Commit Graph

18740 Commits

Author SHA1 Message Date
Matt Caswell
7a531ee460 Fix tls1_set_sigalgs() length calculation
The length passed to tls1_set_sigalgs() is a multiple of two and there are
two char entries in the list for each sigalg. When we set
client_sigalgslen or conf_sigalgslen this is the number of ints in the list
where there is one entry per sigalg (i.e. half the length of the list passed
to the function).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:51 +00:00
Matt Caswell
42ab223000 Add some missing sigalgs
The SHA1 sigalgs were inadvertently missed off in the sigalgs refactor.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:51 +00:00
Matt Caswell
0cc092f8a3 Fix an uninit read picked up by Travis
The siglen value needs to be initialised prior to it being read in the
call to EVP_DigestSignFinal later in this function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:51 +00:00
Matt Caswell
1b520cbb6a Fix a Travis failure
Declare a variable as static to silence the warning

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
a2de794304 Add some signature tests
Check that signatures actually work, and that an incorrect signature
results in a handshake failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
357d096a29 Teach TLSProxy how to re-encrypt a TLSv1.3 message after changes
This enables us to make changes to in-flight TLSv1.3 messages that appear
after the ServerHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
79d8c16785 Extend ServerKeyExchange parsing to work with a signature
Previously SKE in TLSProxy only knew about one anonymous ciphersuite so
there was never a signature. Extend that to include a ciphersuite that is
not anonymous. This also fixes a bug where the existing SKE processing was
checking against the wrong anon ciphersuite value. This has a knock on
impact on the sslskewith0p test. The bug meant the test was working...but
entirely by accident!

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
adb403dea9 Teach TLSProxy about the CertificateVerify message
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
7842505190 Teach SSL_trace about the new sigalgs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
cd61b55f87 Add a sigalg test to check we only allow sigalgs we sent
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
fe3066ee40 Extend PSS signature support to TLSv1.2
TLSv1.3 introduces PSS based sigalgs. Offering these in a TLSv1.3 client
implies that the client is prepared to accept these sigalgs even in
TLSv1.2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
16abbd11cd Fix test_sslversions to know that TLSv1.3 sets record version to TLSv1.0
This also acts as a test for the bug fixed in the previous commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
d24c6a34ce Always use TLSv1.0 for record layer version in TLSv1.3
TLSv1.3 freezes the record layer version and ensures that it is always set
to TLSv1.0. Some implementations check this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
710eb47fdd Add a TLS1.3 TODO for setting of sig algs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
6f68a52ebf Add some sig algs tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
523fb3233a Ignore PKCS1 based sig algs in TLSv1.3
In TLSv1.3 we must use PSS based sig algs for RSA signing. Ignore any
shared sig algs which are PKCS1 based.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
0490431272 Verify that the sig algs extension has been sent for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
ace081c1ed Fix client application traffic secret
A misreading of the TLS1.3 spec meant we were using the handshake hashes
up to and including the Client Finished to calculate the client
application traffic secret. We should be only use up until the Server
Finished.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
4954fd13b3 Temporarily ignore NewSessionTickets for TLS1.3
We can't handle these messages yet, so ignore them for now.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
6612d87b89 Use the correct size for TLSv1.3 finished keys
We need to use the length of the handshake hash for the length of the
finished key.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
ac77aa9a1c Ensure the record sequence number gets incremented
We were not incrementing the sequence number every time we sent/received
a record.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
63c1df0983 Remove some unneeded functions
The sigalgs work has made some old lookup tables and functions redundant
so remove them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
536199ece0 Use NIDs instead of the old TLSv1.2 sigalgs hash and sig ids
We had an extra layer of indirection in looking up hashes and sigs based
on sigalgs which is now no longer necessary. This removes it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
2ec6cb3385 Remove a redundant function
The extensions refactor made this function redundant so we can remove it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
703bcee021 Convert Sigalgs processing to use ints
In TLSv1.2 an individual sig alg is represented by 1 byte for the hash
and 1 byte for the signature. In TLSv1.3 each sig alg is represented by
two bytes, where the two bytes together represent a single hash and
signature combination. This converts the internal representation of sigalgs
to use a single int for the pair, rather than a pair of bytes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
5f9b64a2fd Sign CertificateVerify messages using PSS padding
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
2c5dfdc357 Make CertificateVerify TLS1.3 aware
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
d8bc139978 Move Certificate Verify construction and processing into statem_lib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
3f305a80e9 Add a TODO(TLS1.3) around certificate selection
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Rich Salz
684b16953b Fix typo in Blake2 function names
Fixes GitHub issue 2169.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2207)
2017-01-10 16:36:03 -05:00
Kurt Roeckx
676befbeb7 Print the X509 version signed, and convert to unsigned for the hex version.
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754
2017-01-10 22:27:37 +01:00
Richard Levitte
d95743047e Only enable CRYPTO_3DES_ECB if that name is an existing macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
2017-01-10 14:59:39 +01:00
Richard Levitte
374d543f29 Small fixes of cryptodev engine
- guard CRYPTO_3DES_CBC
- add a missing cast

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
2017-01-10 14:59:39 +01:00
Matt Caswell
290a0419f0 Mark a HelloRequest record as read if we ignore it
Otherwise the client will try to process it again. The second time around
it will try and move the record data into handshake fragment storage and
realise that there is no data left. At that point it marks it as read
anyway. However, it is a bug that we go around the loop a second time, so
we prevent that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2200)
2017-01-10 12:30:15 +00:00
Iaroslav Gridin
f61c5ca6ca use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals
by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
349b653a99 fix for BSD cryptodev
by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
2c5998dde6 Remove commented-out HMAC code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
098eb1a7b7 Style the code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
807d21066f Remove unused ret variable
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
60cd1196a2 Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
f53e067451 Add AES-ECB and 3DES-ECB to cryptodev
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Nikos Mavrogiannopoulos
f8e7fbd53f cryptodev: allow copying EVP contexts
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Nikos Mavrogiannopoulos
efcad82bb8 cryptodev: Fix issue with signature generation
That patch also enables support for SHA2 hashes, and
removes support for hashes that were never supported by
cryptodev.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Rich Salz
1ed327f7df Review comments
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
2017-01-09 22:26:47 -05:00
Rich Salz
8cbfcc70bf Use typedefs for PSK, NPN, ALPN callback functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
2017-01-09 22:26:47 -05:00
Rich Salz
aff8c126fd Move extension data into sub-structs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
2017-01-09 22:26:47 -05:00
Richard Levitte
18e3ab7bc4 Fix build issues with no-dh, no-dsa and no-ec
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192)
2017-01-09 22:45:47 +01:00
Bernd Edlinger
c6d215e0d2 Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140
2017-01-09 22:23:31 +01:00
Rich Salz
3adc41dd22 Rename "verify_cb" to SSL_verify_cb
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
2017-01-09 16:09:50 -05:00
Rich Salz
121677b487 Doc nits: callback function typedefs
Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
2017-01-09 16:09:50 -05:00