summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_sigalgs.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove GOST and STREEBOG support from libssl.beck2024-02-031-9/+1
| | | | | | | | | | | | | | | | | | This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
* Rename uses 'curve' to 'group' and rework tls1 group API.tb2022-07-021-2/+2
| | | | | | | | | | This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing
* Check the security level when building sigalgstb2022-06-291-2/+2
| | | | ok beck jsing
* Annotate sigalgs with their security level.tb2022-06-291-1/+2
| | | | ok beck jsing
* Make various sigalg functions static now that they're only used internally.jsing2021-06-291-6/+1
|
* Provide a ssl_sigalg_for_peer() function and use in the TLSv1.3 code.jsing2021-06-291-1/+3
| | | | | | | | | | | | Provide an ssl_sigalg_for_peer() function that knows how to figure out which signature algorithm should be used for a peer provided signature, performing appropriate validation to ensure that the peer provided value is suitable for the protocol version and key in use. In the TLSv1.3 code, this replaces the need for separate calls to lookup the sigalg from the peer provided value, then perform validation. ok inoguchi@ tb@
* Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().jsing2021-06-291-3/+3
| | | | | | | | Also, rather than passing in a check_curve flag, pass in the SSL * and handle version checks internally to ssl_sigalg_pkey_ok(), simplifying the callers. ok inoguchi@ tb@
* Change ssl_sigalgs_from_value() to perform sigalg list selection.jsing2021-06-271-10/+4
| | | | | | | | | Rather that passing in a sigalg list at every call site, pass in the appropriate TLS version and have ssl_sigalgs_from_value() perform the sigalg list selection itself. This allows the sigalg lists to be made internal to the sigalgs code. ok tb@
* Rename ssl_sigalg() to ssl_sigalg_from_value().jsing2021-06-271-2/+3
| | | | | | | This makes the code more self-documenting and avoids the ambiguity between ssl_sigalg the struct and ssl_sigalg the function. ok tb@
* Change ssl_sigalgs_build() to perform sigalg list selection.jsing2021-06-271-2/+2
| | | | | | | | | Rather that doing sigalg list selection at every call site, pass in the appropriate TLS version and have ssl_sigalgs_build() perform the sigalg list selection itself. This reduces code duplication, simplifies the calling code and is the first step towards internalising the sigalg lists. ok tb@
* Keep sigalg initialiser order consistent - key type, then hash.jsing2021-06-271-2/+2
| | | | | | This matches the order that sigalgs are specified in. ok tb@
* Add a missing space.jsing2021-05-161-2/+2
|
* Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them intoguenther2020-10-111-7/+7
| | | | | | .data.rel.ro and .rodata respectively. ok tb@ jsing@
* Strip out all of the pkey to sigalg and sigalg to pkey linkages.jsing2019-03-251-2/+1
| | | | | | These are no longer used now that we defer signature algorithm selection. ok beck@
* Defer sigalgs selection until the certificate is known.jsing2019-03-251-3/+5
| | | | | | | | | | | | | Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.
* Correct ECDSA_SECP512R1 typo to ECDSA_SECP521R1beck2019-01-231-2/+2
| | | | spotted by naddy@
* Modify sigalgs extension processing to accomodate TLS 1.3.beck2019-01-231-1/+3
| | | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@
* revert previous, accidentally contained another diff in additionbeck2019-01-231-3/+1
| | | | to the one I intended to commit
* Modify sigalgs extension processing for TLS 1.3.beck2019-01-231-1/+3
| | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
* Unbreak legacy ciphers for prior to 1.1 by setting having a legacybeck2018-11-161-1/+4
| | | | | sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@
* Add check function to verify that pkey is usable with a sigalg.beck2018-11-111-1/+2
| | | | | Include check for appropriate RSA key size when used with PSS. ok tb@
* Remove dead codebeck2018-11-101-2/+1
| | | | ok jsing@
* Stop keeping track of sigalgs by guessing it from digest and pkey,beck2018-11-101-2/+2
| | | | | | just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
* Ensure we only choose sigalgs from our prefernce list, not the whole listbeck2018-11-091-2/+2
| | | | ok jsing@
* Add the ability to have a separate priority list for sigalgs.beck2018-11-091-2/+5
| | | | | Add a priority list for tls 1.2 ok jsing@
* Add header guards and hidden declarations.jsing2018-11-091-1/+9
|
* Reimplement the sigalgs processing code into a new implementationbeck2018-11-091-0/+69
that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@