wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Benjamin Kaduk fd5e1a8c4a Propagate TLS 1.3 sigalgs through tls1_set_sigalgs() 
Our historical SSL{,_CTX}_set_sigalgs() APIs take an array of
NID pairs (hash and signature), and our parser for manually
specifying unified sigalgs (that do not necessarily correspond
to an actual signature+hash pair) was transiting via (the implementation
of) this historical API.  The TLS 1.3 draft-23 has introduced
signature schemes that have identical signature type and hash type,
differing only in the (RSA) public key OID, which prevents
the rsa_pss_pss_* schemes from being properly identified and
sent on the wire.

To fix the issue, parse sigalg strings directly into SIGALG_LOOKUP
objects, and pass around an array of uint16 wire protocol values
instead of NID pairs.  The old interface is retained for API
compatibility but will become less and less useful with time.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5068)
2018-01-25 12:05:57 -06:00
..
record Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
statem Updates following review of SSL_stateless() code 2018-01-24 18:02:37 +00:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c More record layer conversions to use SSLfatal() 2017-12-08 16:42:02 +00:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Move ossl_assert 2017-08-03 10:48:00 +01:00
packet_locl.h TLS1.3 Padding 2017-05-02 09:44:43 +01:00
pqueue.c Update copyright header 2017-07-30 17:42:00 -04:00
s3_cbc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_enc.c Fix some formatting nits 2017-12-04 13:37:01 +00:00
s3_lib.c Alternate fix for ../test/recipes/80-test_ssl_old.t with no-ec 2017-12-27 16:37:22 +01:00
s3_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_asn1.c ssl/ssl_asn1.c: resolve warnings in VC-WIN32 build, which allows to add /WX. 2017-11-13 10:58:21 +01:00
ssl_cert.c Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
ssl_cert_table.h Add RSA-PSS key certificate type. 2017-09-20 12:50:23 +01:00
ssl_ciph.c Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
ssl_conf.c Send a CCS after ServerHello in TLSv1.3 if using middlebox compat mode 2017-12-14 15:06:37 +00:00
ssl_err.c Add support for sending TLSv1.3 cookies 2018-01-24 18:02:35 +00:00
ssl_init.c In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto() 2017-12-08 16:08:39 +01:00
ssl_lib.c Fix the SSL_stateless() return code 2018-01-24 18:02:36 +00:00
ssl_locl.h Propagate TLS 1.3 sigalgs through tls1_set_sigalgs() 2018-01-25 12:05:57 -06:00
ssl_mcnf.c Fix misc size_t issues causing Windows warnings in 64 bit 2016-11-04 12:09:46 +00:00
ssl_rsa.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_sess.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Convert more functions in ssl/statem/statem.c to use SSLfatal() 2017-12-04 13:31:48 +00:00
t1_lib.c Propagate TLS 1.3 sigalgs through tls1_set_sigalgs() 2018-01-25 12:05:57 -06:00
t1_trce.c Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
tls13_enc.c Convert more functions in ssl/statem/statem.c to use SSLfatal() 2017-12-04 13:31:48 +00:00
tls_srp.c Convert remaining functions in statem_clnt.c to use SSLfatal() 2017-12-04 13:31:48 +00:00