Benjamin Kaduk authored
The check for a duplicate value was reading one entry past where it was supposed to, getting an uninitialized value. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5172)
-
- Jan 25, 2018
-
-
Benjamin Kaduk authored
We don't need to send this extension in normal operation since we are our own X.509 library, but add some test cases that force the extension to be sent and exercise our code to process the extension. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5068)
-
Benjamin Kaduk authored
The new extension is like signature_algorithms, but only for the signature *on* the certificate we will present to the peer (the old signature_algorithms extension is still used for signatures that we *generate*, i.e., those over TLS data structures). We do not need to generate this extension, since we are the same implementation as our X.509 stack and can handle the same types of signatures, but we need to be prepared to receive it, and use the received information when selecting what certificate to present. There is a lot of interplay between signature_algorithms_cert and signature_algorithms, since both affect what certificate we can use, and thus the resulting signature algorithm used for TLS messages. So, apply signature_algorithms_cert (if present) as a filter on what certificates we can consider when choosing a certificate+sigalg pair. As part of this addition, we also remove the fallback code that let keys of type EVP_PKEY_RSA be used to generate RSA-PSS signatures -- the new rsa_pss_pss_* and rsa_pss_rsae_* signature schemes have pulled the key type into what is covered by the signature algorithm, so we should not apply this sort of compatibility workaround. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5068)
-
Benjamin Kaduk authored
These functions can now take both "sig+hash" strings and algorithm-specific identifiers like "rsa_pss_pss_sha256" that indicate a particular entry from the TLS signature algorithm registry. Also clarify that only the "_list" form allows for the new-style names (the non-"list" interfaces take sig and hasn NIDs, which cannot access all of the new-style schemes). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5068)
-
Benjamin Kaduk authored
Our historical SSL{,_CTX}_set_sigalgs() APIs take an array of NID pairs (hash and signature), and our parser for manually specifying unified sigalgs (that do not necessarily correspond to an actual signature+hash pair) was transiting via (the implementation of) this historical API. The TLS 1.3 draft-23 has introduced signature schemes that have identical signature type and hash type, differing only in the (RSA) public key OID, which prevents the rsa_pss_pss_* schemes from being properly identified and sent on the wire. To fix the issue, parse sigalg strings directly into SIGALG_LOOKUP objects, and pass around an array of uint16 wire protocol values instead of NID pairs. The old interface is retained for API compatibility but will become less and less useful with time. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5068)
-
Benjamin Kaduk authored
We now have a split in the signature algorithms codepoint space for whether the certificate's key is for rsaEncryption or a PSS-specific key, which should let us get rid of some special-casing that we previously needed to try to coax rsaEncryption keys into performing PSS. (This will be done in a subsequent commit.) Send the new PSS-with-PSS-specific key first in our list, so that we prefer the new technology to the old one. We need to update the expected certificate type in one test, since the "RSA-PSS+SHA256" form now corresponds to a public key of type rsaEncryption, so we should expect the server certificate type to be just "RSA". If we want to get a server certificate type of "RSA-PSS", we need to use a new signature algorithm that cannot be represented as signature+hash, so add a test for that as well. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5068)
-
Benjamin Kaduk authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5068)
-
Benjamin Kaduk authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5068)
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5152)
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5139)
-
- Jan 24, 2018
-
-
Christian Heimes authored
The getters for min and max proto version wrongly passed NULL instead of 0 as third argument to SSL_ctrl() and SSL_CTX_ctrl(). The third argument is not used, but the error results in a compiler warning: warning: passing argument 3 of ‘SSL_CTX_ctrl’ makes integer from pointer without a cast [-Wint-conversion] int v = SSL_CTX_get_max_proto_version(self->ctx); See https://github.com/openssl/openssl/pull/4364 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5128)
-
Steffan Karger authored
When using the SSL_CTX_get_min_min_version macro while compiling with -Wall, my compiler rightfully complains about this construction: warning: passing argument 3 of ‘SSL_CTX_ctrl’ makes integer from pointer without a cast [-Wint-conversion] These macro's should use 0, instead of NULL, for the third argument, like most other SSL_CTX_ctrl 'get' wrappers do. CLA: trivial Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5099)
-
David Cooper authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
-
David Cooper authored
Correct error return value in OCSP_basic_sign(). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
-
David Cooper authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
-
David Cooper authored
Make editorial changes suggested by Rich Salz and add the -rsigopt option to the man page for the ocsp command. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
-
David Cooper authored
Add a -rsigopt option to the ocsp command that allows signature parameters to be provided for the signing of OCSP responses. The parameters that may be provided to -rsigopt are the same as may be provided to -sigopt in the ca, req, and x509 commands. This PR also defines a OCSP_basic_sign_ctx() function, which functions in the same way as OCSP_basic_sign(), except that it accepts a EVP_MD_CTX rather than a key and digest. The OCSP_basic_sign_ctx() function is used to implement the -rsigopt option in the ocsp command. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
-
Todd Short authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5142)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Probably this is the CCS between the first and second ClientHellos. It should be ignored. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Fixes #4283 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Fixes some bugs identified during testing. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
This enables sending and receiving of the TLSv1.3 cookie on the server side as appropriate. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
This just adds the various extension functions. More changes will be required to actually use them. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5153)
-
Richard Levitte authored
We incorrectly assumed that explicit dependencies meant that the source directory would be added for inclusion. However, if the dependent file is generated, it's stored in the build directory, and that should be used for inclusion rather than the source directory. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5153)
-
Richard Levitte authored
This ensures that only one set of includes is associated with each object file, reagardless of where it's used. For example, if apps/build.info has this: SOURCE[openssl]=foo.c INCLUDE[openssl]=.. ../include and test/build.info has this: SOURCE[footest]=../apps/foo.c INCLUDE[footest]=../include The inclusion directories used for apps/foo.o would differ depending on which program's dependencies get generated first in the build file. With this change, all those INCLUDEs get combined into one set of inclusion directories tied to the object file. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5153)
-
- Jan 23, 2018
-
-
Pauli authored
Support added for these two digests, available only via the EVP interface. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5093)
-
Richard Levitte authored
EVP_PKEY_asn1_find_str() would search through standard asn1 methods first, then those added by the application, which EVP_PKEY_asn1_find() worked the other way around. Also, EVP_PKEY_asn1_find_str() didn't handle aliases. This change brings EVP_PKEY_asn1_find_str() closer to EVP_PKEY_asn1_find(). Fixes #5086 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5137)
-
Richard Levitte authored
This reverts commit d85722d3 . Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5137)
-
Benjamin Kaduk authored
The 'loop' variable is only used if EC is available. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5149)
-