diff options
| author | Alex Bozarth <ajbozart@us.ibm.com> | 2023-11-20 15:20:31 -0600 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2024-03-29 21:54:38 +0100 |
| commit | 4169d58c855718d90424fd5da632cf2f2b46e691 (patch) | |
| tree | 3fded719cba8248b5f3011e9c65a9762cf6da649 /ssl/s3_lib.c | |
| parent | 397051a40db2d68433b842e7505e8cf3c9effb36 (diff) | |
Allow provider sigalgs in SignatureAlgorithms conf
Though support for provider-based signature algorithms was added in
ee58915 this functionality did not work with the SignatureAlgorithms
configuration command. If SignatureAlgorithms is set then the provider
sigalgs are not used and instead it used the default value.
This PR adds a check against the provider-base sigalg list when parsing
the SignatureAlgorithms value.
Based-on-patch-by: Martin Schmatz <mrt@zurich.ibm.com>
Fixes #22761
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22779)
Diffstat (limited to 'ssl/s3_lib.c')
| -rw-r--r-- | ssl/s3_lib.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d1497b115b..3604d282e8 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3685,13 +3685,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return tls1_set_sigalgs(sc->cert, parg, larg, 0); case SSL_CTRL_SET_SIGALGS_LIST: - return tls1_set_sigalgs_list(sc->cert, parg, 0); + return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0); case SSL_CTRL_SET_CLIENT_SIGALGS: return tls1_set_sigalgs(sc->cert, parg, larg, 1); case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: - return tls1_set_sigalgs_list(sc->cert, parg, 1); + return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1); case SSL_CTRL_GET_CLIENT_CERT_TYPES: { @@ -3968,13 +3968,13 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_sigalgs(ctx->cert, parg, larg, 0); case SSL_CTRL_SET_SIGALGS_LIST: - return tls1_set_sigalgs_list(ctx->cert, parg, 0); + return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0); case SSL_CTRL_SET_CLIENT_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 1); case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: - return tls1_set_sigalgs_list(ctx->cert, parg, 1); + return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1); case SSL_CTRL_SET_CLIENT_CERT_TYPES: return ssl3_set_req_cert_type(ctx->cert, parg, larg); |