Commits · f61c5ca6ca183bf0a51651857e3efb02a98889ad · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 10, 2017

use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals · f61c5ca6

Iaroslav Gridin authored Oct 29, 2016



by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

f61c5ca6

fix for BSD cryptodev · 349b653a

Iaroslav Gridin authored Oct 29, 2016



by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

349b653a

Remove commented-out HMAC code · 2c5998dd

Iaroslav Gridin authored Oct 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2c5998dd

Style the code · 098eb1a7

Iaroslav Gridin authored Oct 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

098eb1a7

Remove unused ret variable · 807d2106

Iaroslav Gridin authored Oct 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

807d2106

Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev · 60cd1196

Iaroslav Gridin authored Oct 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

60cd1196

Add AES-ECB and 3DES-ECB to cryptodev · f53e0674

Iaroslav Gridin authored Oct 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

f53e0674

cryptodev: allow copying EVP contexts · f8e7fbd5

Nikos Mavrogiannopoulos authored Jul 04, 2014



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

f8e7fbd5

cryptodev: Fix issue with signature generation · efcad82b

Nikos Mavrogiannopoulos authored Nov 04, 2014



That patch also enables support for SHA2 hashes, and
removes support for hashes that were never supported by
cryptodev.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

efcad82b

Review comments · 1ed327f7

Rich Salz authored Jan 09, 2017



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

1ed327f7

Use typedefs for PSK, NPN, ALPN callback functions · 8cbfcc70

Rich Salz authored Dec 11, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

8cbfcc70

Move extension data into sub-structs · aff8c126

Rich Salz authored Dec 08, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)

aff8c126

Jan 09, 2017

Fix build issues with no-dh, no-dsa and no-ec · 18e3ab7b

Richard Levitte authored Jan 08, 2017



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192)

18e3ab7b

Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1 · c6d215e0

Bernd Edlinger authored Dec 23, 2016



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140

c6d215e0

Rename "verify_cb" to SSL_verify_cb · 3adc41dd

Rich Salz authored Jan 08, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)

3adc41dd

Doc nits: callback function typedefs · 121677b4

Rich Salz authored Dec 27, 2016



Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)

121677b4

Jan 08, 2017

Add server temp key type checks · 9c4319bd

Dr. Stephen Henson authored Jan 08, 2017



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)

9c4319bd

Add new ssl_test option. · b93ad05d

Dr. Stephen Henson authored Jan 08, 2017



Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)

b93ad05d

fix a few more style issues · c82bafc5

Dr. Stephen Henson authored Jan 07, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

c82bafc5

Documentation clarification and fixes. · 76951372

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

76951372

Remove unnecessary frees and style fixes. · f291138b

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

f291138b

fix typo and remove duplicate macro · f488976c

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

f488976c

Add documentation for PSS control operations. · c9165050

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

c9165050

Use more desciptive macro name rsa_pss_restricted() · bc1ea030

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

bc1ea030

style issues · b6b885c6

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

b6b885c6

free str on error · 285c7d9c

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

285c7d9c

clarify comment · 568b9cdc

Dr. Stephen Henson authored Jan 06, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

568b9cdc

fix various style issues · 52ad523c

Dr. Stephen Henson authored Jan 05, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

52ad523c

make update · d53b1dd4

Dr. Stephen Henson authored Jan 05, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

d53b1dd4

add test for invalid key parameters · 23d674e8

Dr. Stephen Henson authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

23d674e8

document RSA-PSS algorithm options · 7751098e

Dr. Stephen Henson authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

7751098e

add PSS key tests · 1b214685

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

1b214685

print errors in pkey utility · 0396a447

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

0396a447

make errors · 23b6699e

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

23b6699e

add parameter error · 635fe50f

Dr. Stephen Henson authored Jan 03, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

635fe50f

Set EVP_PKEY_CTX in SignerInfo · f7a21d85

Dr. Stephen Henson authored Dec 06, 2016



If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

f7a21d85

Only allow PSS padding for PSS keys. · 08be0331

Dr. Stephen Henson authored Dec 06, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

08be0331

Decode parameters properly. · b35b8d11

Dr. Stephen Henson authored Dec 06, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

b35b8d11

Return errors PKCS#7/CMS enveloped data ctrls and PSS · 186e48cd

Dr. Stephen Henson authored Dec 06, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

186e48cd

Add PSS parameter restrictions. · 59029ca1

Dr. Stephen Henson authored Dec 05, 2016



If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.

If the key parameters are invalid then verification or signing
initialisation returns an error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

59029ca1