git.librecmc.org Git - oweals/openssl.git/commit

author	Benjamin Kaduk <bkaduk@akamai.com>
	Thu, 11 Jan 2018 19:39:30 +0000 (13:39 -0600)
committer	Benjamin Kaduk <bkaduk@akamai.com>
	Thu, 25 Jan 2018 18:05:54 +0000 (12:05 -0600)
commit	f55e99f7dd7e88d9758d2f8baf57a30a8c6e429d
tree	6bd6e0380cc9cf2e15f85804e8e11c4d719a44fa	tree \| snapshot
parent	f27f5cd4870de6e2b269e7c3715df86756d67ba3	commit \| diff

Add TLS 1.3 draft-23 PSS signature algorithms

We now have a split in the signature algorithms codepoint space for
whether the certificate's key is for rsaEncryption or a PSS-specific
key, which should let us get rid of some special-casing that we
previously needed to try to coax rsaEncryption keys into performing PSS.
(This will be done in a subsequent commit.)

Send the new PSS-with-PSS-specific key first in our list, so that
we prefer the new technology to the old one.

We need to update the expected certificate type in one test,
since the "RSA-PSS+SHA256" form now corresponds to a public key
of type rsaEncryption, so we should expect the server certificate
type to be just "RSA". If we want to get a server certificate
type of "RSA-PSS", we need to use a new signature algorithm
that cannot be represented as signature+hash, so add a test for that
as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5068)

ssl/ssl_locl.h		diff \| blob \| history
ssl/t1_lib.c		diff \| blob \| history
test/recipes/70-test_sslsigalgs.t		diff \| blob \| history
test/ssl-tests/20-cert-select.conf		diff \| blob \| history
test/ssl-tests/20-cert-select.conf.in		diff \| blob \| history