Committerjsing (1)
BranchesHEAD (1)
TagsOPENBSD_6_5_BASE (1)


OpenBSD/src 3lF1rDDlib/libssl ssl_sigalgs.c ssl_clnt.c

by jsing on ⎇🏷
   Defer sigalgs selection until the certificate is known.

   Previously the signature algorithm was selected when the TLS extension was
   parsed (or the client received a certificate request), however the actual
   certificate to be used is not known at this stage. This leads to various
   problems, including the selection of a signature algorithm that cannot be
   used with the certificate key size (as found by jeremy@ via ruby regress).

   Instead, store the signature algorithms list and only select a signature
   algorithm when we're ready to do signature generation.

   Joint work with beck@.
VersionDeltaFile
1.18+79-5lib/libssl/ssl_sigalgs.c
1.60+18-12lib/libssl/ssl_clnt.c
1.203+2-13lib/libssl/ssl_lib.c
1.44+6-9lib/libssl/ssl_tlsext.c
1.13+5-3lib/libssl/ssl_sigalgs.h
1.185+5-1lib/libssl/s3_lib.c
1.242+5-1lib/libssl/ssl_locl.h
1.66+2-2lib/libssl/ssl_srvr.c
1.14+2-2lib/libssl/tls13_client.c
+124-489 files

UnifiedSplitRaw