summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_sigalgs.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Forcibly ensure that only PSS may be used with RSA in TLS 1.3.beck2020-05-091-2/+8
| | | | | | | This prevents us from incorrectly choosing a PKCS1 based signature if the client advertises support for them but also prefers them to PSS such as appears to be the case with gnuTLS. ok jsing@
* Correct subtle bug in sigalgs, only care about curve_nid if we arebeck2019-04-011-4/+4
| | | | | checking the curve. ok jsing@ tb@
* Strip out all of the pkey to sigalg and sigalg to pkey linkages.jsing2019-03-251-21/+1
| | | | | | These are no longer used now that we defer signature algorithm selection. ok beck@
* Defer sigalgs selection until the certificate is known.jsing2019-03-251-5/+79
| | | | | | | | | | | | | Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.
* Avoid an internal 2 byte overread in ssl_sigalgs().jsing2019-03-191-7/+2
| | | | | | Found by oss-fuzz, fixes issue #13797. ok beck@ tb@
* Remove SHA224 based sigalgs from use in TLS 1.2 as SHA224 is deprecated.beck2019-01-241-6/+1
| | | | | Remove GOST based sigalgs from TLS 1.2 since they don't work with TLS 1.2. ok jsing@
* Correct ECDSA_SECP512R1 typo to ECDSA_SECP521R1beck2019-01-231-4/+4
| | | | spotted by naddy@
* Modify sigalgs extension processing to accomodate TLS 1.3.beck2019-01-231-2/+19
| | | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@
* revert previous, accidentally contained another diff in additionbeck2019-01-231-19/+2
| | | | to the one I intended to commit
* Modify sigalgs extension processing for TLS 1.3.beck2019-01-231-2/+19
| | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
* Unbreak legacy ciphers for prior to 1.1 by setting having a legacybeck2018-11-161-3/+12
| | | | | sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@
* In TLS1.2 we use evp_sha1 if we fall back this far, not evp_md5_sha1 as in 1.1beck2018-11-141-2/+2
| | | | Makes connections to outlook.office365.com work
* Temporary workaround for breakage seen in www.videolan.org with curve mismatchbeck2018-11-131-3/+4
|
* Fix pkey_ok to be less strange, and add cuve checks required for the EC onesbeck2018-11-131-9/+26
| | | | ok tb@
* Add check function to verify that pkey is usable with a sigalg.beck2018-11-111-1/+17
| | | | | Include check for appropriate RSA key size when used with PSS. ok tb@
* Convert signatures and verifcation to use the EVP_DigestXXX apibeck2018-11-111-3/+1
| | | | | | to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
* Remove dead codebeck2018-11-101-14/+1
| | | | ok jsing@
* Stop keeping track of sigalgs by guessing it from digest and pkey,beck2018-11-101-16/+5
| | | | | | just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
* Ensure we only choose sigalgs from our prefernce list, not the whole listbeck2018-11-091-4/+11
| | | | ok jsing@
* Add the ability to have a separate priority list for sigalgs.beck2018-11-091-6/+34
| | | | | Add a priority list for tls 1.2 ok jsing@
* Reimplement the sigalgs processing code into a new implementationbeck2018-11-091-0/+218
that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 05:36:32 +0000