wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Benjamin Kaduk c589c34e61 Add support for the TLS 1.3 signature_algorithms_cert extension 
The new extension is like signature_algorithms, but only for the
signature *on* the certificate we will present to the peer (the
old signature_algorithms extension is still used for signatures that
we *generate*, i.e., those over TLS data structures).

We do not need to generate this extension, since we are the same
implementation as our X.509 stack and can handle the same types
of signatures, but we need to be prepared to receive it, and use the received
information when selecting what certificate to present.

There is a lot of interplay between signature_algorithms_cert and
signature_algorithms, since both affect what certificate we can
use, and thus the resulting signature algorithm used for TLS messages.
So, apply signature_algorithms_cert (if present) as a filter on what
certificates we can consider when choosing a certificate+sigalg
pair.

As part of this addition, we also remove the fallback code that let
keys of type EVP_PKEY_RSA be used to generate RSA-PSS signatures -- the
new rsa_pss_pss_* and rsa_pss_rsae_* signature schemes have pulled
the key type into what is covered by the signature algorithm, so
we should not apply this sort of compatibility workaround.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5068)
2018-01-25 12:57:22 -06:00
..
aes Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
aria Fix potential null problem. 2017-09-01 09:30:18 +10:00
asn1 Fix error-path memory leak in asn_mime.c 2018-01-24 18:12:21 +00:00
async Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
bf Remove parentheses of return. 2017-10-18 16:05:06 +01:00
bio Fix setting of IPV6_V6ONLY on Windows 2018-01-25 15:16:18 +01:00
blake2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
bn Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
buffer Remove parentheses of return. 2017-10-18 16:05:06 +01:00
camellia Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
cast e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
chacha chacha/asm/chacha-x86_64.pl: add AVX512VL code path. 2017-12-08 12:57:49 +01:00
cmac Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2017-03-01 11:42:50 +01:00
cms Check for malloc failure 2017-11-27 14:47:42 -05:00
comp Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
conf Resolve warnings in VC-WIN32 build, which allows to add /WX. 2017-11-13 10:58:57 +01:00
ct Null pointer used. 2017-09-18 06:52:13 +10:00
des Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
dh Support public key and param check in EVP interface 2017-11-20 07:20:30 +01:00
dsa Check return value of OBJ_nid2obj in dsa_pub_encode. 2017-11-03 15:46:51 +01:00
dso Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ec Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
engine Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
err Add support for the TLS 1.3 signature_algorithms_cert extension 2018-01-25 12:57:22 -06:00
evp SHA512/224 and SHA512/256 2018-01-24 07:09:46 +10:00
hmac Remove OPENSSL_assert() from crypto/hmac 2017-08-21 08:44:44 +01:00
idea Remove parentheses of return. 2017-10-18 16:05:06 +01:00
include/internal SHA512/224 and SHA512/256 2018-01-24 07:09:46 +10:00
kdf More updates following review feedback 2017-08-21 08:44:44 +01:00
lhash lhash.c: Replace Unicode EN DASH with the ASCII char '-'. 2017-11-11 12:44:09 +01:00
md2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
md4 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
md5 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
mdc2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
modes Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
objects SHA512/224 and SHA512/256 2018-01-24 07:09:46 +10:00
ocsp Add documentation for the OCSP_basic_sign() and OCSP_basic_sign_ctx() functions. 2018-01-24 18:30:31 +00:00
pem Remove parentheses of return. 2017-10-18 16:05:06 +01:00
perlasm Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
pkcs7 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
pkcs12 Add checks for alloc failing. 2017-09-06 09:52:16 -04:00
poly1305 poly1305/asm/poly1305-x86_64.pl: add Knights Landing AVX512 result. 2017-12-23 16:06:25 +01:00
rand Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
rc2 Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
rc4 Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
rc5 Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
ripemd Remove parentheses of return. 2017-10-18 16:05:06 +01:00
rsa Minor cleanup of the rsa mp limits code 2017-12-13 17:29:01 +01:00
seed Use _WIN32 over WIN32 for preprocessor conditional 2017-02-16 08:59:47 -05:00
sha SHA512/224 and SHA512/256 2018-01-24 07:09:46 +10:00
siphash Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
sm3 SM3: restructure to EVP internal and update doc to right location 2017-11-06 07:21:15 +08:00
sm4 SM4: Add SM4 block cipher to EVP 2017-10-31 15:19:14 +10:00
srp Remove custom base64 code. 2017-08-22 11:03:32 -04:00
stack Add sk_TYPE_new_reserve() function 2017-10-26 09:35:36 +10:00
store Address some code-analysis issues. 2017-12-08 10:49:41 -05:00
ts struct timeval include guards 2017-09-01 09:55:43 +10:00
txt_db Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ui Removre comment with user's name 2017-11-08 10:37:52 -05:00
whrlpool Remove parentheses of return. 2017-10-18 16:05:06 +01:00
x509 Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
x509v3 Add accessors for AdmissionSyntax 2018-01-22 11:29:52 -05:00
alphacpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
arm64cpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
arm_arch.h Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
armcap.c Create a prototype for OPENSSL_rdtsc 2017-11-25 14:30:11 +01:00
armv4cpuid.pl ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 2017-02-15 23:16:01 +01:00
build.info s390x assembly pack: add KMA code path for aes-gcm. 2018-01-07 21:51:57 +01:00
c64xpluscpuid.pl Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
cpt_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
cryptlib.c Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
ctype.c Check for EOF in ASCII conversions. 2017-08-25 06:42:17 +10:00
cversion.c Fix SOURCE_DATE_EPOCH bug; use UTC 2017-11-27 14:34:14 -05:00
dllmain.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ebcdic.c Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
ex_data.c Remove unnecessary #include <openssl/lhash.h> directives. 2017-09-29 07:38:56 +10:00
ia64cpuid.S Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
init.c Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
LPdir_nyi.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_unix.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_vms.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win32.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_wince.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
mem.c Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
mem_clr.c Fix some style issues... 2016-08-02 09:59:23 +02:00
mem_dbg.c Add CRYPTO_get_alloc_counts. 2017-10-12 22:04:12 -04:00
mem_sec.c Add a configure option to opt-out secure memory 2018-01-21 16:08:30 +01:00
mips_arch.h Remove trailing whitespace from some files. 2016-10-10 23:36:21 +01:00
o_dir.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
o_fips.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_fopen.c Fix a few if(, for(, while( inside code. 2016-07-20 07:21:53 -04:00
o_init.c Use "" not <> on e_os.h include 2017-08-22 11:07:56 -04:00
o_str.c Revert "GH614: Use memcpy()/strdup() when possible" 2017-09-14 10:26:54 +10:00
o_time.c Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
pariscid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
ppc_arch.h GH919: Fix wrappers for two headers 2016-05-24 11:04:38 -04:00
ppccap.c crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 2017-04-02 20:45:59 +02:00
ppccpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
s390x_arch.h Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
s390xcap.c s390x assembly pack: extend s390x capability vector. 2017-10-30 14:31:32 +01:00
s390xcpuid.pl Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
sparc_arch.h Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
sparccpuid.S Clean up references to FIPS 2017-02-28 15:26:25 +01:00
sparcv9cap.c Create a prototype for OPENSSL_rdtsc 2017-11-25 14:30:11 +01:00
threads_none.c Add atomic write call 2017-10-10 08:45:53 +10:00
threads_pthread.c Return a value from atomic read on Windows. 2017-10-11 09:47:54 +10:00
threads_win.c Return a value from atomic read on Windows. 2017-10-11 09:47:54 +10:00
uid.c Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags 2017-03-29 07:35:59 +02:00
vms_rms.h Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
x86_64cpuid.pl crypto/x86_64cpuid.pl: suppress AVX512F flag on Skylake-X. 2017-12-08 12:57:09 +01:00
x86cpuid.pl Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00