Only allow PSS signatures with RSA keys and TLS 1.3
[openssl.git] / ssl /
2017-01-31 Dr. Stephen HensonOnly allow PSS signatures with RSA keys and TLS 1.3
2017-01-31 Dr. Stephen HensonStore table entry to peer signature algorithm.
2017-01-30 Matt CaswellFree up the memory for the NewSessionTicket extensions
2017-01-30 Matt CaswellMake sure we free and cleanse the pms value in all...
2017-01-30 Dr. Stephen HensonUpdate macros.
2017-01-30 Dr. Stephen Hensonfix style issues
2017-01-30 Dr. Stephen HensonFix TLS 1.2 and no sigalgs.
2017-01-30 Dr. Stephen HensonReplace TLS_SIGALGS with SIGALG_LOOKUP
2017-01-30 Dr. Stephen HensonSupport TLS 1.3 signature scheme names.
2017-01-30 Dr. Stephen HensonExtend TLS 1.3 signature table.
2017-01-30 Dr. Stephen HensonUse shared signature algorithm list to find type.
2017-01-30 Dr. Stephen HensonAdd SSL_get_peer_signature_type_nid() function.
2017-01-30 Dr. Stephen HensonStore peer signature type.
2017-01-30 Dr. Stephen HensonMore complete PSS support.
2017-01-30 Dr. Stephen HensonUse uint16_t for signature scheme.
2017-01-30 Dr. Stephen Hensonuse RSA_PSS_SALTLEN_DIGEST constant
2017-01-30 Matt CaswellExpand comment in tls_process_hello_req()
2017-01-30 Matt CaswellAdd a TODO around validating the ticket age
2017-01-30 Matt CaswellVarious style fixes following review feedback
2017-01-30 Matt CaswellRemove unneccessary comments
2017-01-30 Matt CaswellUse for loop in WPACKET_fill_lengths instead of do...
2017-01-30 Matt CaswellMove the SSL3_CK_CIPHERSUITE_FLAG out of public header
2017-01-30 Matt CaswellIf we have no suitable PSK kex modes then don't attempt...
2017-01-30 Matt CaswellFix <= TLS1.2 break
2017-01-30 Matt CaswellMake calls to SSL_renegotiate() error out for TLSv1.3
2017-01-30 Matt CaswellMake the "ticket" function return codes clearer
2017-01-30 Matt CaswellMiscellaneous style tweaks based on feedback received
2017-01-30 Matt CaswellEnsure the al variable is properly ininitialised in...
2017-01-30 Matt CaswellEnsure the age_add variable is properly initialised
2017-01-30 Matt CaswellAlways ensure that session->cipher is set
2017-01-30 Matt CaswellTweak a comment
2017-01-30 Matt CaswellUse the correct session resumption mechanism
2017-01-30 Matt CaswellMove session version consistency check
2017-01-30 Matt CaswellSet the kex modes on the client too.
2017-01-30 Matt CaswellImplement server side of PSK extension construction
2017-01-30 Matt CaswellImplement Server side of PSK extension parsing
2017-01-30 Matt CaswellMake sure we also cleanse the finished key
2017-01-30 Matt CaswellProvide a key_share extension finaliser
2017-01-30 Matt CaswellAdd support for client side parsing of the PSK extension
2017-01-30 Matt CaswellAdd support for the age_add field
2017-01-30 Matt CaswellConstruct the client side psk extension for TLSv1.3
2017-01-30 Matt CaswellProvide a new WPACKET function for filling in all the...
2017-01-30 Matt CaswellNever send a session id in TLS1.3
2017-01-30 Matt CaswellAdd a TODO around handling of SSL_get_session() and...
2017-01-30 Matt CaswellProcess incoming NewSessionTicket messages on the clien...
2017-01-30 Matt CaswellCreate the NewSessionTicket message in TLSv1.3
2017-01-30 Matt CaswellAdd support for the psk_key_exchange_modes extension
2017-01-30 Matt CaswellMove TLSv1.3 Session Ticket processing into the state...
2017-01-30 Matt CaswellDisable requests for renegotiation in TLSv1.3
2017-01-30 Matt CaswellMove state machine knowledge out of the record layer
2017-01-30 Matt CaswellRemove use of the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS...
2017-01-30 Matt CaswellChangeCipherSpec is not allowed in TLSv1.3
2017-01-28 Richard LevitteCorrect pointer to be freed
2017-01-26 Dr. Stephen HensonUse correct signature algorithm list when sending or...
2017-01-26 Richard LevitteBetter check of DH parameters in TLS data
2017-01-25 Cory BenfieldLimit the length of the encrypted premaster key.
2017-01-25 Matt CaswellFix memory leaks in the Certificate extensions code
2017-01-25 FdaSilvaYYFix a few double ;
2017-01-25 FdaSilvaYYTypo, fix a comment
2017-01-25 FdaSilvaYYFix a few misspellings.
2017-01-24 Todd ShortCleanup EVP_CIPH/EP_CTRL duplicate defines
2017-01-24 Benjamin KadukDo not overallocate for tmp.ciphers_raw
2017-01-24 Matt CaswellFix SSL_get0_raw_cipherlist()
2017-01-24 Bernd EdlingerFix a ssl session leak due to OOM in lh_SSL_SESSION_insert
2017-01-23 Andy PolyakovReplace div-spoiler hack with simpler code
2017-01-23 Cory BenfieldAdd support for key logging callbacks.
2017-01-23 Matt CaswellStop server from expecting Certificate message when...
2017-01-23 Matt CaswellStop client from sending Certificate message when not...
2017-01-23 Matt CaswellFix SSL_VERIFY_CLIENT_ONCE
2017-01-23 Bernd Edlingerfix a memory leak in ssl3_generate_key_block fix the...
2017-01-18 Rich SalzIf client doesn't send curves list, don't assume all.
2017-01-11 Matt CaswellFix compilation with no-nextprotoneg
2017-01-10 Matt CaswellFix no-ec following sigalgs refactor
2017-01-10 Matt CaswellFix tls1_set_sigalgs() length calculation
2017-01-10 Matt CaswellAdd some missing sigalgs
2017-01-10 Matt CaswellFix an uninit read picked up by Travis
2017-01-10 Matt CaswellFix a Travis failure
2017-01-10 Matt CaswellTeach SSL_trace about the new sigalgs
2017-01-10 Matt CaswellExtend PSS signature support to TLSv1.2
2017-01-10 Matt CaswellAlways use TLSv1.0 for record layer version in TLSv1.3
2017-01-10 Matt CaswellAdd a TLS1.3 TODO for setting of sig algs
2017-01-10 Matt CaswellIgnore PKCS1 based sig algs in TLSv1.3
2017-01-10 Matt CaswellVerify that the sig algs extension has been sent for...
2017-01-10 Matt CaswellFix client application traffic secret
2017-01-10 Matt CaswellTemporarily ignore NewSessionTickets for TLS1.3
2017-01-10 Matt CaswellUse the correct size for TLSv1.3 finished keys
2017-01-10 Matt CaswellEnsure the record sequence number gets incremented
2017-01-10 Matt CaswellRemove some unneeded functions
2017-01-10 Matt CaswellUse NIDs instead of the old TLSv1.2 sigalgs hash and...
2017-01-10 Matt CaswellRemove a redundant function
2017-01-10 Matt CaswellConvert Sigalgs processing to use ints
2017-01-10 Matt CaswellSign CertificateVerify messages using PSS padding
2017-01-10 Matt CaswellMake CertificateVerify TLS1.3 aware
2017-01-10 Matt CaswellMove Certificate Verify construction and processing...
2017-01-10 Matt CaswellAdd a TODO(TLS1.3) around certificate selection
2017-01-10 Matt CaswellMark a HelloRequest record as read if we ignore it
2017-01-10 Rich SalzReview comments
2017-01-10 Rich SalzUse typedefs for PSK, NPN, ALPN callback functions
2017-01-10 Rich SalzMove extension data into sub-structs
2017-01-06 Matt CaswellFix various style issues following feedback
next