openssl/crypto
Todd Short 9d75dce3e1 Add TLSv1.3 post-handshake authentication (PHA)
Add SSL_verify_client_post_handshake() for servers to initiate PHA

Add SSL_force_post_handshake_auth() for clients that don't have certificates
initially configured, but use a certificate callback.

Update SSL_CTX_set_verify()/SSL_set_verify() mode:

* Add SSL_VERIFY_POST_HANDSHAKE to postpone client authentication until after
the initial handshake.

* Update SSL_VERIFY_CLIENT_ONCE now only sends out one CertRequest regardless
of when the certificate authentication takes place; either initial handshake,
re-negotiation, or post-handshake authentication.

Add 'RequestPostHandshake' and 'RequirePostHandshake' SSL_CONF options that
add the SSL_VERIFY_POST_HANDSHAKE to the 'Request' and 'Require' options

Add support to s_client:
* Enabled automatically when cert is configured
* Can be forced enabled via -force_pha

Add support to s_server:
* Use 'c' to invoke PHA in s_server
* Remove some dead code

Update documentation

Update unit tests:
* Illegal use of PHA extension
* TLSv1.3 certificate tests

DTLS and TLS behave ever-so-slightly differently. So, when DTLS1.3 is
implemented, it's PHA support state machine may need to be different.
Add a TODO and a #error

Update handshake context to deal with PHA.

The handshake context for TLSv1.3 post-handshake auth is up through the
ClientFinish message, plus the CertificateRequest message. Subsequent
Certificate, CertificateVerify, and Finish messages are based on this
handshake context (not the Certificate message per se, but it's included
after the hash). KeyUpdate, NewSessionTicket, and prior Certificate
Request messages are not included in post-handshake authentication.

After the ClientFinished message is processed, save off the digest state
for future post-handshake authentication. When post-handshake auth occurs,
copy over the saved handshake context into the "main" handshake digest.
This effectively discards the any KeyUpdate or NewSessionTicket messages
and any prior post-handshake authentication.

This, of course, assumes that the ID-22 did not mean to include any
previous post-handshake authentication into the new handshake transcript.
This is implied by section 4.4.1 that lists messages only up to the
first ClientFinished.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4964)
2018-02-01 17:07:56 +00:00
..
aes Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
aria Fix potential null problem. 2017-09-01 09:30:18 +10:00
asn1 Fix error-path memory leak in asn_mime.c 2018-01-24 18:12:21 +00:00
async Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
bf Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
bio Revert the crypto "global lock" implementation 2018-01-31 12:25:28 -06:00
blake2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
bn Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
buffer Remove parentheses of return. 2017-10-18 16:05:06 +01:00
camellia Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
cast Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
chacha Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
cmac Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2017-03-01 11:42:50 +01:00
cms Check for malloc failure 2017-11-27 14:47:42 -05:00
comp Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
conf Resolve warnings in VC-WIN32 build, which allows to add /WX. 2017-11-13 10:58:57 +01:00
ct Null pointer used. 2017-09-18 06:52:13 +10:00
des Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
dh Support public key and param check in EVP interface 2017-11-20 07:20:30 +01:00
dsa Check return value of OBJ_nid2obj in dsa_pub_encode. 2017-11-03 15:46:51 +01:00
dso Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ec Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
engine Revert the crypto "global lock" implementation 2018-01-31 12:25:28 -06:00
err Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
evp SHA512/224 and SHA512/256 2018-01-24 07:09:46 +10:00
hmac Remove OPENSSL_assert() from crypto/hmac 2017-08-21 08:44:44 +01:00
idea Remove parentheses of return. 2017-10-18 16:05:06 +01:00
include/internal SHA512/224 and SHA512/256 2018-01-24 07:09:46 +10:00
kdf More updates following review feedback 2017-08-21 08:44:44 +01:00
lhash lhash.c: Replace Unicode EN DASH with the ASCII char '-'. 2017-11-11 12:44:09 +01:00
md2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
md4 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
md5 Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
mdc2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
modes Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
objects Revert the crypto "global lock" implementation 2018-01-31 12:25:28 -06:00
ocsp Add documentation for the OCSP_basic_sign() and OCSP_basic_sign_ctx() functions. 2018-01-24 18:30:31 +00:00
pem Remove parentheses of return. 2017-10-18 16:05:06 +01:00
perlasm Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
pkcs7 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
pkcs12 Add checks for alloc failing. 2017-09-06 09:52:16 -04:00
poly1305 poly1305/poly1305_ieee754.c: add support for MIPS. 2018-01-31 22:14:29 +01:00
rand Revert the crypto "global lock" implementation 2018-01-31 12:25:28 -06:00
rc2 Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
rc4 Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
rc5 Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
ripemd Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
rsa Minor cleanup of the rsa mp limits code 2017-12-13 17:29:01 +01:00
seed Use _WIN32 over WIN32 for preprocessor conditional 2017-02-16 08:59:47 -05:00
sha Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
siphash Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
sm3 SM3: restructure to EVP internal and update doc to right location 2017-11-06 07:21:15 +08:00
sm4 SM4: Add SM4 block cipher to EVP 2017-10-31 15:19:14 +10:00
srp Remove custom base64 code. 2017-08-22 11:03:32 -04:00
stack Add sk_TYPE_new_reserve() function 2017-10-26 09:35:36 +10:00
store Revert the crypto "global lock" implementation 2018-01-31 12:25:28 -06:00
ts struct timeval include guards 2017-09-01 09:55:43 +10:00
txt_db Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ui Removre comment with user's name 2017-11-08 10:37:52 -05:00
whrlpool Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
x509 Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
x509v3 Add accessors for AdmissionSyntax 2018-01-22 11:29:52 -05:00
alphacpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
arm64cpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
arm_arch.h Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
armcap.c Create a prototype for OPENSSL_rdtsc 2017-11-25 14:30:11 +01:00
armv4cpuid.pl ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 2017-02-15 23:16:01 +01:00
build.info Processing GNU-style "make variables" - separate CPP flags from C flags 2018-01-28 07:26:10 +01:00
c64xpluscpuid.pl Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
cpt_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
cryptlib.c Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
ctype.c Check for EOF in ASCII conversions. 2017-08-25 06:42:17 +10:00
cversion.c Fix SOURCE_DATE_EPOCH bug; use UTC 2017-11-27 14:34:14 -05:00
dllmain.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ebcdic.c Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
ex_data.c Revert the crypto "global lock" implementation 2018-01-31 12:25:28 -06:00
ia64cpuid.S Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
init.c Restore clearing of init_lock after free 2018-01-31 12:25:28 -06:00
LPdir_nyi.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_unix.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_vms.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win32.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_wince.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
mem.c Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
mem_clr.c Fix some style issues... 2016-08-02 09:59:23 +02:00
mem_dbg.c Revert the crypto "global lock" implementation 2018-01-31 12:25:28 -06:00
mem_sec.c Revert the crypto "global lock" implementation 2018-01-31 12:25:28 -06:00
mips_arch.h Remove trailing whitespace from some files. 2016-10-10 23:36:21 +01:00
o_dir.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
o_fips.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_fopen.c Fix a few if(, for(, while( inside code. 2016-07-20 07:21:53 -04:00
o_init.c Use "" not <> on e_os.h include 2017-08-22 11:07:56 -04:00
o_str.c Revert "GH614: Use memcpy()/strdup() when possible" 2017-09-14 10:26:54 +10:00
o_time.c Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
pariscid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
ppc_arch.h GH919: Fix wrappers for two headers 2016-05-24 11:04:38 -04:00
ppccap.c crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 2017-04-02 20:45:59 +02:00
ppccpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
s390x_arch.h Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
s390xcap.c s390x assembly pack: extend s390x capability vector. 2017-10-30 14:31:32 +01:00
s390xcpuid.pl Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
sparc_arch.h Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
sparccpuid.S Clean up references to FIPS 2017-02-28 15:26:25 +01:00
sparcv9cap.c Create a prototype for OPENSSL_rdtsc 2017-11-25 14:30:11 +01:00
threads_none.c Add atomic write call 2017-10-10 08:45:53 +10:00
threads_pthread.c Return a value from atomic read on Windows. 2017-10-11 09:47:54 +10:00
threads_win.c Return a value from atomic read on Windows. 2017-10-11 09:47:54 +10:00
uid.c Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags 2017-03-29 07:35:59 +02:00
vms_rms.h Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
x86_64cpuid.pl crypto/x86_64cpuid.pl: suppress AVX512F flag on Skylake-X. 2017-12-08 12:57:09 +01:00
x86cpuid.pl Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00