#
17ae384e |
| 30-Jan-2017 |
Dr. Stephen Henson |
Add digest and key indices to table. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
|
#
8f88cb53 |
| 30-Jan-2017 |
Dr. Stephen Henson |
Add TLS 1.3 signing curve check Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
|
#
2b4418eb |
| 30-Jan-2017 |
Dr. Stephen Henson |
Only allow PSS signatures with RSA keys and TLS 1.3 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
|
#
f742cda8 |
| 30-Jan-2017 |
Dr. Stephen Henson |
Store table entry to peer signature algorithm. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
|
#
787ebcaf |
| 29-Jan-2017 |
Dr. Stephen Henson |
Update macros. Use TLS_MAX_SIGALGCNT for the maximum number of entries in the signature algorithms array. Use TLS_MAX_SIGSTRING_LEN for the maxiumum length of each signature
Update macros. Use TLS_MAX_SIGALGCNT for the maximum number of entries in the signature algorithms array. Use TLS_MAX_SIGSTRING_LEN for the maxiumum length of each signature component instead of a magic number. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
cdf516d9 |
| 29-Jan-2017 |
Dr. Stephen Henson |
Fix TLS 1.2 and no sigalgs. For TLS 1.2 if we have no signature algorithms extension then lookup using the complete table instead of (empty) shared signature algorithms list so we pi
Fix TLS 1.2 and no sigalgs. For TLS 1.2 if we have no signature algorithms extension then lookup using the complete table instead of (empty) shared signature algorithms list so we pick up defaults. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
4d43ee28 |
| 26-Jan-2017 |
Dr. Stephen Henson |
Replace TLS_SIGALGS with SIGALG_LOOKUP Since every supported signature algorithm is now an entry in the SIGALG_LOOKUP table we can replace shared signature algortihms with pointers t
Replace TLS_SIGALGS with SIGALG_LOOKUP Since every supported signature algorithm is now an entry in the SIGALG_LOOKUP table we can replace shared signature algortihms with pointers to constant table entries. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
8a43a42a |
| 26-Jan-2017 |
Dr. Stephen Henson |
Support TLS 1.3 signature scheme names. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openss
Support TLS 1.3 signature scheme names. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
edbfba1a |
| 26-Jan-2017 |
Dr. Stephen Henson |
Extend TLS 1.3 signature table. Add additional entries in the TLS 1.2 signature table to include the name, sig and hash NID (if any) and required curve (if any). Reviewed-by: Ri
Extend TLS 1.3 signature table. Add additional entries in the TLS 1.2 signature table to include the name, sig and hash NID (if any) and required curve (if any). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
Revision tags: OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
#
018031fa |
| 26-Jan-2017 |
Dr. Stephen Henson |
Use shared signature algorithm list to find type. Lookup the signature type in the shared list: we can use this to use PSS if the peer supports it for TLS 1.2. Reviewed-by: Rich
Use shared signature algorithm list to find type. Lookup the signature type in the shared list: we can use this to use PSS if the peer supports it for TLS 1.2. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
42ef7aea |
| 25-Jan-2017 |
Dr. Stephen Henson |
Add SSL_get_peer_signature_type_nid() function. Add function to retrieve signature type: in the case of RSA keys the signature type can be EVP_PKEY_RSA or EVP_PKEY_RSA_PSS. Revi
Add SSL_get_peer_signature_type_nid() function. Add function to retrieve signature type: in the case of RSA keys the signature type can be EVP_PKEY_RSA or EVP_PKEY_RSA_PSS. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
5554facb |
| 25-Jan-2017 |
Dr. Stephen Henson |
Store peer signature type. Store peer signature type in s->s3->tmp.peer_sigtype and check it to see if the peer used PSS. Reviewed-by: Richard Levitte <levitte@openssl.org>
Store peer signature type. Store peer signature type in s->s3->tmp.peer_sigtype and check it to see if the peer used PSS. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
b2eb6998 |
| 25-Jan-2017 |
Dr. Stephen Henson |
More complete PSS support. Extend support for PSS key signatures by using the EVP_PKEY_RSA_PSS type to distinguish them from PKCS1 signature types. Allow setting of PSS signatur
More complete PSS support. Extend support for PSS key signatures by using the EVP_PKEY_RSA_PSS type to distinguish them from PKCS1 signature types. Allow setting of PSS signature algorithms using the string "PSS" or "RSA-PSS". Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
98c792d1 |
| 25-Jan-2017 |
Dr. Stephen Henson |
Use uint16_t for signature scheme. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pul
Use uint16_t for signature scheme. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
40f805ad |
| 27-Jan-2017 |
Matt Caswell |
Various style fixes following review feedback Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
|
#
61c32649 |
| 27-Jan-2017 |
Matt Caswell |
Remove unneccessary comments Now we're using an enum the values themselves are self explanatory Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openss
Remove unneccessary comments Now we're using an enum the values themselves are self explanatory Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
ddf6ec00 |
| 20-Jan-2017 |
Matt Caswell |
Make the "ticket" function return codes clearer Remove "magic" return values and use an enum instead. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/
Make the "ticket" function return codes clearer Remove "magic" return values and use an enum instead. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
08191294 |
| 19-Jan-2017 |
Matt Caswell |
Use the correct session resumption mechanism Don't attempt to add a TLS1.3 session to a TLS1.2 ClientHello session ticket extensions. Similarly don't add a TLS1.2 session to a TLS1.3
Use the correct session resumption mechanism Don't attempt to add a TLS1.3 session to a TLS1.2 ClientHello session ticket extensions. Similarly don't add a TLS1.2 session to a TLS1.3 psk extension. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
1053a6e2 |
| 18-Jan-2017 |
Matt Caswell |
Implement Server side of PSK extension parsing Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
|
#
a9669ddc |
| 25-Jan-2017 |
Dr. Stephen Henson |
Use correct signature algorithm list when sending or checking. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2290)
|
Revision tags: OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
#
3e373518 |
| 19-Sep-2016 |
Rich Salz |
If client doesn't send curves list, don't assume all. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1597)
|
#
5eeb6c6e |
| 10-Jan-2017 |
Matt Caswell |
Fix no-ec following sigalgs refactor Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
|
#
7a531ee4 |
| 10-Jan-2017 |
Matt Caswell |
Fix tls1_set_sigalgs() length calculation The length passed to tls1_set_sigalgs() is a multiple of two and there are two char entries in the list for each sigalg. When we set client_
Fix tls1_set_sigalgs() length calculation The length passed to tls1_set_sigalgs() is a multiple of two and there are two char entries in the list for each sigalg. When we set client_sigalgslen or conf_sigalgslen this is the number of ints in the list where there is one entry per sigalg (i.e. half the length of the list passed to the function). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
show more ...
|
#
42ab2230 |
| 10-Jan-2017 |
Matt Caswell |
Add some missing sigalgs The SHA1 sigalgs were inadvertently missed off in the sigalgs refactor. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/opens
Add some missing sigalgs The SHA1 sigalgs were inadvertently missed off in the sigalgs refactor. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
show more ...
|
#
1b520cbb |
| 10-Jan-2017 |
Matt Caswell |
Fix a Travis failure Declare a variable as static to silence the warning Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
|