Commits · f1adb0068fb04abbadf3ebbb105146bc75094197 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 31, 2017

Dr. Stephen Henson authored Jan 30, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)

f1adb006

Remove peer_md and use peer_sigalg instead. · 6cbebb55

Dr. Stephen Henson authored Jan 30, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)

6cbebb55

Simplify sigalgs code. · 44b6318f

Dr. Stephen Henson authored Jan 30, 2017



Remove unnecessary lookup operations: use the indices and data in the
lookup table directly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)

44b6318f

Add digest and key indices to table. · 17ae384e

Dr. Stephen Henson authored Jan 30, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)

17ae384e

Don't check certificate type against ciphersuite for TLS 1.3 · 05b8486e
Dr. Stephen Henson authored Jan 30, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)
```
05b8486e

Add TLS 1.3 signing curve check · 8f88cb53

Dr. Stephen Henson authored Jan 30, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)

8f88cb53

Only allow PSS signatures with RSA keys and TLS 1.3 · 2b4418eb

Dr. Stephen Henson authored Jan 30, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)

2b4418eb

Store table entry to peer signature algorithm. · f742cda8

Dr. Stephen Henson authored Jan 30, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)

f742cda8

Jan 30, 2017

Free up the memory for the NewSessionTicket extensions · 33d93417

Matt Caswell authored Jan 30, 2017



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2326)

33d93417

Make sure we free and cleanse the pms value in all code paths · c8ab3a46

Matt Caswell authored Jan 30, 2017



Otherwise we get a memory leak.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2326)

c8ab3a46

Update macros. · 787ebcaf

Dr. Stephen Henson authored Jan 29, 2017



Use TLS_MAX_SIGALGCNT for the maximum number of entries in the
signature algorithms array.

Use TLS_MAX_SIGSTRING_LEN for the maxiumum length of each signature
component instead of a magic number.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

787ebcaf

fix style issues · 91410d40

Dr. Stephen Henson authored Jan 29, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

91410d40

Fix TLS 1.2 and no sigalgs. · cdf516d9

Dr. Stephen Henson authored Jan 29, 2017



For TLS 1.2 if we have no signature algorithms extension then lookup
using the complete table instead of (empty) shared signature algorithms
list so we pick up defaults.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

cdf516d9

Use PSS for simple test so TLS 1.3 handhake is successful. · d8979bdd

Dr. Stephen Henson authored Jan 28, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

d8979bdd

Add tests for client and server signature type · a92e710b

Dr. Stephen Henson authored Jan 27, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

a92e710b

Add test support for TLS signature types. · 54b7f2a5

Dr. Stephen Henson authored Jan 27, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

54b7f2a5

Update documentation · a593cffe

Dr. Stephen Henson authored Jan 27, 2017



Add details of the use of PSS for signature algorithms.

Document SSL_get_peer_signature_nid() and SSL_get_peer_signature_type_nid().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

a593cffe

make update · 377c5e98

Dr. Stephen Henson authored Jan 27, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

377c5e98

Replace TLS_SIGALGS with SIGALG_LOOKUP · 4d43ee28

Dr. Stephen Henson authored Jan 26, 2017



Since every supported signature algorithm is now an entry in the
SIGALG_LOOKUP table we can replace shared signature algortihms with
pointers to constant table entries.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

4d43ee28

Support TLS 1.3 signature scheme names. · 8a43a42a

Dr. Stephen Henson authored Jan 26, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

8a43a42a

Extend TLS 1.3 signature table. · edbfba1a

Dr. Stephen Henson authored Jan 26, 2017



Add additional entries in the TLS 1.2 signature table to include
the name, sig and hash NID (if any) and required curve (if any).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

edbfba1a

Use shared signature algorithm list to find type. · 018031fa

Dr. Stephen Henson authored Jan 26, 2017



Lookup the signature type in the shared list: we can use this to
use PSS if the peer supports it for TLS 1.2.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

018031fa

Add SSL_get_peer_signature_type_nid() function. · 42ef7aea

Dr. Stephen Henson authored Jan 25, 2017



Add function to retrieve signature type: in the case of RSA
keys the signature type can be EVP_PKEY_RSA or EVP_PKEY_RSA_PSS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

42ef7aea

Store peer signature type. · 5554facb

Dr. Stephen Henson authored Jan 25, 2017



Store peer signature type in s->s3->tmp.peer_sigtype and check it
to see if the peer used PSS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

5554facb

More complete PSS support. · b2eb6998

Dr. Stephen Henson authored Jan 25, 2017



Extend support for PSS key signatures by using the EVP_PKEY_RSA_PSS type
to distinguish them from PKCS1 signature types.

Allow setting of PSS signature algorithms using the string "PSS" or
"RSA-PSS".

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

b2eb6998

Use uint16_t for signature scheme. · 98c792d1

Dr. Stephen Henson authored Jan 25, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

98c792d1

use RSA_PSS_SALTLEN_DIGEST constant · 968ae5b3

Dr. Stephen Henson authored Jan 25, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

968ae5b3

Expand comment in tls_process_hello_req() · 1f04f23e

Matt Caswell authored Jan 27, 2017



Following review feedback.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

1f04f23e

Add a TODO around validating the ticket age · 1b8bacff

Matt Caswell authored Jan 27, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

1b8bacff

Various style fixes following review feedback · 40f805ad

Matt Caswell authored Jan 27, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

40f805ad

Remove unneccessary comments · 61c32649

Matt Caswell authored Jan 27, 2017



Now we're using an enum the values themselves are self explanatory

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

61c32649

Use for loop in WPACKET_fill_lengths instead of do...while · fed60a78

Matt Caswell authored Jan 27, 2017



Based on review feedback

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

fed60a78

Move the SSL3_CK_CIPHERSUITE_FLAG out of public header · 34f7245b

Matt Caswell authored Jan 27, 2017



The newly added SSL3_CK_CIPHERSUITE_FLAG shouldn't be in a public header
file

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

34f7245b

Add a test for the PSK kex modes extension · 3ae6b5f8

Matt Caswell authored Jan 25, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

3ae6b5f8

If we have no suitable PSK kex modes then don't attempt to resume · 1a9f457c
Matt Caswell authored Jan 25, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
```
1a9f457c

Fix <= TLS1.2 break · 1a3392c8

Matt Caswell authored Jan 23, 2017



Changing the value of SSL_MAX_MASTER_KEY_LENGTH had some unexpected
side effects in the <=TLS1.2 code which apparently relies on this being
48 for interoperability. Therefore create a new define for the TLSv1.3
resumption master secret which can be up to 64 bytes.

Found through the boring test suite.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

1a3392c8

Add a test for WPACKET_fill_lengths() · 34254342

Matt Caswell authored Jan 23, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

34254342

Enable wpacket test on shared builds · e463cb39

Matt Caswell authored Jan 23, 2017



Now that we support internal tests properly, we can test wpacket even in
shared builds.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

e463cb39

Make calls to SSL_renegotiate() error out for TLSv1.3 · 2c0980d2

Matt Caswell authored Jan 20, 2017



When we have support for KeyUpdate we might consider doing that instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

2c0980d2

Make the "ticket" function return codes clearer · ddf6ec00

Matt Caswell authored Jan 20, 2017



Remove "magic" return values and use an enum instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

ddf6ec00