Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix tests of key type used for verification #337

Merged
merged 8 commits into from
Jan 15, 2019
Merged

Fix tests of key type used for verification #337

merged 8 commits into from
Jan 15, 2019

Conversation

tomato42
Copy link
Member

@tomato42 tomato42 commented Jan 10, 2019
edited
Loading

make server use client provided certificate to check if it selected correct signature algorithm, abort if it didn't

also minor clean ups of related modules

fixes #279

This change is Reviewable

@tomato42
clean up python_rsakey.py, no logic changes, add docs
d15972b
@tomato42
simple cleanup in openssl_rsakey.py
035aded
@tomato42
ignore some invalid names in keyfactory.py
4f15574
@tomato42
simple cleanup in pycrypto_rsakey.py
80377c2
@tomato42
simple fixes in python_rsakey.py
26c750c
@tomato42
add saving key type when parsing keys
159654e 
as rsa-pss keys can't be used to verify pkcs#1 signatures, we need
to keep track what type of key we have
@tomato42
fix alert for mismatched algorithms
53ccf30 
decryption_failed is a legacy alert for when the padding didn't match for
symmetric encryption, decrypt_error needs to be used when the
signature is malformed - but since we know what algorithms are valid
for the certificate provided by client, and they don't match, send
illegal_parameter

this also introduces consistent behaviour between TLS 1.3 and earlier
protocols
@tomato42 tomato42 added the bug unintented behaviour in tlslite-ng code label Jan 10, 2019
@tomato42 tomato42 added this to the v0.8.0 milestone Jan 10, 2019
@tomato42 tomato42 self-assigned this Jan 10, 2019
@tomato42 tomato42 mentioned this pull request Jan 10, 2019
Merged
7 tasks
@The-Mule
Copy link
Collaborator

Working on review.

The-Mule
The-Mule approved these changes Jan 15, 2019
View reviewed changes
Copy link
Collaborator

@The-Mule The-Mule left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r+

Reviewed 2 of 6 files at r6, 5 of 5 files at r8.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@tomato42
Copy link
Member Author

Thanks!

@tomato42 tomato42 merged commit cacf858 into master Jan 15, 2019
@tomato42 tomato42 deleted the key-type-for-verification branch January 15, 2019 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@The-Mule The-Mule The-Mule approved these changes

Assignees

@tomato42 tomato42

Labels
bug unintented behaviour in tlslite-ng code
Projects
None yet
Milestone
v0.8.0
Development

Successfully merging this pull request may close these issues.

Key type not used for signature verification
2 participants
@tomato42 @The-Mule