- Feb 01, 2017
-
-
Geoff Thorpe authored
Couple of updates to make this code work properly again; * use OPENSSL_assert() instead of assert() (and #include <assert.h>) * the circular-dependency-avoidance uses RAND_bytes() (not pseudo) Change-Id: Iefb5a9dd73f71fd81c1268495c54a64378955354 Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1672)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2335)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2335)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2335)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2335)
-
- Jan 31, 2017
-
-
Rich Salz authored
Also fix a block comment formatting glitch. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2327)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
Dr. Stephen Henson authored
Remove unnecessary lookup operations: use the indices and data in the lookup table directly. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
- Jan 30, 2017
-
-
Matt Caswell authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2326)
-
Matt Caswell authored
Otherwise we get a memory leak. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2326)
-
Dr. Stephen Henson authored
Use TLS_MAX_SIGALGCNT for the maximum number of entries in the signature algorithms array. Use TLS_MAX_SIGSTRING_LEN for the maxiumum length of each signature component instead of a magic number. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
For TLS 1.2 if we have no signature algorithms extension then lookup using the complete table instead of (empty) shared signature algorithms list so we pick up defaults. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Add details of the use of PSS for signature algorithms. Document SSL_get_peer_signature_nid() and SSL_get_peer_signature_type_nid(). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Since every supported signature algorithm is now an entry in the SIGALG_LOOKUP table we can replace shared signature algortihms with pointers to constant table entries. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Add additional entries in the TLS 1.2 signature table to include the name, sig and hash NID (if any) and required curve (if any). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Lookup the signature type in the shared list: we can use this to use PSS if the peer supports it for TLS 1.2. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Add function to retrieve signature type: in the case of RSA keys the signature type can be EVP_PKEY_RSA or EVP_PKEY_RSA_PSS. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Store peer signature type in s->s3->tmp.peer_sigtype and check it to see if the peer used PSS. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Extend support for PSS key signatures by using the EVP_PKEY_RSA_PSS type to distinguish them from PKCS1 signature types. Allow setting of PSS signature algorithms using the string "PSS" or "RSA-PSS". Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Matt Caswell authored
Following review feedback. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Now we're using an enum the values themselves are self explanatory Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Based on review feedback Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
The newly added SSL3_CK_CIPHERSUITE_FLAG shouldn't be in a public header file Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-