- Feb 01, 2017
-
-
Richard Levitte authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2335)
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Jan 31, 2017
-
-
Rich Salz authored
Also fix a block comment formatting glitch. Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2327)
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Remove unnecessary lookup operations: use the indices and data in the lookup table directly. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Jan 30, 2017
-
-
Matt Caswell authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2326)
-
Matt Caswell authored
Otherwise we get a memory leak. Reviewed-by:
-
Dr. Stephen Henson authored
Use TLS_MAX_SIGALGCNT for the maximum number of entries in the signature algorithms array. Use TLS_MAX_SIGSTRING_LEN for the maxiumum length of each signature component instead of a magic number. Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
For TLS 1.2 if we have no signature algorithms extension then lookup using the complete table instead of (empty) shared signature algorithms list so we pick up defaults. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add details of the use of PSS for signature algorithms. Document SSL_get_peer_signature_nid() and SSL_get_peer_signature_type_nid(). Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Since every supported signature algorithm is now an entry in the SIGALG_LOOKUP table we can replace shared signature algortihms with pointers to constant table entries. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add additional entries in the TLS 1.2 signature table to include the name, sig and hash NID (if any) and required curve (if any). Reviewed-by:
-
Dr. Stephen Henson authored
Lookup the signature type in the shared list: we can use this to use PSS if the peer supports it for TLS 1.2. Reviewed-by:
-
Dr. Stephen Henson authored
Add function to retrieve signature type: in the case of RSA keys the signature type can be EVP_PKEY_RSA or EVP_PKEY_RSA_PSS. Reviewed-by:
-
Dr. Stephen Henson authored
Store peer signature type in s->s3->tmp.peer_sigtype and check it to see if the peer used PSS. Reviewed-by:
-
Dr. Stephen Henson authored
Extend support for PSS key signatures by using the EVP_PKEY_RSA_PSS type to distinguish them from PKCS1 signature types. Allow setting of PSS signature algorithms using the string "PSS" or "RSA-PSS". Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Matt Caswell authored
Following review feedback. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Now we're using an enum the values themselves are self explanatory Reviewed-by:
-
Matt Caswell authored
Based on review feedback Reviewed-by:
-
Matt Caswell authored
The newly added SSL3_CK_CIPHERSUITE_FLAG shouldn't be in a public header file Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
